Lucene search
K
CveMost viewed

368498 matches found

CVE
CVE
added 2023/04/18 7:54 p.m.520 views

CVE-2023-21982

CVE-2023-21982 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions include 8.0.32 and earlier. The vulnerability enables a high-privilege attacker with network access via multiple protocols to cause the server to hang or crash (DoS). Several connected sources corroborate...

4.9CVSS5.2AI score0.01128EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/23 12:0 a.m.520 views

CVE-2023-1289

CVE-2023-1289 affects ImageMagick: a specially crafted SVG can trigger self-loading and a segmentation fault, enabling a denial-of-service via massive /tmp trash files. Impact: remote but requires a crafted SVG; local/remote access specifics are not detailed beyond the described attack. In practi...

5.5CVSS5.5AI score0.00865EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/04/14 8:5 p.m.520 views

CVE-2022-1304

CVE-2022-1304 affects e2fsprogs 1.46.5 and is described as an out-of-bounds read/write vulnerability that can cause a segmentation fault and potentially allow arbitrary code execution via a crafted filesystem. Connected advisories corroborate this vulnerability class and reference platforms (e.g....

7.8CVSS7.9AI score0.01382EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/03/21 4:39 a.m.520 views

CVE-2021-28957

CVE-2021-28957 affects python-lxml’s Cleaner in the clean module, where disabling safe_attrs_only and forms allows the formaction attribute to bypass sanitization, enabling remote XSS. Versions before 4.6.3 are vulnerable; fixed in lxml 4.6.3. Affected: python-lxml; Issue caused by missing input ...

6.1CVSS6.5AI score0.04002EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2020/08/26 4:16 p.m.520 views

CVE-2020-3440

CVE-2020-3440 affects Cisco Webex Meetings Desktop App for Windows. The root cause is improper validation of URL parameters sent from a website, enabling an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. Exploitation involves convincing a user to click a craf...

6.5CVSS6.6AI score0.0262EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/06 12:0 a.m.520 views

CVE-2019-14847

CVE-2019-14847 affects Samba; versions 4.0.0 to before 4.9.15 and 4.10.x up to before 4.10.10 are vulnerable. An attacker can crash the AD DC LDAP server via dirsync, causing denial of service. Privilege escalation is not possible. Remediation: upgrade to Samba 4.9.15 or 4.10.10 (or later) as ind...

4.9CVSS5.9AI score0.02355EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2019/10/18 8:7 p.m.520 views

CVE-2019-18197

CVE-2019-18197 affects libxslt 1.1.33: in xsltCopyText (transform.c) a pointer variable isn’t reset under certain circumstances, and if the memory area freed and reused in a specific way, a bounds check could fail and memory outside a buffer could be written to or uninitialized data disclosed. Mu...

7.5CVSS7.6AI score0.04446EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2019/05/17 3:25 p.m.520 views

CVE-2019-5953

CVE-2019-5953 describes a buffer overflow in GNU Wget (affected versions 1.20.1 and earlier) that could allow a remote attacker to cause a DoS or potentially execute arbitrary code via unspecified vectors. Public sources in connected documents point to a heap-based/buffer overflow in wget’s input...

9.8CVSS9.7AI score0.05141EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2018/06/18 2:0 p.m.520 views

CVE-2018-1060

CVE-2018-1060 affects Python’s pop3lib.apop() with catastrophic backtracking, enabling a denial of service. Affected versions identified in the initial entry include Python 2.7.15 and 3.4.9/3.5.6rc1/3.6.5rc1/3.7.0. Connected documents (Red Hat, Debian, Amazon Linux advisories) confirm this vulner...

7.5CVSS7.4AI score0.05103EPSS
Exploits1References22Affected Software1
CVE
CVE
added 2018/04/10 10:0 p.m.520 views

CVE-2018-9995

CVE-2018-9995 affects TBK DVR4104/DVR4216 and re-branded variants (Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, MDVR Login). Root cause: authentication bypass via a crafted Cookie: uid=admin header, demonstrated by device.rsp?opt=user&cmd=list returning creden...

9.8CVSS9.3AI score0.83151EPSS
In wildExploits13References4Affected Software1
CVE
CVE
added 2016/09/02 2:0 p.m.520 views

CVE-2016-5636

CVE-2016-5636 describes an integer overflow/heap-based buffer overflow in Python’s zipimporter (zipimport.c get_data). It affects CPython before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2, exploitable via a negative data size value in a crafted zip file loaded during import. The connected d...

