Lucene search
K
CveMost viewed

368278 matches found

CVE
CVE
added 2024/02/22 2:56 p.m.4541 views

CVE-2024-26283

CVE-2024-26283 affects Firefox for iOS prior to version 123. The issue arises when opening an external URL with a custom Firefox scheme, allowing a JavaScript URI to execute unauthorized scripts on top-origin sites (cross-site scripting). Impact is described as potential unauthorized script execu...

7.8CVSS6AI score0.00278EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.4539 views

CVE-2024-0038

Summary of CVE-2024-0038: The issue lies in Android’s AccessibilityManagerService.java within the function injectInputEventToInputFilter, where a missing permission check enables arbitrary input event injection. This can lead to local escalation of privilege without additional execution privilege...

8.4CVSS7.3AI score0.00133EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.4533 views

CVE-2023-42860

CVE-2023-42860 is a local-permissions issue in macOS: a flaw may allow an app to modify protected parts of the file system. The advisory confirms fixes in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The Red Hat entry reiterates the same remediation window. The commonly cit...

7.7CVSS6.7AI score0.00488EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4527 views

CVE-2021-46995

CVE-2021-46995 affects the Linux kernel can: mcp251xfd driver. Root cause: in mcp251xfd_probe, converting to dev_err_probe() accidentally removed a return, causing an OOPs when devm_clk_get() fails and clk_get_rate() is called on the next line. Impact: local attacker requires privileges (per CVSS...

5.5CVSS6.6AI score0.00205EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/05 10:45 p.m.4522 views

CVE-2024-52798

CVE-2024-52798 concerns the path-to-regexp library. The DoS arises when path-to-regexp outputs regex patterns that backtrack, enabling high CPU/blocked event loop in vulnerable inputs. Public sources reference the 0.1.x line as the origin and recommend upgrading specifically to 0.1.12; later advi...

8.7CVSS6.3AI score0.00792EPSS
Exploits0References3
CVE
CVE
added 2024/02/22 12:0 a.m.4521 views

CVE-2024-25851

Netis WF2780 (v2.1.40144) is affected by a command injection vulnerability in cgitest.cgi, exploitable via the config_sequence parameter in other_para. Root cause is not expanded beyond the parameter path in the sources; no exploit specifics or patch/version fix details are provided in the connec...

8CVSS7.8AI score0.01936EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.4521 views

CVE-2024-0036

CVE-2024-0036 describes a logic error in startNextMatchingActivity within Android’s ActivityTaskManagerService.java that could bypass restrictions on starting activities from the background, enabling local privilege escalation without extra execution privileges and without user interaction. The v...

7.8CVSS7AI score0.00115EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/11/07 2:0 p.m.4518 views

CVE-2018-16845

The CVE-2018-16845 issue affects nginx builds that include the ngx_http_mp4_module and the mp4 directive. Vulnerable are nginx versions earlier than 1.15.6 and 1.14.1 (when built with the module). The vulnerability arises from processing a specially crafted MP4 file, which could cause an infinite...

8.2CVSS6.4AI score0.09801EPSS
Exploits1References14Affected Software1
CVE
CVE
added 2024/02/15 10:31 p.m.4505 views

CVE-2023-40109

CVE-2023-40109 affects the Android USB configuration path: createFromParcel in UsbConfiguration.java. The issue enables a background activity launch via a permissions bypass, causing local privilege escalation with no extra execution privileges, requiring user interaction for exploitation. Report...

7.8CVSS7AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.4504 views

CVE-2023-42942

CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....

7.8CVSS7AI score0.00387EPSS
Exploits0References9Affected Software6
CVE
CVE
added 2024/02/23 12:0 a.m.4503 views

CVE-2024-25469

CVE-2024-25469 affects CRMEB crmeb_java prior to and including v1.3.4. The vulnerability is a SQL Injection in the api/front/store/list component, exploitable via the latitude and longitude parameters. Impact per sources: potential exposure of sensitive information. Exploitation details are not d...

7.5CVSS7.4AI score0.00786EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.4501 views

CVE-2021-46991

CVE-2021-46991 is a Linux kernel use-after-free in the i40e driver, where pf->cinst->lan_info is accessed after pf->cinst is freed during i40e_client_del_instance. The vulnerability arises because the code frees the object and then continues to access a member of it, leading to a potenti...

7.8CVSS6.3AI score0.00239EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/20 1:21 p.m.4489 views

CVE-2024-1554

The CVE-2024-1554 issue affects Mozilla Firefox (and related builds) where the fetch() API and navigation shared the same cache because the cache key did not include optional request headers. Under certain conditions an attacker could prime the browser cache with a fetch() response controlled by ...

