Lucene search
K
CveMost viewed

368391 matches found

CVE
CVE
added 2024/02/21 12:0 a.m.6629 views

CVE-2024-22220

CVE-2024-22220 affects Terminalfour and Formbank: unauthenticated stored cross-site scripting can lead to admin session hijacking via the Form Builder and Form Preview. Affected: Terminalfour 7.4–7.4.0004 QP3, Terminalfour 8–8.3.19, and Formbank up to 2.1.10-FINAL. Root cause is XSS in form-relat...

6.3CVSS6AI score0.00369EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/21 6:41 a.m.6620 views

CVE-2023-42839

CVE-2023-42839 pertains to an Apple-wide issue fixed by improved state management. Affected products/environments include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. The vulnerability potentially allowed an app to access sensitive user data. Remediation is OS updates to...

6.2CVSS7AI score0.00197EPSS
Exploits0References7Affected Software5
CVE
CVE
added 2024/02/21 6:41 a.m.6610 views

CVE-2023-42878

CVE-2023-42878 is a privacy issue affecting Apple platforms (watchOS, macOS, iOS, iPadOS). The root problem is insufficient private data redaction in log entries, enabling an app to access sensitive user data. It is fixed in watchOS 10.1, macOS Sonoma 14.1, and iOS 17.1 / iPadOS 17.1. No exploita...

5.5CVSS7AI score0.00187EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2024/02/28 8:13 a.m.6601 views

CVE-2021-46979

CVE-2021-46979 : Linux kernel iio subsystem vulnerability where ioctl handlers were removed twice (during iio_device_unregister() and then inside iio_device_unregister_eventset()/iio_buffers_free_sysfs_and_mask()). This double removal could cause a double free leading to kernel panic. The issue i...

5.5CVSS6.7AI score0.00222EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/11/15 3:32 p.m.6583 views

CVE-2022-20814

CVE-2022-20814 affects Cisco Expressway-C and Cisco TelePresence VCS. The root cause is improper validation of the SSL server certificate during connections to a Cisco Unified Communications Manager device, enabling a man-in-the-middle that could intercept traffic, view it in clear text, or modif...

7.4CVSS7.5AI score0.00897EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/05/06 7:21 p.m.6573 views

CVE-2024-33599

CVE-2024-33599 affects the GNU C Library (glibc) with a stack-based overflow in the netgroup cache used by nscd when the fixed-size cache is overwhelmed by client requests. The flaw was introduced in glibc 2.15 and is present only in the nscd binary; exploitation can impact confidentiality, integ...

8.1CVSS8.4AI score0.0131EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/18 4:4 a.m.6572 views

CVE-2023-52374

CVE-2023-52374 is tied to Huawei HarmonyOS and EMUI, involving a privilege-control vulnerability in the package management module. The CNVD/CNNVD entries describe an access control flaw that could allow an attacker to compromise confidentiality within the package management subsystem. No explicit...

7.5CVSS6.8AI score0.00319EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/20 1:21 p.m.6546 views

CVE-2024-1546

Mozilla Firefox and Thunderbird are affected by CVE-2024-1546 (out-of-bounds memory read due to potential buffer length confusion when storing/re-accessing data over a network channel). Affected products and versions per provided documents: Firefox <= 122? (reported as Firefox < 123) and Fi...

7.5CVSS7.5AI score0.00712EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2024/02/28 12:0 a.m.6538 views

CVE-2024-26450

CVE-2024-26450 affects Piwigo versions prior to 14.2.0. The vulnerability chains a Cross-Site Request Forgery to trigger a Stored XSS payload in an Admin dashboard, enabling remote JavaScript execution and the upload of a PHP file under an administrator profile, which can be used to connect back ...

5.4CVSS6.2AI score0.00187EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/20 1:21 p.m.6538 views

CVE-2024-1555

CVE-2024-1555 affects Mozilla Firefox prior to version 123 and is triggered when opening a website via the firefox:// protocol handler, where SameSite cookies are not properly respected. The connected advisories corroborate the issue across Firefox and related components, with public disclosures ...

