Lucene search
K
CveMost viewed

368391 matches found

CVE
CVE
added 2024/05/14 5:21 p.m.5652 views

CVE-2024-4367

CVE-2024-4367 concerns a missing type check when handling fonts in PDF.js, allowing arbitrary JavaScript execution within the PDF.js context. Affected products listed in connected docs include Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11. The root cause is limited ...

8.8CVSS5.9AI score0.72648EPSS
Exploits15References12Affected Software2
CVE
CVE
added 2024/02/27 12:0 a.m.5648 views

CVE-2024-24095

CVE-2024-24095 affects Code-projects Simple Stock System 1.0 and is a reported SQL Injection vulnerability. The entry is rated with a high/critical impact (CVSSv3.1 base score 9.8; NETWORK exploitability, no user interaction required; confidentiality, integrity, and availability are all at high i...

9.8CVSS7.3AI score0.00636EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.5642 views

CVE-2024-24096

Code-projects Computer Book Store 1.0 is affected by an SQL Injection vulnerability exposed through BookSBIN. The CVE entry notes a Local attacker with Low privileges can exploit this, with no user interaction required, and impacts confidentiality, integrity, and availability (base score 7.8, HIG...

7.8CVSS8AI score0.00418EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/12/09 12:0 a.m.5640 views

CVE-2016-8858

CVE-2016-8858 affects OpenSSH 6.x and 7.x up to 7.3, where the kex_input_kexinit() function can be triggered by remote KEXINIT messages to exhaust memory and cause a denial of service. Public sources in connected docs describe memory consumption per connection (examples range up to 128 MB per con...

7.8CVSS7.2AI score0.29462EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.5633 views

CVE-2024-26559

CVE-2024-26559 affects uverif v2.0 and enables an external attacker to obtain sensitive information (information disclosure). Public sources consistently describe a remote, unauthenticated impact with network-vector plausibly allowed by the issue, but concrete root-cause details, affected compone...

5.3CVSS6.6AI score0.00652EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/29 4:26 p.m.5627 views

CVE-2024-42084

CVE-2024-42084 : Linux kernel vulnerability in ftruncate() on 64-bit architectures. In 32-bit compat mode, off_t sign-extension caused a negative length to be interpreted as a valid positive size, allowing truncation to a size between 2 GiB and 4 GiB. The root cause was the compat syscall using a...

5.5CVSS6.5AI score0.00229EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.5626 views

CVE-2024-26874

CVE-2024-26874 is a Linux kernel vulnerability in the drm/mediatek driver where a race allows a NULL pointer dereference in mtk_drm_crtc_finish_page_flip if mtk_crtc->event is NULL. The root cause is that pending_needs_vblank is derived from mtk_crtc->event and a race occurs between atomic_...

4.7CVSS6.3AI score0.00238EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.5624 views

CVE-2023-50436

CVE-2023-50436 affects Couchbase Server prior to 7.2.4. The issue leaks admin credentials (ns_server) encoded in diag.log, with earliest affected version 7.1.5. Connected sources confirm the vulnerability is limited to 7.1.5–7.2.3 and that upgrading to 7.2.4 or later resolves the vulnerability. T...

5.3CVSS6.8AI score0.00237EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.5624 views

CVE-2024-26466

The CVE-2024-26466 entry describes a DOM-based XSS in web-platform-tests/wpt within the Range-test-iframe.html component, exposed before commit 938e843. The vulnerability allows an attacker to execute arbitrary Javascript by sending a crafted URL, with the impact aligned to a DOM-XSS type and use...

6.1CVSS6AI score0.00429EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.5620 views

CVE-2024-24099

CVE-2024-24099 affects Code-projects Scholars Tracking System 1.0. Multiple sources (NVD, Red Hat, CNVD, CNVD-like entries, CVE list) describe a SQL Injection vulnerability in the Employment Status Information Update. Root cause: lack of validation for externally supplied SQL statements. Impact i...

5.4CVSS7.9AI score0.00369EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.5615 views

CVE-2024-25876

Enhavo CMS v0.13.1’s Header module is vulnerable to Cross‑Site Scripting (XSS) via a crafted payload injected into the Title field. The root cause is inadequate sanitization of user-supplied input in Title, enabling execution of arbitrary scripts in the affected context. Public advisories and vul...

6.1CVSS5.6AI score0.00443EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/08/17 12:0 a.m.5612 views

CVE-2018-15473

OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...

5.9CVSS5.8AI score0.98631EPSS
Exploits23References18Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.5603 views

CVE-2024-25767

CVE-2024-25767 affects nanomq 0.21.2. The vulnerability is a Use-After-Free in the file /nanomq/nng/src/core/socket.c. It is described in multiple sources (NVD/Red Hat/CVE lists) with a Medium base score (CVSS 3.1: 6.5) and a Network attack vector with low attack complexity, no privileges, and no...