9.8CVSS5.5AI score0.00382EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/21 6:42 a.m.4484 views

CVE-2023-42848

CVE-2023-42848 affects Apple media/image processing components across multiple platforms. The issue causes heap corruption when processing a maliciously crafted image, addressed by updated bounds checks and fixes in: watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and 17.1, and iPadOS 16.7...

7.8CVSS6.9AI score0.00209EPSS
Exploits0References9Affected Software5
CVE
CVE
added 2019/06/11 8:49 p.m.4482 views

CVE-2019-0220

CVE-2019-0220 affects Apache HTTP Server 2.4.0–2.4.38. The issue arises when the path component of a request URL contains multiple consecutive slashes; directives like LocationMatch and RewriteRule must account for duplicates in regular expressions because the server may collapse or mishandle the...

5.3CVSS6.4AI score0.1786EPSS
Exploits0References40Affected Software1
CVE
CVE
added 2024/07/09 12:2 p.m.4477 views

CVE-2024-3596

Summary: CVE-2024-3596 is a forgery vulnerability in RADIUS (RFC 2865) where a local attacker can modify a valid RADIUS response to another response using a chosen-prefix collision against MD5. The vulnerability is associated with FreeRADIUS and is covered in multiple advisories (ALAS/ALSA) confi...

9CVSS6.4AI score0.14859EPSS
Exploits2References13Affected Software1
CVE
CVE
added 2024/05/09 4:37 p.m.4465 views

CVE-2024-27396

CVE-2024-27396 affects the Linux kernel net/gtp code: a Use-After-Free in gtp_dellink during RCU traversal (hlist_for_each_entry_rcu) because the traversal isn’t inside the RCU read critical section. The fix replaces the traversal with hlist_for_each_entry_safe to ensure the key isn’t freed durin...

7.8CVSS6.5AI score0.00244EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/02/18 6:6 a.m.4443 views

CVE-2023-52376

Technical details about CVE-2023-52376 are not publicly provided in the supplied connected documents. Monitor for updates from vendors and security trackers for affected products, scope, and remediation.

7.5CVSS6.7AI score0.00337EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/18 3:27 a.m.4434 views

CVE-2023-52366

CVE-2023-52366 describes an out-of-bounds read vulnerability in the smart activity recognition module, potentially causing features to behave abnormally. Public details come from multiple sources (NVD, Red Hat, CVE records, CNNVD) and indicate the issue affects Huawei/EMUI-type Android-based envi...

7.5CVSS6.6AI score0.00379EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2020/01/09 8:5 p.m.4429 views

CVE-2019-20372

NGINX (on Amazon Linux 2) is affected by CVE-2019-20372 when configured with certain error_page settings, enabling HTTP request smuggling. The Amazon Linux 2 ALAS advisory ALAS2NGINX1-2023-004 confirms vulnerable 1.17.x/older configurations and provides patched packages: nginx 1.18.0 and related ...

5.3CVSS5.2AI score0.14961EPSS
Exploits3References11Affected Software1
CVE
CVE
added 2024/03/15 10:26 a.m.4415 views

CVE-2024-23944

CVE-2024-23944 is a ZooKeeper information-disclosure vulnerability involving persistent watchers. The issue arises when a watcher attached to a parent znode to which the attacker already has access is triggered; the server does not perform an ACL check at watch-trigger time, exposing the full pat...

5.3CVSS6AI score0.00246EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/19 8:35 a.m.4400 views

CVE-2024-35915

The CVE-2024-35915 issue affects the Linux kernel NFC stack (nfc: nci) where nci_rx_work() could read uninitialized payload when a received packet had a zero-length payload. The root cause is an uninit-value access in the handling of certain message types, reported by syzbot. The fix, as describe...

5.5CVSS6.7AI score0.00221EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.4400 views

CVE-2024-26892

Technical details about CVE-2024-26892 are not provided in the given documents. Public information appears limited here; no vendor/product/fix specifics are available. Monitor vendor advisories for updates and patch status.

7.8CVSS6.6AI score0.0023EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.4400 views

CVE-2024-0033

CVE-2024-0033 concerns Android’s ashmem-dev.cpp, where a heap buffer overflow may cause a missing seal. The effect is local elevation of privilege with no extra user interaction required, per the documents. The available sources consistently describe the issue’s presence in ashmem-dev.cpp and its...

8.4CVSS7.2AI score0.0016EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/12/11 3:35 p.m.4397 views

CVE-2024-53677

CVE-2024-53677 affects Apache Struts 2 (from 2.0.0 up to, but not including, 6.4.0). The root cause is flawed file upload logic that can be manipulated to enable path traversal, potentially allowing a malicious file upload and, under certain conditions, remote code execution (RCE). Public PoCs an...