8.3CVSS5.8AI score0.00478EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 1:21 p.m.6526 views

CVE-2024-1548

CVE-2024-1548 describes a spoofing risk where a fullscreen notification could be obscured by a dropdown select input, potentially confusing users. Affected: Firefox <123, Firefox ESR <115.8, Thunderbird

4.3CVSS7.2AI score0.00937EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2024/02/22 2:56 p.m.6522 views

CVE-2024-26281

CVE-2024-26281 concerns Firefox for iOS. In the provided docs, scanning a JavaScript URI with the QR code scanner could allow an attacker to execute unauthorized scripts in the current top-origin, via a cross-site scripting issue. Affected product: Firefox for iOS before version 123. Root cause: ...

4.7CVSS6.2AI score0.00313EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/03/11 4:35 p.m.6518 views

CVE-2024-0039

CVE-2024-0039 affects Android Bluetooth stack with an out-of-bounds write in attp_build_value_cmd of att_protocol.cc, enabling remote code execution over the network without user interaction. The issue stems from a missing bounds check and is present in att_protocol.cc as described across multipl...

9.8CVSS7.7AI score0.01512EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/04/25 6:27 a.m.6511 views

CVE-2023-6237

The CVE-2023-6237 entry concerns OpenSSL EVP_PKEY_public_check() performing an expensive verification on RSA public keys. The issue causes long delays (potential DoS) when keys of untrusted provenance are checked, notably when using the OpenSSL pkey tool with -pubin/-check. The impact is describe...

5.9CVSS6.3AI score0.02303EPSS
Exploits0References10
CVE
CVE
added 2024/09/09 6:22 p.m.6496 views

CVE-2024-37010

CVE-2024-37010 is an OwnCloud external-storage IDOR vulnerability where an authenticated user can modify another user’s external storage configuration without proper rights verification. The exploit description demonstrates that updating the target's external storage can change the storage’s name...

Exploits1
CVE
CVE
added 2024/02/18 2:57 a.m.6493 views

CVE-2023-52358

CVE-2023-52358 concerns a configuration flaw in Huawei HarmonyOS/EMUI audio module APIs that can be exploited to cause a denial of service, impacting availability. The vulnerability is tied to the audio subsystem in HarmonyOS and EMUI, with the root cause described as a configuration defect in th...

6.2CVSS6.7AI score0.00126EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/27 6:47 p.m.6492 views

CVE-2021-46963

CVE-2021-46963 affects the Linux kernel SCSI qla2xxx driver, where a crash occurred due to an incorrect free of the srb in qla2xxx_mqueuecommand(); srb is now allocated by upper layers. The fix resolves the crash (impact: HIGH availability) by correcting the free path. The cited advisories (SUSE/...

5.5CVSS6.3AI score0.00236EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2007/05/09 5:0 p.m.6492 views

CVE-2007-0609

CVE-2007-0609 affects Advanced Guestbook 2.4.2, where a directory-traversal flaw allows an unauthenticated remote attacker to bypass .htaccess and cause local PHP code execution or template reads by submitting a crafted lang cookie value (dot-dot) and a filename without a .php extension in index....

5.1CVSS7.1AI score0.07506EPSS
Exploits2References9Affected Software1
CVE
CVE
added 2024/05/01 5:17 a.m.6487 views

CVE-2024-26939

Summary (CVE-2024-26939) : In the Linux kernel, the DRM i915 driver’s VMA handling suffers a Use-After-Free when destroying a VMA during retirement race, leading to spurious frees of an active i915 VMA object. The root cause is a race between __active_retire() and i915_vma_destroy()/parked paths,...

7CVSS6.5AI score0.00239EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/04/13 11:17 a.m.6483 views

CVE-2024-26817

CVE-2024-26817 affects the Linux kernel amdkfd component. The vulnerability arises from using kzalloc with a multiplication that can overflow; the fix replaces kzalloc with calloc to avoid integer overflow. Descriptions in connected Nessus advisories (Unity Linux UTSA advisories) reiterate the sa...