6.5CVSS6.7AI score0.00647EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/12 4:5 p.m.5599 views

CVE-2024-0248

The CVE-2024-0248 entry concerns the EazyDocs WordPress plugin prior to 2.4.0, where insufficient access controls allowed authenticated users (e.g., subscribers) to delete arbitrary posts and to add/delete documents/sections. Root cause is broken access control, with where unauthenticated access ...

4.3CVSS7.3AI score0.00424EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.5594 views

CVE-2024-25802

Affected software: SKINsoft S-Museum 7.02.3. Vulnerability: Unrestricted file upload via the Add Media function. The attack payload, in this case, is the file content (not the filename). Root cause / nature: Arbitrary file upload capability exists in the Add Media workflow. Impact (as stated): Hi...

9.8CVSS6.7AI score0.00562EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/16 6:33 p.m.5582 views

CVE-2024-0015

CVE-2024-0015 affects the Android Framework via DreamService.java: convertToComponentName can be abused to launch arbitrary protected activities through intent redirection, enabling local elevation of privilege with low privileges and no user interaction required. Public references indicate this ...

7.8CVSS7.1AI score0.00376EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/01 8:33 a.m.5580 views

CVE-2024-26653

CVE-2024-26653 : In the Linux kernel, the USB ljca (ljca_auxdev_release) path double-freed the platform_data on error handling when auxiliary_device_add() fails. The issue is fixed by removing the redundant kfree() in callers and by freeing the passed-in platform_data only for errors that occur b...

7.8CVSS6.8AI score0.00236EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/04/10 12:7 p.m.5563 views

CVE-2024-31309

CVE-2024-31309 affects Apache Traffic Server (ATS) HTTP/2 CONTINUATION handling. A DoS can occur due to CONTINUATION frame floods, impacting ATS 8.0.0–8.1.9 and 9.0.0–9.2.3. Upstream fixes are in 8.1.10 and 9.2.4. Practical mitigation includes setting proxy.config.http2.max_continuation_frames_pe...

7.5CVSS7.5AI score0.94615EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2019/01/31 12:0 a.m.5555 views

CVE-2019-6110

CVE-2019-6110 (OpenSSH SCP client) affects OpenSSH 7.9. The vulnerability arises from accepting and displaying arbitrary stderr output from the SCP server, allowing a malicious server or MITM to spoof SCP client output and potentially mask or override transferred files. Connected advisories confi...

6.8CVSS6.2AI score0.20906EPSS
In wildExploits8References7Affected Software2
CVE
CVE
added 2024/04/17 10:27 a.m.5545 views

CVE-2024-26876

The CVE-2024-26876 entry concerns the Linux kernel, specifically the DRM bridge adv7511. The vulnerability stems from a crash that could occur if an IRQ is pending during adv7511_probe before adv7511_cec_init, causing cec_received_msg_ts to access uninitialized data and trigger a kernel Oops. The...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/16 12:0 a.m.5518 views

CVE-2023-45918

CVE-2023-45918 is a rejected CVE entry. The Initial Description states it was withdrawn by the CNA and not a security issue; the Connected Documents reflect this with a matching entry noting the withdrawal and lack of public details. There are no active technical details, affected products, explo...

6.7AI score
Exploits0
CVE
CVE
added 2024/10/16 8:25 a.m.5517 views

CVE-2023-32188

CVE-2023-32188 affects NeuVector. The issue arises from the ability to reverse‑engineer the JWT token used for Manager/API authentication, forging a valid token that can lead to remote code execution. This is described with a CVSS 4.0 base score of 9.4 (CRITICAL) and a network attack vector with ...

9.4CVSS6.6AI score0.00461EPSS
Exploits0References2
CVE
CVE
added 2024/05/01 5:18 a.m.5512 views

CVE-2024-26954

CVE-2024-26954 (Linux kernel) is tied to a slab-out-of-bounds read in ksmbd during smb2_create_req processing. The issue arises when smb2_create_req’s NameOffset is smaller than its Buffer offset, allowing slab-out-of-bounds reads from smb2_open. The patch fixes this by enforcing a minimum value ...

7.1CVSS6.7AI score0.0025EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.5507 views

CVE-2024-27079

CVE-2024-27079 affects the Linux kernel IAMMU VT-d code. Systems with kdump/crash kernel may crash due to NULL domain on device release in deferred_attach mode, triggering a NULL pointer dereference during device removal. The mitigated path uses the release_domain mechanism to clear the scalable ...