10CVSS8.2AI score0.2548EPSS
Exploits1References15Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.519 views

CVE-2022-22764

CVE-2022-22764 is a set of memory-safety bugs in Mozilla Firefox (affecting Firefox < 97 and Firefox ESR < 91.6) and related Thunderbird components (Thunderbird

8.8CVSS9.5AI score0.00702EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2020/11/28 12:0 a.m.519 views

CVE-2020-27218

CVE-2020-27218 affects Eclipse Jetty 9.4.x (9.4.0.RC0–9.4.34.v20201102), 10.x (10.0.0.alpha0–beta2), and 11.x (11.0.0.alpha0–beta2). When GZIP request body inflation is enabled and requests from different clients are multiplexed on one connection, an attacker who can send a body that is received ...

5.8CVSS5.1AI score0.08113EPSS
Exploits0References117Affected Software1
CVE
CVE
added 2019/04/10 7:38 p.m.519 views

CVE-2019-11068

CVE-2019-11068 affects libxslt up to 1.1.33. The vulnerability arises because xsltCheckRead/xsltCheckWrite can permit access even after a -1 error, enabling protection bypass. According to the linked advisories, this vulnerability has a CVSSv3 base score of 9.8 (NETWORK, LOW attack complexity, NO...

9.8CVSS9.4AI score0.0523EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.519 views

CVE-2017-1000253

CVE-2017-1000253 is a Linux kernel PIE stack buffer corruption vulnerability in load_elf_binary() that can allow local privilege escalation when PIE is used and memory mapping overlaps the stack region. The issue stems from not accounting for space for the entire binary, causing later PT_LOAD seg...

7.8CVSS7.3AI score0.10695EPSS
In wildExploits5References14Affected Software2
CVE
CVE
added 2025/09/03 4:17 p.m.518 views

CVE-2025-9865

CVE-2025-9865 : In Google Chrome on Android, prior to version 140.0.7339.80, an inappropriate implementation in Toolbar allows a remote attacker to induce a user, via crafted HTML and specific UI gestures, to perform domain spoofing. Impact is described as a Chromium-style vulnerability with pote...

5.4CVSS5.9AI score0.00247EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/12 12:2 p.m.518 views

CVE-2024-10043

CVE-2024-10043 affects GitLab EE versions 14.3–before 17.4.6, 17.5–before 17.5.4, and 17.6–before 17.6.2. The issue allows group users to view confidential incident titles via the Wiki History Diff feature, leading to information disclosure. The documents indicate fixes in the applicable lines: u...

3.1CVSS3.3AI score0.00436EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/11/14 11:32 a.m.518 views

CVE-2022-31666

Harbor vulnerability CVE-2022-31666 involves failure to validate user permissions when managing Webhook policies. The issue allows authenticated users to view, update, or delete Webhook policies belonging to other users or projects, potentially enabling modification of policies configured in othe...

7.7CVSS7.5AI score0.00492EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/08/21 8:20 p.m.518 views

CVE-2024-7971

CVE-2024-7971 is a Type Confusion in Google Chrome’s V8 engine that allows remote heap corruption via a crafted HTML page. Affected software is Google Chrome (and Chromium-based browsers) prior to version 128.0.6613.84. The root cause is a V8 type confusion issue, enabling exploitation when proce...

9.6CVSS6.8AI score0.19272EPSS
In wildExploits2References4Affected Software1
CVE
CVE
added 2023/10/25 10:27 a.m.518 views

CVE-2023-4692

Concretely documented: CVE-2023-4692 is an out-of-bounds write in grub2’s NTFS driver that can corrupt heap metadata, potentially enabling arbitrary code execution and secure-boot protection bypass. Several connected advisories (e.g., CBL-Mariner) note that a patched grub2 is available; affected ...

7.8CVSS8AI score0.00536EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2023/09/12 4:58 p.m.518 views

CVE-2023-36767

CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...

4.3CVSS4.8AI score0.03324EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2023/07/31 12:0 a.m.518 views

CVE-2023-37580

CVE-2023-37580 – Zimbra Collaboration Suite (ZCS) XSS : The Nuclei template confirms a Cross-Site Scripting vulnerability in ZCS 8.x before 8.8.15 Patch 41, specifically in the Zimbra Classic Web Client. Impact described in the connected doc: successful exploitation could execute arbitrary script...

6.1CVSS6.2AI score0.59041EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2023/06/29 12:0 a.m.518 views

CVE-2023-34658

CVE-2023-34658 affects Telegram for iOS (v9.6.3). The root cause is exploitation via the SFSafariViewController function, allowing attackers to hide critical information in the app’s User Interface. The available connected documents confirm the target is Telegram v9.6.3 on iOS and describe the UI...

5.3CVSS5AI score0.00413EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/16 12:44 a.m.518 views

CVE-2023-32027

CVE-2023-32027 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Public sources describe exploitation that requires the attacker to lure the victim via a rogue SQL server, with the driver client on the affected workstation executing code. The vulne...