5.5CVSS6.2AI score0.00754EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/02/27 6:46 p.m.6480 views

CVE-2021-46960

CVE-2021-46960 is a Linux kernel issue affecting CIFS, where an incorrect error code from smb2_get_enc_key could trigger warnings when errors propagate back through CIFS code paths. The description in the provided documents shows the root cause as the CIFS module returning the wrong error and a w...

5.5CVSS6.5AI score0.00191EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/09/26 6:46 p.m.6478 views

CVE-2024-8118

Grafana vulnerability CVE-2024-8118: The alert rule write API endpoint uses incorrect permissions, allowing users who can write external alert instances to also write alert rules. This is the same issue described in BIT-GRAFANA-2024-8118 and OSV entries, which confirm the description but do not p...

5.1CVSS6.5AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 1:21 p.m.6467 views

CVE-2024-1556

The CVE-2024-1556 issue affects Mozilla Firefox versions earlier than 123. Root cause: an incorrect NULL check in the built-in profiler, which can lead to invalid memory access and undefined behavior when the profiler is active. Impact: memory safety risk and potential crashes; exploitation is co...

6.5CVSS5.8AI score0.00474EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2008/04/30 1:0 a.m.6465 views

CVE-2008-2018

CVE-2008-2018 affects PHPizabi 0.848b C1 HFP3. The AssignUser function in template.class.php performs unsafe macro expansions on strings delimited by { and }, enabling remote authenticated users to extract sensitive data via a macro in a comment (e.g., {user.password}) on an admin profile. The is...

4CVSS5.8AI score0.02156EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/27 6:47 p.m.6440 views

CVE-2021-46961

CVE-2021-46961 involves the Linux kernel where handling of spurious interrupts in the GICv3 IRQ path could trigger a nested NMI and a BUG_ON(in_nmi()), causing a kernel panic. The root cause is enabling IRQs while processing spurious interrups; a rewrite of the commit moved spurious interrupt han...

5.5CVSS6.2AI score0.00235EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.6425 views

CVE-2021-29038

CVE-2021-29038 affects Liferay Portal 7.2.0–7.3.5 and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, and 7.2 before fix pack 17. The issue: password reminder answers are not obfuscated on the page, enabling attackers to perform MITM or shoulder-surfing attacks to steal those a...

6.3CVSS6.8AI score0.00284EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/02/28 8:13 a.m.6413 views

CVE-2021-46990

CVE-2021-46990 affects powerpc/64s in the Linux kernel. The vulnerability arises from runtime patching of entry flush mitigations via a debugfs entry (entry_flush), which can be unsafe when CPUs are active, potentially causing a crash due to an LR restore issue. The fixed vulnerability patches ar...

5.5CVSS6.3AI score0.00231EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/20 1:21 p.m.6410 views

CVE-2024-1549

Summary (CVE-2024-1549) : The issue is a UI overlap flaw where a website setting a large custom cursor could cause parts of the cursor to overlap the permission dialog, risking user confusion and accidental permission grants. Affected products include Mozilla Firefox (up to version < 123) and ...

6.1CVSS7.4AI score0.00525EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2002/03/09 5:0 a.m.6409 views

CVE-2001-0554

CVE-2001-0554 affects netkit-telnetd (Telnet daemon) on BSD-based systems, via a buffer overflow in in.telnetd/telrcv handling (triggered by certain Telnet options such as AYT). OpenVAS entries describe a remote attacker potentially causing denial of service or gaining remote code execution; at l...

10CVSS7.4AI score0.37896EPSS
Exploits1References25Affected Software4
CVE
CVE
added 2024/02/27 6:46 p.m.6408 views

CVE-2021-46955

CVE-2021-46955 affects the Linux kernel in combination with Open vSwitch. The issue arises in IPv4 packet fragmentation within ovs_fragment(), where a temporary dst_entry is misused as an rtable pointer during the ip_do_fragment() -> ip_skb_dst_mtu() -> ip_dst_mtu_maybe_forward() -> ip_m...

