Lucene search
K
CveMost viewed

368560 matches found

CVE
CVE
added 2024/02/21 3:14 a.m.6284 views

CVE-2024-1676

CVE-2024-1676 affects Google Chrome (Chromium core) prior to 122.0.6261.57. The vulnerability arises from an inappropriate implementation in Navigation, enabling a remote attacker to spoof the security UI via a crafted HTML page. According to the reports, the CVSS data show a network attack vecto...

9.8CVSS4.7AI score0.18552EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/04/10 1:53 p.m.6280 views

CVE-2024-26816

CVE-2024-26816 affects the Linux kernel on x86 where, when CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section. Relocations in .notes were previously possible and could leak the KASLR base via /sys/kernel/notes. The fixes instruct the kernel to skip performing relocations in the .n...

5.5CVSS5.8AI score0.00307EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.6276 views

CVE-2023-40105

CVE-2023-40105 affects the Android framework (ActivityManagerService), specifically in backupAgentCreated. The root cause is a missing permission check in this path, enabling local information disclosure. The impact is high confidentiality loss with no integrity or availability impact described, ...

5.5CVSS5.9AI score0.00082EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.6273 views

CVE-2024-25841

CVE-2024-25841 affects PrestaShop via the So Flexibilite module from Common-Services. The vulnerability allows a guest (authenticated customer) to perform a Cross Site Scripting (XSS) injection in versions earlier than 4.1.26. Root cause details are not provided beyond the XSS in this module. The...

5.9CVSS6.3AI score0.00385EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.6273 views

CVE-2023-42951

CVE-2023-42951 pertains to Apple’s Safari in iOS 17.1 and iPadOS 17.1. The issue stems from improved handling of caches, and can cause a user to be unable to delete browsing history items. Multiple sources (Apple security notes, NVD entry, Red Hat advisory) confirm the vulnerability is addressed ...

4.3CVSS7.1AI score0.00336EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/15 10:31 p.m.6267 views

CVE-2023-40112

CVE-2023-40112 describes a likely out-of-bounds read in the printer subsystem: the function ippSetValueTag in ipp.c performs a missing bounds check, potentially allowing local disclosure of past print jobs or other print-related data. Exploitation is described as local (no remote access) with no ...

5.5CVSS6AI score0.00085EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/04 9:51 a.m.6261 views

CVE-2024-26809

CVE-2024-26809 is a Linux kernel vulnerability in netfilter nft_set_pipapo logic. The issue arises when destroying set elements: clone path may destroy elements twice because it did not always use a current view of the lookup table. The root cause is that destruction could proceed without the lat...

5.5CVSS6.1AI score0.0028EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2021/06/01 12:28 p.m.6261 views

CVE-2021-23017

CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...

7.7CVSS6.3AI score0.52838EPSS
Exploits10References14Affected Software1
CVE
CVE
added 2024/02/18 6:13 a.m.6260 views

CVE-2023-52381

The CVE-2023-52381 entry corresponds to a script injection vulnerability in Huawei HarmonyOS/EMUI mail module. The CNVD CNVD-2024-31083 document confirms an in-component script injection that can allow an attacker to execute arbitrary code on affected systems. The NVD/NVD-derived description simi...

9.8CVSS7.1AI score0.00446EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/21 6:41 a.m.6256 views

CVE-2023-42843

CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webk­­itgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...

7.5CVSS5.2AI score0.0086EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2024/02/20 4:22 p.m.6255 views

CVE-2024-21726

Summary (CVE-2024-21726): In Joomla! ecosystems (CMS and Framework), inadequate content filtering in the filter code can allow cross-site scripting (XSS) in multiple components. The CVE is documented with a CVSS v3.1 base score of 6.5 (Network, Low/Low impacts except Confidentiality: Low, Availab...

6.5CVSS6.4AI score0.48839EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/20 2:58 p.m.6255 views

CVE-2024-22369

CVE-2024-22369 is a deserialization of untrusted data vulnerability in Apache Camel SQL Component, related to unsafe deserialization in the JDBCAggregationRepository. Affected versions include Camel 3.0.0–3.21.3, 3.22.0–3.22.0, 4.0.0–4.0.3, and 4.1.0–4.3.x (per the advisory). The issue could allo...

7.8CVSS7.8AI score0.00747EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/09/19 12:18 a.m.6249 views

CVE-2024-7254

CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...