5.5CVSS6.5AI score0.00242EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/12 4:5 p.m.5502 views

CVE-2024-0421

The CVE-2024-0421 entry concerns the WordPress MapPress Maps plugin prior to 2.88.16, where an IDOR allows unauthenticated users to read private and draft posts via an AJAX action that should only expose public maps. Multiple connected sources confirm the flaw and its public-facing impact, includ...

5.3CVSS6.5AI score0.00568EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/29 5:43 a.m.5493 views

CVE-2023-52480

CVE-2023-52480 affects ksmbd (SMB3 server) in the Linux kernel. The vulnerability is a race condition between ksmbd_session_lookup and ksmbd_expire_session that could lead to a use-after-free, resolved by patching with a rwsem to synchronize session lookup and expiration. The description in conne...

7CVSS6.3AI score0.0018EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5487 views

CVE-2021-47031

CVE-2021-47031: Linux kernel mt76 mt7921 memory-leak in mt7921_coredump_work fixed. Affected component/file: kernel code path handling mt7921 coredump; root cause was a memory leak in mt7921_coredump_work. Remediation: upstream patch fixes the leak (see stable kernel references). CVSSv3.1; Base s...

4.3CVSS4.4AI score0.00614EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/04/01 7:22 p.m.5481 views

CVE-2020-1934

CVE-2020-1934 affects Apache HTTP Server 2.4.0–2.4.41 via mod_proxy_ftp, which may use uninitialized memory when proxying to a malicious FTP backend. Public advisories confirm the fixes in Apache HTTP Server 2.4.43+ (e.g., ALAS-2020-1370/ALAS2-2020-1427), so upgrading to 2.4.43 or newer is the re...

5.3CVSS6AI score0.51951EPSS
In wildExploits0References23Affected Software1
CVE
CVE
added 2024/05/27 6:0 a.m.5480 views

CVE-2024-4535

CVE-2024-4535 : The WordPress plugin KKProgressbar2 Free (versions

8.8CVSS6.7AI score0.00324EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5474 views

CVE-2021-47047

CVE-2021-47047 concerns the Linux kernel SPI ZynqMP GQSPI driver. The root cause was that dma_map_single failures could lead to using an unmapped address, triggering a crash when reading large flash blocks. The fix adjusts the SPI controller to support a 44-bit DMA address width and to return imm...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/29 5:43 a.m.5468 views

CVE-2023-52476

CVE-2023-52476 refers to a Linux kernel vulnerability in the perf/x86/lbr path where a panic can occur if a vsyscall is made while LBR sampling is active. The issue arises when a vsyscall interrupt (NMI) leads to a decode path that dereferences next_byte pointing to the vsyscall address (e.g., ge...

5.5CVSS6AI score0.00228EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/03/01 9:15 p.m.5466 views

CVE-2021-47069

CVE-2021-47069 is a Linux kernel race in IPC paths: do_mq_timedreceive may call wq_sleep with a stack-allocated ewq_addr that can be overwritten, leading to a later access by do_mq_timedsend and a crash. The root cause is a race between the receiver’s stack address and the sender’s use of that ad...

7CVSS6.3AI score0.00258EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/27 6:46 p.m.5459 views

CVE-2021-46957

CVE-2021-46957 (Linux kernel, RISCV): The vulnerability arises when a kprobe is placed on sys_read; the first instruction is replaced with an ebreak, leading to a trap/SS single-step flow, an instruction page fault, and a subsequent path that can trigger a BUG_ON in fs/buffer.c:1251 via __find_ge...

5.5CVSS5.3AI score0.00208EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5447 views

CVE-2021-47027

CVE-2021-47027 concerns the Linux kernel mt7921e/mt76 PCI path where firmware download failure can trigger a kernel panic due to a PCI MSI handling bug. The crash trace points to free_msi_irqs (pci_disable_msi) during mt7921_pci_probe, resulting in a fatal exception and system halt. Public detail...

5.5CVSS6.5AI score0.00246EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/07/16 8:3 a.m.5442 views

CVE-2024-41008

CVE-2024-41008 : In the Linux kernel, the vm->task_info handling for drm/amdgpu was reworked. task_info is now dynamically allocated and reference counted, with two new helpers amdgpu_vm_get_task_info and amdgpu_vm_put_task_info; the lifecycle ends with the last put freeing task_info from the ...

5.5CVSS6.5AI score0.0018EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.5428 views

CVE-2024-26971

Technical details of CVE-2024-26971 are not publicly provided in the supplied documents. Monitor for updates.

5.5CVSS6.7AI score0.00222EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5426 views

CVE-2021-47015

CVE-2021-47015 affects the Linux kernel bnxt_en driver. The root cause is incorrect RX consumer index handling in bnxt_rx_pkt(): the driver passed the previous index (raw_cons) to bnxt_discard_rx() instead of the current index (tmp_raw_cons), causing potential out-of-order RX buffer completion an...