7.1CVSS6.1AI score0.00254EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/27 6:47 p.m.6404 views

CVE-2021-46962

CVE-2021-46962 : Linux kernel mmc: uniphier-sd driver fix for resource leak in remove path. A missing tmio_mmc_host_free() balanced a prior tmio_mmc_host_alloc() in probe, creating a leak in the error path during removal. The fix adds the missing tmio_mmc_host_free() call in the remove function t...

5.5CVSS6.4AI score0.00228EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/05/06 7:22 p.m.6397 views

CVE-2024-33600

CVE-2024-33600 is an in-nscd (Name Service Cache Daemon) null pointer dereference caused by a failure to cache a not-found netgroup response. It affects the nscd binary and was introduced with glibc’s cache feature (glbic 2.15+). Exploitation depends on remote input, but the provided sources do n...

5.9CVSS7AI score0.01216EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/27 6:47 p.m.6390 views

CVE-2021-46966

CVE-2021-46966 affects the Linux kernel: a use-after-free vulnerability in ACPI custom_method code where cm_write() could access a freed buf if count

7.8CVSS6.5AI score0.0023EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/07/16 11:44 a.m.6379 views

CVE-2022-48817

CVE-2022-48817 is a Linux kernel issue affecting the ar9331 MDIO switch under the DSA subsystem. The root cause is that mdiobus registration was done under devres and could be freed by devm_mdiobus_free() via device core shutdown, leading to a panic if the bus was still registered. The advisory e...

5.5CVSS6.7AI score0.00268EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/27 6:47 p.m.6377 views

CVE-2021-46967

CVE-2021-46967 affects the Linux kernel vhost-vdpa virtqueue doorbell mapping. The issue stems from not setting necessary vm_flags (e.g., VM_PFNMAP) when mapping the doorbell, which could cause a kernel panic if userspace maps the doorbell via IOTLB. The connected Nessus/NASL entry confirms a pat...

5.5CVSS6.5AI score0.00222EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.6375 views

CVE-2024-26465

CVE-2024-26465 concerns a DOM-based cross-site scripting (XSS) in the component/beep/Beep.Instrument.js of the Stewdio Beep.js project, prior to commit ef22ad7. The issue allows an attacker to execute arbitrary JavaScript by sending a crafted URL. The vulnerability is described across multiple so...

6.1CVSS6AI score0.00425EPSS
Exploits0References1
CVE
CVE
added 2024/02/18 2:54 a.m.6372 views

CVE-2023-52097

CVE-2023-52097 is linked to Huawei EMUI and Huawei HarmonyOS. The connected CNVD entry describes a vulnerability that allows bypassing the foreground service restriction, with impact to system confidentiality. The CVE entry itself notes a foreground-service–restrictions bypass in the NMS module a...

7.5CVSS6.7AI score0.0034EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/16 7:33 p.m.6367 views

CVE-2024-0017

CVE-2024-0017 involves a permissions bypass in the shouldUseNoOpLocation function of CameraActivity.java, creating a possible confused deputy and leading to local information disclosure without requiring additional execution privileges. Exploitation requires user interaction. The vulnerability is...

5.5CVSS6.1AI score0.00105EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.6364 views

CVE-2023-40124

CVE-2023-40124 involves a local information disclosure (cross-user read) due to a confused deputy. Public docs from NVD/Red Hat/OSV describe impact as local, with no execution privileges required and no user interaction needed. Android security bulletin entries for 2023-11-01/05 group this under ...

5.5CVSS6AI score0.00089EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.6357 views

CVE-2024-0030

CVE-2024-0030 affects the Android Bluetooth stack: the out-of-bounds read arises in btif_to_bta_response within btif_gatt_util.cc due to an incorrect bounds check. This can cause local information disclosure without extra privileges. User interaction is not required. Exploitation details (vectors...

