7.7 CVE-2022-38012
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

2022-09-29 21:13:00

7.2 CVE-2022-40048
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload...

2022-09-29 19:43:00

7.8 CVE-2022-1270
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.

2022-09-29 19:34:00

6.1 CVE-2022-3193
An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine....

2022-09-29 19:24:00

9.8 CVE-2022-40929
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.

2022-09-29 19:21:00

3.3 CVE-2022-38934
readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF...

2022-09-29 19:16:00

5.4 CVE-2021-41434
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System...

2022-09-29 19:11:00

9.6 CVE-2022-40083
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler...

2022-09-29 19:04:00

7.5 CVE-2022-40082
Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function.

2022-09-29 18:49:00

8.2 CVE-2022-39258
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft...

2022-09-29 18:29:00

7.8 CVE-2019-12937
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation...

2022-09-29 17:55:00

7.8 CVE-2019-13046
linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH handling in setuid applications....

2022-09-29 17:55:00

What is the Sherlock® KB project?

First of all KB for "Knowledge Base". The company ProHacktive is making its database of known vulnerabilities to date available for free. This database combines Nist's CVE database (https://nvd.nist.gov/), the CWE database (https://cwe.mitre.org/) and the CAPEC database (https://capec.mitre.org/).

For what purpose?

ProHacktive's promise is the democratization of the Cybersecurity Audit. For this, it seemed relevant to us to offer our "Knowledge Base" in different languages. Associated with this multilingual database, a clear and concise interface allows you to consult all the CVE ("Common Vulnerabilities and Exposures") present on your network. The Sherlock® service database is updated every hour from the various sources enriching our Sherlock® KB and immediately tested on the devices concerned by the new vulnerability.

Search for vulnerabilities

We also offer a simple search module in the description of each CVE. For the more curious, an advanced search allows you to point precisely to an application, an OS or a hardware. This advanced search is based on the mechanics used in our solution Sherlock®: the permanent Cybersecurity audit accessible financially and technically to all.

Developments?

We will add new languages regularly. A monitoring module will be implemented: you will be able to monitor an application, an OS or a hardware to be alerted of new vulnerabilities concerning it. Subscribe to our mailing list to be alerted when this feature is released (available on search results).