8.7CVSS6.8AI score0.02772EPSS
Exploits0References3Affected Software5
CVE
CVE
added 2024/02/16 7:33 p.m.6233 views

CVE-2024-0016

CVE-2024-0016 is an Android/Bluetooth-related issue described as an out-of-bounds read caused by a missing bounds check. It could lead to disclosure of paired device information without any user interaction or privileges. The connected documents confirm the vulnerability exists in multiple locati...

6.5CVSS6.2AI score0.00212EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.6228 views

CVE-2023-42953

CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...

5.5CVSS7.2AI score0.00168EPSS
Exploits0References7Affected Software5
CVE
CVE
added 2024/02/21 6:41 a.m.6220 views

CVE-2023-42946

CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...

7.5CVSS7.1AI score0.00439EPSS
Exploits0References7Affected Software5
CVE
CVE
added 2024/02/21 12:0 a.m.6218 views

CVE-2024-22778

HackMD CodiMD versions before 2.5.2 are vulnerable to Denial of Service. Affected software: HackMD CodiMD prior to 2.5.2. Root cause and impact: DoS vulnerability with CWEs not specified in the documents; CVSSv3.1 base score 7.5 (Network exploitation, Low attack complexity, No privileges, No user...

7.5CVSS6.7AI score0.00695EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/11/15 3:59 p.m.6209 views

CVE-2022-20648

CVE-2022-20648 affects Cisco StarOS Software’s Redundancy Configuration Manager (RCM). A debug service incorrectly listens to/accepts incoming connections, enabling an unauthenticated, remote attacker to connect to the debug port, execute commands, and view confidential debugging information. Cis...

5.3CVSS5.2AI score0.00985EPSS
Exploits0References3
CVE
CVE
added 2024/02/21 3:14 a.m.6200 views

CVE-2024-1669

CVE-2024-1669 affects Blink in Google Chrome and is fixed by upgrading to Chrome 122.0.6261.57. The vulnerability is an out-of-bounds memory access in Blink that could be triggered by a crafted HTML page, allowing a remote attacker to access memory. The CVE is documented with a high severity in t...

8.8CVSS5.1AI score0.00953EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/02/20 4:22 p.m.6197 views

CVE-2024-21722

The issue CVE-2024-21722 affects Joomla! CMS: the MFA management views did not properly terminate existing user sessions when a user’s MFA methods were modified. The root cause is insufficient session expiration tied to MFA changes, which can allow previously authenticated sessions to persist aft...

6.3CVSS6.4AI score0.00512EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.6190 views

CVE-2023-42834

CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...

6.2CVSS7AI score0.00213EPSS
Exploits0References10Affected Software4
CVE
CVE
added 2024/02/22 2:56 p.m.6178 views

CVE-2024-26282

CVE-2024-26282 affects Firefox for iOS prior to version 123. A cross-site scripting vector exists when using an AMP URL with a canonical element: an attacker could execute JavaScript from an opened bookmarked page, potentially compromising cookies and site integrity. Root cause involves AMP URL h...

7.1CVSS6AI score0.00336EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/02/12 8:0 p.m.6178 views

CVE-2011-5257

Classipress (WordPress theme) before 3.1.5 is affected by multiple XSS vulnerabilities via twitter_id and facebook_id widget parameters, and similar stored XSS risk via POST facebook_id/twitter_id in user profiles (

4.3CVSS6AI score0.03788EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.6164 views

CVE-2023-42823

CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...

5.5CVSS7.1AI score0.00425EPSS
Exploits0References12Affected Software5
CVE
CVE
added 2024/05/31 12:0 a.m.6159 views

CVE-2024-37032

CVE-2024-37032 affects Ollama before 0.1.34. The vulnerability stems from improper validation of the digest format (sha256, 64 hex digits) when resolving the model path, causing incorrect handling of inputs in TestGetBlobsPath (fewer or more than 64 hex digits, or a leading ../). This can enable ...

8.8CVSS6.9AI score0.89633EPSS
In wildExploits4References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6155 views

CVE-2021-47013

CVE-2021-47013 concerns a use-after-free in Linux kernel’s net:emac/emac-mac path, specifically emac_mac_tx_buf_send. The issue arises when emac_tx_fill_tpd() errors cause skb to be freed (dev_kfree_skb(skb)), yet skb->len is still read by netdev_sent_queue(skb->len). The description states...

