Lucene search
K
CveMost viewed

368433 matches found

CVE
CVE
added 2024/02/28 8:13 a.m.6027 views

CVE-2021-47021

CVE-2021-47021 is a Linux kernel vulnerability in the mt76 mt7915 driver area. The issue is a memory leak that occurs during mt7915_unregister_device(), with a specific root-cause: mt7915_tx_token_put() must be called before mt76_free_pending_txwi(). The description notes that the memory leak was...

5.5CVSS6.6AI score0.00235EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.6025 views

CVE-2024-26351

Flusity-CMS v2.33 contains a Cross-Site Request Forgery (CSRF) in the /core/tools/update_place.php component. The issue stems from CSRF in the update_place workflow, enabling state-changing requests under the attacker’s context when a user is tricked to interact with the CMS. Per CVSS 3.1 metrics...

6.1CVSS7.4AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.6021 views

CVE-2021-46983

CVE-2021-46983 corresponds to a Linux kernel issue in nvmet-rdma where a NULL pointer dereference could occur when SEND completes with error. The root cause is that nvmet_rdma_error_comp attempted to access the cq_context to obtain the queue, but the cq_context is no longer valid after switching ...

5.5CVSS6.3AI score0.00236EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/29 10:31 p.m.6020 views

CVE-2021-46959

CVE-2021-46959 is a Linux kernel SPI subsystem use-after-free issue (devm_spi_alloc_{master,slave}) caused by relying on the devres list during spi_unregister_controller. The root cause is that devres_find() runs after the devres list has been torn down, leading to underflow of reference counters...

7.8CVSS6.6AI score0.00245EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/29 10:37 p.m.6012 views

CVE-2021-47058

CVE-2021-47058 is a Linux kernel vulnerability affecting the regmap debugfs path. The issue arises from a memory leak in which debugfs_name is freed in regmap_debugfs_exit() but not recreated due to a conditional added by upstream commit cffa4b2122f5. The relevant sequence involves regmap_reinit_...

7.8CVSS6.5AI score0.00246EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/23 2:46 p.m.5984 views

CVE-2023-52461

CVE-2023-52461 affects the Linux kernel DRM scheduler component, specifically drm_sched_entity_init(). The issue is a bounds-limiting fault where, if a malformed drm_sched_entity is encountered with an out-of-bounds priority value, the code previously allowed the value to slip into an invalid sta...

5.3CVSS5.6AI score0.00523EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5965 views

CVE-2021-47028

CVE-2021-47028 affects the Linux kernel mt76 mt7915 driver stack. The issue is in tx rate reporting for mt7915e devices (cfg80211/mac80211 flow), where rate_info was not checked correctly, leading to unexpected or incorrect bitrate reporting. The connected NASL document confirms a fix in the txra...

7.8CVSS6.5AI score0.00245EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/01 5:29 a.m.5963 views

CVE-2024-27008

CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...

7.8CVSS6.2AI score0.00293EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5963 views

CVE-2021-46985

CVE-2021-46985 corresponds to a Linux kernel vulnerability in the ACPI subsystem: if acpi_device_set_name() fails, acpi_device_bus_id->bus_id must be freed to avoid a memory leak in the error path. The connected Nessus/NVL entries reference Tencent/TencentOS and Unity Linux advisories noting t...

5.5CVSS6.3AI score0.00249EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/02/29 3:52 p.m.5953 views

CVE-2024-26614

CVE-2024-26614 : Linux kernel vulnerability where the accept_queue spinlocks were not initialized correctly, enabling a local attacker to trigger a denial of service. The issue surfaces in tcp handling and was observed in syz reproductions showing pvqspinlock corruption during queue operations. C...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/10/17 12:0 a.m.5934 views

CVE-2024-31573

CVE-2024-31573 affects XMLUnit for Java prior to 2.10.0. In default configurations, XSLT extension functions are enabled during an XSLT transformation, which may allow code execution via an untrusted stylesheet. The vulnerability is described across multiple connected documents (including Nessus ...