5.5CVSS6AI score0.00385EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.6350 views

CVE-2023-52644

CVE-2023-52644 relates to a Linux kernel WiFi component (b43) where the QoS-disabled path could map the IEEE 802.11 queue incorrectly due to a single-queue scenario. The root cause is that when QoS is off, the code may attempt to stop/wake a non-existent queue or fail to stop/wake the actual queu...

6.3CVSS5.8AI score0.00232EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/02/15 5:3 a.m.6342 views

CVE-2022-23088

CVE-2022-23088 affects FreeBSD’s net80211 802.11 beacon handling. The issue is a heap-buffer overflow caused by not validating the length of the IEEE 802.11s Mesh ID before copying it to a heap buffer, which can allow remote code execution when a FreeBSD Wi‑Fi client is in scanning mode and proce...

9.8CVSS9.6AI score0.0362EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/20 12:52 p.m.6330 views

CVE-2023-52433

CVE-2023-52433 refers to a Linux kernel issue in netfilter nft_set_rbtree where new elements within a single transaction may expire before the transaction ends. To avoid a commit path walking over an already released object, the code skips sync garbage collection (GC) for those elements during th...

4.4CVSS5.7AI score0.00265EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.6321 views

CVE-2024-25399

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. The underlying issue is inadequate input sanitization in the adminer.php script, enabling injection of malicious scripts that could be rendered in pages viewed by other users. No exploitation details are provided in th...

6.1CVSS5.9AI score0.00345EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/03/06 6:45 a.m.6317 views

CVE-2023-52587

CVE-2023-52587 (Linux kernel) affects IB/ipoib multicast locking. The issue arose when priv->lock was released while iterating priv->multicast_list in ipoib_mcast_join_task(), creating a window for ipoib_mcast_dev_flush() to remove items mid-iteration. If a mcast item is removed after the l...

5.5CVSS6.2AI score0.00312EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2024/02/19 12:0 a.m.6315 views

CVE-2024-26328

CVE-2024-26328 details (Mode C) : Affects QEMU 7.1.0–8.2.1. In hw/pci/pcie_sriov.c, register_vfs fails to set NumVFs to PCI_SRIOV_TOTAL_VF, which causes improper interaction with hw/nvme/ctrl.c. The result is mishandling of SR-IOV virtual functions and related NVMe interactions, per the advisory ...

6CVSS5.7AI score0.0029EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/03 12:0 a.m.6306 views

CVE-2024-34447

CVE-2024-34447 is tied to the Bouncy Castle Crypto Package for Java. IBM’s security bulletin details an issue where, when endpoint identification is enabled in BCJSSE and an SSL socket is created without an explicit hostname (as with HttpsURLConnection), hostname verification could be performed a...

7.5CVSS6.1AI score0.0077EPSS
Exploits0References3
CVE
CVE
added 2024/02/16 6:33 p.m.6301 views

CVE-2023-40085

CVE-2023-40085 involves a missing bounds check in ShimConverter.cpp, in the function convertSubgraphFromHAL , which can trigger a possible out-of-bounds read. This leads to local information disclosure with no additional execution privileges required and no user interaction. The connected documen...

5.5CVSS6AI score0.00089EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.6297 views

CVE-2024-26861

CVE-2024-26861 affects the Linux kernel wireguard receive path, where a data race around keypair->receiving_counter.counter was identified (READ_ONCE/WRITE_ONCE annotations used to mark the race as intentional). The race occurs between wg_packet_decrypt_worker and wg_packet_rx_poll, potentiall...

4.7CVSS6.3AI score0.00177EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/27 6:46 p.m.6284 views

CVE-2021-46956

CVE-2021-46956 : In the Linux kernel, a memory leak in virtiofs was fixed. When the same tag was passed twice to qemu, virtio_fs_probe() leaked kmemleak-tracked memory, evidenced by a log line like “virtiofs: probe of virtio5 failed with error -17.” The issue is located in the virtiofs subsystem ...

5.5CVSS6.4AI score0.00232EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities5000