5.5CVSS6.3AI score0.0025EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/02/11 12:0 a.m.5420 views

CVE-2024-57000

CVE-2024-57000 is a duplicate of CVE-2023-48022. The connected records tie CVE-2023-48022 to a Ray remote code execution issue via the agent/job submission endpoint (affecting Ray v2.9.3–2.40.0; exploitation is demonstrated by a Metasploit module), with references from Nessus (Ray Dashboard Job R...

9.6AI score
Exploits5
CVE
CVE
added 2024/05/28 3:40 p.m.5420 views

CVE-2024-35621

Formwork CVE-2024-35621 is an XSS in the Edit function prior to 1.13.0, exploitable via a crafted payload in the Content field. Root cause: insufficient sanitization of markdown fields, enabling [removed] tags to reach public pages through editor content. Affected: Formwork before 1.13.0. Impact:...

4.8CVSS5.9AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2024/03/06 6:45 a.m.5406 views

CVE-2024-26625

The CVE-2024-26625 entry concerns a Linux kernel issue in the LLC path where a stale sk->sk_wq pointer could remain after releasing an LLC socket. The trace indicates a use-after-free path triggered by sock_wfree and related sk_buff paths. The fix involves a commit that clears sock->sk afte...

7.8CVSS5.8AI score0.00249EPSS
Exploits0References10Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.5392 views

CVE-2022-38322

Temenos Transact (formerly T24) is affected by multiple reflected XSS vulnerabilities in the helprequest.jsp component. The Nuclei template documents an exploit vector using a crafted URL parameter: GET /jsps/helprequest.jsp?url=%27)%22+onerror=%22confirm(%27document.domain%27)%22. Impact: attack...

7AI score
Exploits0
CVE
CVE
added 2023/09/25 7:17 p.m.5388 views

CVE-2022-4137

CVE-2022-4137 is a reflected XSS in Keycloak’s oob OAuth endpoint caused by incorrect null-byte handling. A malicious link can insert an arbitrary URI into a Keycloak error page, and exploitation requires user interaction, potentially compromising user details. Connected sources identify this vul...

8.1CVSS6.2AI score0.01149EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/03/01 9:15 p.m.5375 views

CVE-2021-47072

CVE-2021-47072 (Linux kernel, btrfs) : The vulnerability concerns the btrfs filesystem where, after moving an inode between directories and logging both old and new dentries, a power-failure can leave the old dentry present when only the new one should exist. The bug occurs because the old parent...

5.5CVSS6.5AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5357 views

CVE-2021-47043

CVE-2021-47043 affects the Linux kernel media: venus: core subsystem. The issue is a resource leak in the error path of venus_probe(): if an error occurs after a successful of_icc_get() call, the operation must be undone. The mitigation is to replace of_icc_get() with devm_of_icc_get(), update th...

5.5CVSS6.4AI score0.00239EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5345 views

CVE-2021-47037

CVE-2021-47037 affects the Linux kernel's ASoC q6afe-clocks driver. The issue arises because the driver could be reprobed (e.g., APR services restart after firmware crash) and would oops since hw.init is cleared during the first probe. The vulnerability has been mitigated by rewriting the driver ...

5.5CVSS6.6AI score0.00239EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2017/05/30 6:0 p.m.5344 views

CVE-2017-7494

CVE-2017-7494 affects Samba 3.5.0 and later, with vulnerable ranges ending before 4.6.4, and also before 4.5.10 and 4.4.14 in some branches. The flaw enables a malicious client with write access to a writable Samba share to upload a shared library and trigger the server to load and execute it, ac...

10CVSS10AI score0.99448EPSS
In wildExploits24References17Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.5343 views

CVE-2021-47019

The CVE-2021-47019 entry concerns the Linux kernel mt76/mt7921 path, where a race could lead to invalid register access after suspend when the PCIe host controller is suspended. Public details describe a fix that disables interrupts and synchronizes pending IRQ handlers to ensure the irq tasklet ...

5.5CVSS6.6AI score0.00205EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/07 6:0 a.m.5316 views

CVE-2024-3628

The connected Patchstack entry for EasyEvent indicates a Stored XSS vulnerability in EasyEvent WordPress plugin versions

3.8CVSS5.9AI score0.00435EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2019/08/13 8:50 p.m.5311 views

CVE-2019-9517

CVE-2019-9517 describes an attack against some HTTP/2 implementations where unconstrained internal data buffering can cause a denial of service. The vulnerability arises when an attacker floods a connection with a large number of requests for a large response object while manipulating HTTP/2 flow...

7.8CVSS7.7AI score0.27004EPSS
Exploits0References47Affected Software1
CVE
CVE
added 2023/10/10 12:0 a.m.5290 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildExploits19References173Affected Software1
Total number of security vulnerabilities5000