4CVSS7.8AI score0.00216EPSS
Exploits0References3
CVE
CVE
added 2017/06/20 1:0 a.m.5926 views

CVE-2017-3169

CVE-2017-3169 affects Apache HTTP Server (httpd) up to the fixed versions: 2.2.x before 2.2.33 and 2.4.x before 2.4.26. The vulnerability is a NULL pointer dereference in the httpd’s mod_ssl component when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS po...

9.8CVSS9.4AI score0.19953EPSS
Exploits0References42Affected Software1
CVE
CVE
added 2024/05/23 6:0 a.m.5912 views

CVE-2024-3918

CVE-2024-3918 corresponds to a Stored XSS vulnerability in the WordPress Pet Manager plugin (versions up to 1.4). The issue arises because some Pet settings are not properly sanitised/escaped, enabling high-privilege users (e.g., Contributors) to store scripts that could affect other site users. ...

4.8CVSS5.7AI score0.00351EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.5910 views

CVE-2024-25082

FontForge (through 20230101) is affected by CVE-2024-25081 and CVE-2024-25082, allowing shell command injection via specially crafted filenames or archives/compressed files. Public advisories from Debian (DSA-5641-1), AlmaLinux (ALSA-2024-2495 / ALSA-2024-565), and Amazon Linux (ALAS2024-2495 / A...

6.5CVSS8.7AI score0.0187EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2020/04/01 11:8 p.m.5891 views

CVE-2020-1927

CVE-2020-1927 affects Apache HTTP Server 2.4.0–2.4.41, where mod_rewrite redirects intended to be self-referential could be fooled by encoded newlines and redirect to an unexpected URL within the request. Multiple connected advisories confirm the issue and indicate that fixes were released in Apa...

6.1CVSS6.7AI score0.56691EPSS
Exploits0References27Affected Software1
CVE
CVE
added 2024/05/17 9:14 p.m.5889 views

CVE-2024-25742

CVE-2024-25742 in the Linux kernel (pre-6.9) allows an untrusted hypervisor to inject virtual interrupt 29 (#VC) at any time and trigger its handler, impacting AMD SEV-SNP and AMD SEV-ES. Public references point to kernel commits and advisories (e.g., ChangeLog-6.9, AMD SB-3008). Connected Nessus...

6.5CVSS6.3AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 2024/02/29 3:52 p.m.5882 views

CVE-2023-52492

CVE-2023-52492 refers to a Linux kernel vulnerability in the DMA engine where __dma_async_device_channel_unregister() could dereference a NULL chan->local if __dma_async_device_channel_register() failed and channels were unregistered. The fixed behavior adds a guard at the beginning of __dma_a...

4.4CVSS6AI score0.00269EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/02/29 3:52 p.m.5877 views

CVE-2024-26612

CVE-2024-26612 affects the Linux kernel in the netfs/fscache path. The vulnerability stems from dereferencing a pointer in fscache_put_cache() before verifying it with IS_ERR_OR_NULL(), allowing a potential NULL pointer dereference. The fix changes the order to check first, then dereference. Conn...

5.5CVSS6.1AI score0.00239EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/27 1:8 p.m.5875 views

CVE-2023-51747

Apache James SMTP server is affected in versions prior to 3.8.1 and 3.7.5. The root cause is lenient line-delimiter handling, which can enable SMTP smuggling by causing differences in interpretation between sender and receiver, potentially bypassing SPF checks. The fix enforces CRLF as the line d...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.5872 views

CVE-2024-26468

CVE-2024-26468 describes a DOM-based XSS in the jstrieb/urlpages project, affecting the code path in the index.html component prior to commit 035b647. An attacker can trigger arbitrary Javascript by sending a crafted URL. The available sources consistently cite the same issue without extending in...