7.8CVSS8.1AI score0.00603EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/06/06 12:0 a.m.518 views

CVE-2023-2253

CVE-2023-2253 concerns the /v2/_catalog endpoint in distribution/distribution, where the query parameter n controls the maximum number of records returned. The flaw allows a malicious user to supply an unreasonably large n, potentially triggering allocation of a massive string array and causing m...

6.5CVSS6.2AI score0.00938EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2023/04/12 11:16 a.m.518 views

CVE-2023-1829

CVE-2023-1829 affects the Linux kernel tcindex subsystem. A use-after-free can occur in tcindex_delete when filters are not properly deactivated for a perfect-hash underlying structure, potentially enabling local privilege escalation to root. The flaw is tied to the traffic control index filter (...

7.8CVSS7.8AI score0.01029EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.518 views

CVE-2022-42928

CVE-2022-42928 is a memory-corruption vulnerability affecting Firefox and Thunderbird prior to the specified versions (Firefox <106, ESR <102.4, Thunderbird

8.8CVSS8.5AI score0.0083EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2022/10/19 9:24 p.m.518 views

CVE-2022-41832

CVE-2022-41832 (BIG-IP SIP profile vulnerability) affects BIG-IP products with a SIP profile on a virtual server, where undisclosed SIP messages can drive memory resource usage up, potentially causing DoS. Affected versions and fixed releases per F5 advisory K10347453: vulnerable on BIG-IP 17.0.x...

7.5CVSS7.6AI score0.00616EPSS
Exploits0References1Affected Software11
CVE
CVE
added 2021/10/04 8:20 p.m.518 views

CVE-2021-41089

CVE-2021-41089 concerns Moby (Docker Engine). A bug in docker cp into a specially-crafted container can cause Unix file permission changes for existing host files, potentially widening access to others. The issue is fixed in Moby/Docker Engine 20.10.9; users should upgrade to that version. Runnin...

6.3CVSS5.5AI score0.0027EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/02/09 1:55 p.m.518 views

CVE-2020-16044

CVE-2020-16044 is a use-after-free in WebRTC detected in Chromium-based browsers, including Google Chrome before 88.0.4324.96 (and related Chromium builds). A remote attacker could potentially exploit a crafted SCTP COOKIE-ECHO packet to trigger heap corruption and execute arbitrary code. Public ...

8.8CVSS9.1AI score0.01304EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/01/20 2:50 p.m.518 views

CVE-2021-2021

CVE-2021-2021 affects Oracle MySQL Server (MySQL: Server: Optimizer) with affected versions 8.0.22 and earlier. It is described as an easily exploitable vulnerability allowing a high-privilege attacker with network access via multiple protocols to cause a hang or complete DoS on MySQL Server. The...

6.8CVSS4.9AI score0.10093EPSS
In wildExploits3References5Affected Software1
CVE
CVE
added 2020/07/22 1:47 p.m.518 views

CVE-2020-8559

CVE-2020-8559 : Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests. Affected releases include kube-apiserver v1.6–v1.15, and versions prior to v1.16.13, v1.17.9, and v1.18.6. Exploitation could enable privilege escalation from a node compromise to a ful...

6.8CVSS6.6AI score0.061EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2019/08/14 8:55 p.m.518 views

CVE-2019-1181

CVE-2019-1181 is a remote code execution vulnerability in Windows Remote Desktop Services (RDS/Terminal Services). The Huawei advisory confirms the issue as one of four RC vulnerabilities in RDS where an unauthenticated, network-based attacker can exploit by sending specially crafted RDP requests...

10CVSS9.2AI score0.75194EPSS
Exploits0References3Affected Software8
CVE
CVE
added 2019/07/10 1:50 p.m.518 views

CVE-2019-13224

Summary (CVE-2019-13224) Oniguruma 6.9.2 contains a use-after-free in onig_new_deluxe() within regext.c that can allow information disclosure, denial of service, or potentially code execution when presented with a crafted regular expression that combines a multi-byte encoded pattern and string. S...

9.8CVSS9.9AI score0.04047EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2019/06/24 4:6 p.m.518 views

CVE-2018-20843

The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...

7.8CVSS7.5AI score0.07107EPSS
Exploits1References21Affected Software1
CVE
CVE
added 2008/10/20 5:0 p.m.518 views

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...

7.1CVSS8.8AI score0.32123EPSS
Exploits1References15Affected Software10
CVE
CVE
added 2025/01/17 11:14 p.m.517 views

CVE-2018-9387

CVE-2018-9387 affects the mnh-sm.c component and describes a heap/heap-buffer overflow caused by an integer overflow. The vulnerability enables local escalation of privilege with no additional execution privileges and does not require user interaction. Connected sources (Red Hat, NVD, CVE lists, ...

7.8CVSS9.1AI score0.00103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/02 11:58 p.m.517 views

CVE-2024-43769

CVE-2024-43769 affects Google Android: a logic edge case in PackageManagerService.isPackageDeviceAdmin could prevent CloudDpc uninstallation, enabling local privilege escalation with no extra privileges or user interaction required. Affected component is Android’s PackageManagerService.java; root...

