Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (624 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45607 1 Secreto31126 1 Whatsapp-api-js 2024-09-19 5.8 Medium
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3.
CVE-2024-23456 1 Zscaler 1 Client Connector 2024-08-07 7.8 High
Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.
CVE-2023-28806 1 Zscaler 1 Client Connector 2024-08-07 5.7 Medium
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
CVE-2024-23460 1 Zscaler 1 Client Connector 2024-08-07 6.4 Medium
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.