6.1CVSS6AI score0.00429EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/22 1:38 p.m.5862 views

CVE-2024-35554

idccms v1.35 is affected by a Cross-Site Request Forgery (CSRF) in the admin component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. The underlying issue involves CSRF in the /admin/infoWeb_deal.php path with parameters mudi, dataType, and dataTypeCN that enables unauthorized acti...

5.4CVSS7.4AI score0.00191EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/29 3:52 p.m.5862 views

CVE-2024-26608

The CVE-2024-26608 entry describes a Linux kernel ksmbd_nl_policy out-of-bounds read that was addressed by a patch to fix a global oob in ksmbd_nl_policy. The bug manifested as a read of size 1 at a netlink attribute parsing path, with the faulting address located in ksmbd_nl_policy+0x100/0xa80 a...

7.8CVSS7.1AI score0.00234EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/23 9:14 a.m.5859 views

CVE-2023-4826

The vulnerability CVE-2023-4826 affects the SocialDriver WordPress theme, specifically versions prior to 2024. It is a prototype pollution issue that could allow an attacker to inject arbitrary properties, leading to cross-site scripting (XSS). The root cause is a pollution of object properties i...

6.1CVSS6AI score0.00354EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/11/15 3:56 p.m.5846 views

CVE-2022-20655

CVE-2022-20655 describes a CLI command-injection vulnerability in ConfD on Cisco devices. It results from insufficient validation of a process argument in the CLI, enabling an authenticated, local attacker to inject commands during execution and potentially run arbitrary commands with the privile...

8.8CVSS8.9AI score0.00832EPSS
Exploits0References2
CVE
CVE
added 2024/02/22 12:0 a.m.5846 views

CVE-2024-25369

This CVE concerns FUEL CMS 1.5.2, where a reflected XSS flaw exists in the group_id parameter that can allow an attacker to execute arbitrary code. The descriptions consistently attribute the issue to FUEL CMS 1.5.2 and do not provide concrete mitigation steps or a confirmed patched version withi...

5.4CVSS6AI score0.00379EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/18 3:38 a.m.5818 views

CVE-2023-52368

CVE-2023-52368 is linked to Huawei HarmonyOS/EMUI via CNVD/CNNVD references. The vulnerability is described as an input verification flaw in the Accounts module that can cause features to behave abnormally and, per CNVD, may lead to a denial-of-service condition. The NVD entry lists a network-bas...

5.3CVSS6.7AI score0.00255EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/07/29 2:31 p.m.5806 views

CVE-2024-41035

CVE-2024-41035 (Linux kernel USB core) : A duplicate-endpoint bug in usbcore was caused by assuming bEndpointAddress reserved bits are always 0, making endpoint_is_duplicate() misclassify descriptors that share direction and endpoint number. The fix clears the reserved bits when parsing endpoint ...

5.5CVSS6.5AI score0.00299EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/20 6:35 p.m.5803 views

CVE-2024-0407

The CVE concerns HP Enterprise LaserJet and HP LaserJet Managed Printers. Affected component: the device’s certificate store used for outbound connections to services enabled by some solutions. Root cause: connections may have been trusted without the appropriate CA certificate, leading to inform...

6.5CVSS6.5AI score0.00341EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/23 4:53 p.m.5800 views

CVE-2024-2301

CVE-2024-2301 concerns HP LaserJet Pro devices vulnerable to Cross-Site Scripting (XSS) via the web management interface. Evidence across multiple feeds indicates a web-based XSS weakness in HP LaserJet Pro printers, with the underlying issue described as an XSS vulnerability in the device’s web ...

7.6CVSS5.9AI score0.00298EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/13 8:50 p.m.5795 views

CVE-2019-9513

CVE-2019-9513 (and related HTTP/2 CVEs) affect nginx and nghttp2. The issues enable denial of service via HTTP/2 resource loops and priority/window manipulation, causing high CPU/memory usage. nginx 1.16.x and nghttp2 are specifically named in advisories; remediation is upgrading to fixed package...