7.8CVSS6.3AI score0.00259EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/02/29 10:37 p.m.6154 views

CVE-2021-47068

The CVE-2021-47068 entry concerns the Linux kernel NFC LLCP paths (llcp_sock_bind/llcp_sock_connect). Root cause: a refcount leak in bind/connect was fixed but introduced a use-after-free when the same local is bound to two sockets. The vulnerability is tied to the NFC LLCP implementation in the ...

7.8CVSS7.1AI score0.00233EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/18 6:11 a.m.6143 views

CVE-2023-52380

CVE-2023-52380 is an improper access control vulnerability affecting the Huawei HarmonyOS/EMUI mail module. The root cause is insufficient access controls in the mail component, potentially allowing information disclosure. Public documents enumerate HarmonyOS/EMUI mail as affected, with no explic...

4.3CVSS6.7AI score0.00257EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/18 6:9 a.m.6130 views

CVE-2023-52378

CVE-2023-52378 relates to Huawei HarmonyOS/EMUI WMS (WindowManagerServices) with an incorrect service logic root cause in the WMS module. The connected CNVD/CNNVD entries describe a privilege control type vulnerability and a business logic error that can lead to usability issues or functional exc...

9.8CVSS6.7AI score0.00458EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/18 2:59 a.m.6128 views

CVE-2023-52361

The CVE-2023-52361 entry corresponds to Huawei HarmonyOS VerifiedBoot module authentication errors. Multiple sources (NVD, CNVD, CNNVD) describe a vulnerability in the VerifiedBoot component that can compromise system integrity (I = High) with no confidentiality or availability impact, and with n...

7.5CVSS7AI score0.00306EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6120 views

CVE-2021-47017

The CVE-2021-47017 vulnerability is in the Linux kernel's ath10k_htc_send_bundle path, where a use-after-free could occur if bundle_skb is freed by dev_kfree_skb_any(bundle_skb) but later accessed via bundle_skb->len. The patch mitigates this by updating skb_len after freeing bundle_skb. Affec...

7.8CVSS6.8AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6111 views

CVE-2021-47005

CVE-2021-47005 affects the Linux kernel PCI Express endpoint subsystem. The vulnerability arises from get_features() returning NULL in pci_epc_ops, leading to a NULL pointer dereference in pci_epf_test_alloc_space. The fix adds a NULL check for the pci_epc_feature pointer in pci_epf_test_bind and...

5.5CVSS6.4AI score0.00236EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/20 4:22 p.m.6107 views

CVE-2024-21725

CVE-2024-21725 describes an XSS vulnerability due to inadequate escaping of email addresses in various Joomla! components. Affected product: Joomla! CMS (web components referencing mail address outputs). Root cause: inadequate escaping of email addresses. Impact (as stated in sources): cross-site...

6.1CVSS6.2AI score0.3221EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.6092 views

CVE-2023-49100

TF-A before 2.10 has CVE-2023-49100: a read-out-of-bounds in the SDEI service due to insufficient validation of the x1 parameter in sdei_interrupt_bind, passing to plat_ic_get_interrupt_type and bypassing plat_ic_is_sgi checks. A compromised Normal World (Linux) can issue arbitrary SMC calls, con...

4.4CVSS6.5AI score0.00224EPSS
Exploits0References3
CVE
CVE
added 2024/02/28 8:13 a.m.6087 views

CVE-2020-36787

CVE-2020-36787 describes a Linux kernel clock-handling flaw for Aspeed video engine on AST2500/AST2600 SoCs. The issue arises from reset sequencing of the video engine when enabling eclk and vclk, potentially causing improper reset and sporadic DMA transfers that can corrupt memory and trigger ke...

5.5CVSS6.4AI score0.00222EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.6084 views

CVE-2023-42855

The CVE-2023-42855 entry concerns iOS 17.1 / iPadOS 17.1. The issue arises from a design/logic flaw that could allow an attacker with physical access to silently persist an Apple ID on a device that has been erased. Apple’s description indicates this was addressed by improved state management and...

4.6CVSS6.1AI score0.00228EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/03/19 12:2 p.m.6077 views

CVE-2023-5388

CVE-2023-5388 concerns an NSS timing attack during RSA decryption that could leak private data. Connected entries confirm affected software: Mozilla Firefox (including ESR) and Thunderbird, with vulnerable builds prior to Firefox 124 and Thunderbird 115.9.x. Root cause is a timing side-channel in...