7.8CVSS7.1AI score0.00081EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/03/12 4:57 p.m.517 views

CVE-2024-26198

CVE-2024-26198 is a Microsoft Exchange Server Remote Code Execution vulnerability. Connected sources confirm exploitation context as a March 2024 issue with public patches released (e.g., KB5037224 for Exchange Server 2019 CU14 HU2 and CU13 HU6) and accompanying March 2024 security updates. The N...

8.8CVSS9.2AI score0.0682EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/10 12:26 p.m.517 views

CVE-2023-43787

Summary: CVE-2023-43787 affects the libX11 library via an integer overflow in XCreateImage(), enabling a local user to trigger a heap overflow and potentially execute arbitrary code with elevated privileges. What’s affected: libX11 (Xorg X11 client library); affected function is XCreateImage(). R...

7.8CVSS8.2AI score0.00427EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2023/09/12 4:58 p.m.517 views

CVE-2023-36801

Technical details for CVE-2023-36801 are not provided in the supplied documents. No explicit affected product/version, root cause, impact, or remediation are specified here. Monitor for updates from official sources.

5.3CVSS6AI score0.01501EPSS
Exploits0References1Affected Software5
CVE
CVE
added 2023/07/19 12:0 a.m.517 views

CVE-2022-40896

CVE-2022-40896 : A ReDoS in Pygments’ SmithyLexer (pygments/lexers/smithy.py) affects pygments up to version 2.15.0. Exploitation could cause a denial of service via crafted Smithy inputs. Connected sources confirm the issue and attribution but do not specify a fixed patch/version. Remediation: u...

5.5CVSS5.5AI score0.00503EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2020/02/10 7:41 p.m.517 views

CVE-2020-8840

CVE-2020-8840 affects FasterXML jackson-databind 2.0.0–2.9.10.2, where missing blocking of xbean-reflect/JNDI chains (notably org.apache.xbean.propertyeditor.JndiConverter) enables JNDI injection leading to remote code execution. Affected component is jackson-databind’s deserialization path; impa...

9.8CVSS9.3AI score0.26587EPSS
In wildExploits5References44Affected Software1
CVE
CVE
added 2024/01/16 4:13 p.m.516 views

CVE-2023-45233

EDK2 Network Package contains an infinite loop vulnerability when parsing the PadN option in the Destination Options header of IPv6 (CVE-2023-45233). The issue is documented in multiple advisories across distributions (e.g., Debian DSA-5624-1 and various ALMA/CBLMariner entries) as fixed in newer...

7.5CVSS8.1AI score0.02084EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2023/04/18 7:54 p.m.516 views

CVE-2023-21977

CVE-2023-21977 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.32 and earlier. The vulnerability allows a high-privilege attacker with network access via multiple protocols to cause a hang or frequent, repeatable crashes (complete DOS) of MySQL Server. No exp...

4.9CVSS5.2AI score0.01128EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/27 12:0 a.m.516 views

CVE-2022-22582

CVE-2022-22582 describes a validation issue in how symlinks are handled, enabling a local user to write arbitrary files. The vulnerability is fixed in Security Update 2022-003 Catalina and also addressed for macOS Big Sur 11.6.5 and macOS Monterey 12.3. According to the connected records, Apple l...

5.5CVSS4.5AI score0.17715EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2022/11/23 12:0 a.m.516 views

CVE-2022-41946

Summary (CVE-2022-41946) pgjdbc (PostgreSQL JDBC Driver) is affected where a prepared statement using Either setText(int, InputStream) or setBytea(int, InputStream) creates a temporary file when the InputStream exceeds ~2 KB. The created temp file in the system temp directory can be readable by o...

5.5CVSS5.2AI score0.0048EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/10/12 12:0 a.m.516 views

CVE-2022-41316

CVE-2022-41316 affects HashiCorp Vault and Vault Enterprise: the TLS certificate auth method did not load the optional CRL into memory on startup, potentially skipping revocation checks until retrieval. A fix is available in Vault/Vault Enterprise releases 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

5.3CVSS5.1AI score0.00396EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/22 2:25 p.m.516 views

CVE-2022-32549

The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...

5.3CVSS5.4AI score0.0222EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/02/06 12:6 a.m.516 views

CVE-2020-8648

CVE-2020-8648 is a use-after-free in the Linux kernel’s n_tty_receive_buf_common function (drivers/tty/n_tty.c), affecting kernel builds up to 5.5.2. It is a local vulnerability; exploitation could crash the kernel (DoS), with CVSS notes indicating local access and high impact on availability. Co...

7.1CVSS7AI score0.00661EPSS
Exploits1References11Affected Software1
Total number of security vulnerabilities5000