7.8CVSS7.7AI score0.82017EPSS
Exploits0References42Affected Software1
CVE
CVE
added 2019/01/10 12:0 a.m.5788 views

CVE-2018-20685

CVE-2018-20685 affects OpenSSH scp client: scp.c allows remote servers to bypass access restrictions via the filename "." or an empty filename, potentially enabling modification of the client-directory permissions. Multiple advisories confirm this vulnerability and fix paths: Arch Linux ASA-20190...

5.3CVSS6.3AI score0.03681EPSS
In wildExploits0References14Affected Software2
CVE
CVE
added 2024/05/22 1:38 p.m.5771 views

CVE-2024-35560

CVE-2024-35560 affects idccms v1.35 and is a CSRF flaw in the /admin/ca_deal.php endpoint with parameters mudi=del, dataType, and dataTypeCN. The CVE documents report the vulnerability but do not provide exploit details beyond the CSRF condition; CVSSv3.1 base score is 4.3 (MEDIUM) with UI:Requir...

4.3CVSS7.4AI score0.00203EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/04/15 5:0 a.m.5757 views

CVE-2024-1846

CVE-2024-1846 affects the WordPress plugin “Responsive Tabs” (versions before 4.0.7). The issue is a lack of validation/escaping of shortcode attributes, leading to Stored XSS when the shortcode is rendered in a post/page. The root cause is improper handling of attributes in the plugin’s output. ...

5.4CVSS8AI score0.00501EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/28 11:3 p.m.5741 views

CVE-2024-21798

The CVE-2024-21798 issue affects ELECOM wireless LAN routers and repeater families. A cross-site scripting (XSS) vulnerability can be triggered when a malicious administrative user configures crafted content; when another admin logs in and operates the device, an arbitrary script may execute in t...

4.8CVSS6.1AI score0.01289EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.5735 views

CVE-2024-26859

CVE-2024-26859: In the Linux kernel, a race in the bnX2x driver during EEH error handling could cause a read of freed memory when bnx2x_io_slot_reset() and bnx2x_nic_unload() race. The fix ensures page pool allocations are verified before freeing SGEs to prevent NULL-pointer dereferences and cras...

4.7CVSS6.2AI score0.00182EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/05/01 5:27 a.m.5733 views

CVE-2024-26982

CVE-2024-26982 affects the Linux kernel Squashfs code. The vulnerability arises from an OOB read path in fill_meta_index() triggered by an inode number value of zero, which is treated as unused. After a faulty read aborts, an empty metadata index is invalidated with inode=0, and a subsequent read...

7.1CVSS7.5AI score0.0028EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.5731 views

CVE-2024-1106

CVE-2024-1106 – Shariff Wrapper (WordPress) : The plugin prior to 4.6.10 does not sanitize/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Reported impact includes potential XSS within outputs generated...

6.1CVSS5.7AI score0.00417EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.5722 views

CVE-2024-25768

OpenDMARC 1.4.2 contains a null pointer dereference in opendmarc_policy.c, exposed as CVE-2024-25768. Reported across multiple advisories (Mageia MGASA-2024-0370; Fedora advisories FEDORA-2024-513cf04db3 and FEDORA-2024-dede8e91b1; Fedora 41/40 notes). CVSSv3.1: 7.5 (High) with network attack vec...

7.5CVSS6.7AI score0.00728EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/01 5:20 a.m.5720 views

CVE-2024-26973

CVE-2024-26973 concerns the Linux kernel fat subsystem. The issue occurred when fat_encode_fh_nostale() encoded a file handle without a parent and stored only the first 10 bytes; since the file handle length must be a multiple of 4, the actual length is 12 bytes and the last two bytes could be un...

5.5CVSS6.1AI score0.00257EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.5717 views

CVE-2024-26490

The vulnerability CVE-2024-26490 affects flusity-CMS v2.33, specifically the Addon JD Simple module. The issue is a cross-site scripting (XSS) flaw exploitable through a crafted payload entered into the Title text field of the Addon JD Simple module. The documented impact is execution of arbitrar...