6.5CVSS6.3AI score0.00816EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2024/07/16 11:44 a.m.6071 views

CVE-2022-48828

CVE-2022-48828: Linux kernel NFSD ia_size underflow fix. ia_size is loff_t (signed 64-bit) while NFSv3/v4 file sizes are unsigned 64-bit, allowing a client to send values > S64_MAX. decode_fattr4() can dump a full u64 into ia_size, causing underflow when the value exceeds S64_MAX. The patch co...

5.5CVSS6.6AI score0.00251EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.6068 views

CVE-2024-26957

CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...

7.8CVSS6.4AI score0.00239EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6061 views

CVE-2021-47009

CVE-2021-47009 relates to the Linux kernel KEYS: trusted subsystem. The issue is a memory leak in the object td where two error return paths failed to free td, leading to leaked memory. The fix changes control flow to return via an error path that securely frees td with kfree. The description als...

5.5CVSS6.5AI score0.00246EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6058 views

CVE-2021-46987

CVE-2021-46987: Linux kernel/btrfs deadlock when cloning inline extents with qgroups. Root cause: while cloning, a transaction flush can occur with destination iotree range locked and delalloc flush needing the same range, potentially deadlocking. This occurs specifically when qgroups reserve met...

5.5CVSS6.5AI score0.00181EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6057 views

CVE-2021-47022

The CVE-2021-47022 issue concerns the Linux kernel driver for mt76 mt7615. The vulnerability is a memory leak that occurs in the mt7615 unregister path, specifically relating to the order of cleanup calls: mt7615_tx_token_put() should be invoked before mt76_free_pending_txwi(). A patch fixes meml...

5.5CVSS6.6AI score0.00236EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/03/06 6:45 a.m.6055 views

CVE-2023-52583

The CVE-2023-52583 entry describes a Linux kernel issue in the ceph component where dget() usage could lead to a deadlock due to incorrect lock ordering between dentry and its parent. The dead code path was never used because the parent directory is always supplied by callers, so the fix removes ...

5.5CVSS6.2AI score0.00182EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6054 views

CVE-2021-47003

CVE-2021-47003 concerns the Linux kernel’s dmaengine idxd path. A null pointer dereference could occur when code calls idxd_cmd_exec with a null status pointer; a later assignment to *status could dereference a null. The fix is to perform a null check on status before the assignment, preventing t...

5.5CVSS6.5AI score0.00236EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.6050 views

CVE-2024-25197

CVE-2024-25197 affects Open Robotics ROS2 and Nav2 Humble; it is a NULL pointer dereference in isCurrent() within /src/layered_costmap.cpp. Affected components and exact root cause are described across multiple sources (ROS2/Nav2 humble). The CVSS metric indicates a network-exposed, low-privilege...

6.5CVSS7.2AI score0.00682EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6049 views

CVE-2021-47042

CVE-2021-47042: Linux kernel drm/amd/display fixes a memory leak in dc_link_construct() by freeing local data after use. The description includes stack backtrace and memory object details; no connected documents with exploit specifics are provided, monitor for updates and apply upstream fix when ...

5.5CVSS6.3AI score0.00205EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/06/20 1:0 a.m.6044 views

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

7.5CVSS8.4AI score0.57472EPSS
Exploits1References35Affected Software1
CVE
CVE
added 2010/03/05 7:0 p.m.6043 views

CVE-2010-0425

CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...

10CVSS9.4AI score0.94248EPSS
Exploits13References42Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6032 views

CVE-2021-46998

Summary: CVE-2021-46998 affects the Linux kernel, specifically the enic driver path in ethernet/enic. A use-after-free occurs in enic_hard_start_xmit when an error in enic_queue_wq_skb() frees a skb via dev_kfree_skb(skb), but skb_tx_timestamp(skb) may still access it. Root cause: freed skb used ...

7.8CVSS6.4AI score0.00242EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6030 views

CVE-2021-47030

CVE-2021-47030 affects the Linux kernel MT76/MT7615: a memory leak in the mt7615_coredump_work path has been fixed (similar to the mt7921_coredump_work fix). The fix addresses a local-impact leak with HIGH availability impact; no exploitation details are provided in the supplied documents, and up...

5.5CVSS6.4AI score0.00205EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000