5.4CVSS5.7AI score0.00408EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.5716 views

CVE-2024-26862

CVE-2024-26862 — Linux kernel data race (kernel 5.x/6.x) Root cause: missing READ_ONCE()/WRITE_ONCE() annotations for ignore_outgoing reads in packet code; read/write races observed between dev_queue_xmit_nit() and packet_setsockopt(). Syzkaller/KCSAN reported a data-race affecting packet_setsock...

4.7CVSS6.1AI score0.00208EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/05/01 5:28 a.m.5714 views

CVE-2024-26999

CVE-2024-26999 — Linux kernel (serial/pmac_zilog) A vulnerability in the Linux kernel’s pmac_zilog serial driver was mitigated by a patch that was later removed. The mitigation intended to stop IRQs entirely caused a crash when pmac_zilog is used as a serial console. Specifically, a pr_err() path...

5.5CVSS6.4AI score0.00182EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.5714 views

CVE-2024-25170

Mezzanine v6.0.0 contains a vulnerability where attackers can bypass access controls by manipulating the Host header. Descriptions across Red Hat, GHSA, OSV, NVD, and related advisories consistently reference Host header-based bypass with potential unauthorized access to information or systems. T...

9.1CVSS6.7AI score0.00874EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/11/11 10:0 p.m.5714 views

CVE-2014-4078

CVE-2014-4078 affects Microsoft Internet Information Services (IIS) 8.0 and 8.5. The vulnerability is in the IP Security feature, where wildcard rules in the IP Address and Domain Restrictions list are not properly processed, enabling a remote attacker to bypass the intended rule set via an HTTP ...

5.1CVSS7.3AI score0.18011EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.5712 views

CVE-2024-26467

CVE-2024-26467 affects the tabatkins/railroad-diagrams project, specifically the generator.html component. A DOM-based cross-site scripting (XSS) flaw is present in versions before commit ea9a123, allowing an attacker to execute arbitrary JavaScript by sending a crafted URL. The issue is triggere...

6.1CVSS6AI score0.00429EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.5695 views

CVE-2024-26472

KLiK SocialMediaWebsite v1.0.1 (msaad1999) is vulnerable to a reflected cross-site scripting (XSS) flaw. The issue arises when a malicious payload is supplied in the selector or validator parameters of create-new-pwd.php, enabling an attacker to execute arbitrary JavaScript in a user’s browser. T...

6.1CVSS6AI score0.00549EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 5:17 a.m.5693 views

CVE-2024-26931

CVE-2024-26931 affects the Linux kernel driver for SCSI over Fibre Channel (scsi: qla2xxx). The issue arises when memory pressure prevents a command flush during cable pull recovery, causing the upper SCSI layer to modify scsi_cmnd improperly. When memory is freed and a subsequent cable pull trig...

5.5CVSS6.5AI score0.00254EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/05/23 6:0 a.m.5692 views

CVE-2024-3594

The CVE CVE-2024-3594 concerns the IDonate WordPress plugin (≤ 1.9.0). It states that certain settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Root cause: incomplete sanitization/escaping...

8.7CVSS5.6AI score0.00518EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.5679 views

CVE-2023-7202

CVE-2023-7202 affects the Fatal Error Notify WordPress plugin prior to 1.5.3. The root cause is missing authorization checks and CSRF protections in the test_error AJAX action, enabling any authenticated user (e.g., a Subscriber) to trigger error emails to the site admin. This also enables CSRF e...

6.1CVSS6.3AI score0.00228EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.5658 views

CVE-2024-26872

The CVE-2024-26872 vulnerability affects the Linux kernel RDMA/srpt subsystem. A race condition allows a use-after-free situation in srpt_refresh_port() when an event handler is registered before the srpt device is fully initialized. The issue can impact confidentiality, integrity, and availabili...

7CVSS6.3AI score0.00235EPSS
Exploits0References9Affected Software1
Total number of security vulnerabilities5000