9.8CVSS6.5AI score0.78198EPSS
Exploits15References2Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.4374 views

CVE-2024-25081

FontForge (fontforge) is affected by CVE-2024-25081: command injection via crafted filenames in Splinefont up to version 20230101. Connected advisories confirm the issue also for crafted archives/compressed files (CVE-2024-25082) and indicate patches released in multiple distributions (e.g., Debi...

4.2CVSS8.7AI score0.01082EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.4367 views

CVE-2023-42945

CVE-2023-42945 describes a permissions issue in macOS Sonoma that may allow an app to gain unauthorized access to Bluetooth. Connected sources consistently attribute this to a permissions-related vulnerability and confirm that it is fixed in macOS Sonoma 14.1. The Apple advisory HT213984/HT201222...

9.1CVSS7.5AI score0.00299EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/03/20 10:11 a.m.4353 views

CVE-2024-4990

CVE-2024-4990 (Yii2

9.1CVSS8.1AI score0.7939EPSS
In wildExploits1References1Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.4349 views

CVE-2024-25247

Niushop B2B2C V5 is affected by a SQL injection in the /app/api/controller/Store.php endpoint. The vulnerability stems from unsanitized latitude/longitude inputs, enabling attackers to execute arbitrary SQL commands. Impact is high on confidentiality, integrity, and availability as per CVSS metri...

9.8CVSS8.2AI score0.00628EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/08/17 7:13 p.m.4314 views

CVE-2020-1472

CVE-2020-1472 (Zerologon) is referenced in connected records as affecting Samba packages. Two advisories note affected versions and fixes: CVE-2020-1472 in Samba for versions < 4.18.3-1 (CBLMARINER:36991) and

10CVSS7.8AI score0.99512EPSS
In wildExploits75References18Affected Software8
CVE
CVE
added 2024/04/17 10:27 a.m.4302 views

CVE-2024-26865

CVE-2024-26865 involves a use-after-free in the Linux kernel’s RDS TCP path (reqsk_timer_handler) that can occur when a per-netns listener is created, a reqsk is formed, the process exits, and the netns is dismantled before the timer expires. The issue is fixed by a patch (commit 740ea3c4a0b2) wh...

7.8CVSS6.4AI score0.0023EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2006/09/27 11:0 p.m.4298 views

CVE-2006-5051

CVE-2006-5051 describes a signal-handler race in OpenSSH before 4.4. The race can cause unsafe handling of signals, potentially crashing the daemon and, if triggered under certain conditions (e.g., with GSSAPI enabled), may lead to arbitrary code execution. The root cause is a race condition that...

9.3CVSS8.4AI score0.44963EPSS
Exploits7References58Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.4295 views

CVE-2024-24401

CVE-2024-24401 affects Nagios XI version 2024R1.01 and is described in connected exploits as an authenticated SQL Injection targeting the monitoringwizard.php endpoint (Nagios XI

9.8CVSS8.4AI score0.45884EPSS
Exploits5References1Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.4287 views

CVE-2023-7203

The Smart Forms WordPress plugin (versions prior to 2.6.87) suffers Broken Access Control via insufficient authorization on AJAX actions and missing CSRF checks, allowing a low-privilege role (subscriber) to trigger administrative actions such as deleting entries. Exploitation details appear in p...

6.1CVSS6.1AI score0.00217EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/06/11 4:59 p.m.4285 views

CVE-2024-30078

Technical details about CVE-2024-30078 are not publicly available in the provided documents. No specifics on affected driver, root cause, or remediation are present; monitor for updates from vendor/security advisories.

8.8CVSS9.4AI score0.05158EPSS
Exploits0References3Affected Software14
CVE
CVE
added 2024/02/20 11:8 a.m.4282 views

CVE-2023-7245

OpenVPN Connect contains a local arbitrary-code execution vulnerability (CVE-2023-7245) in the nodejs/Electron runtime context. Affected: OpenVPN Connect 3.0–3.4.3 on Windows and 3.0–3.4.7 on macOS. Root cause: improper configuration of the nodejs environment, enabling ELECTRON_RUN_AS_NODE to exe...

7.8CVSS7.4AI score0.00316EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 1:21 p.m.4278 views

CVE-2024-1557

CVE-2024-1557 affects Mozilla Firefox (and related builds) due to memory safety bugs in Firefox 122 that could lead to memory corruption and, with enough effort, arbitrary code execution. Impact is described for Firefox versions older than 123. Public disclosures in multiple advisories (e.g., GLS...

8.1CVSS7AI score0.00558EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 8:30 p.m.4276 views

CVE-2024-25141

The CVE-2024-25141 issue concerns Apache Airflow Mongo Hook/Provider components where, when SSL is enabled, the default setting allow_insecure caused certificates not to be validated. This undermines TLS trust and can enable man-in-the-middle scenarios. Affected components are described across mu...

9.1CVSS9.3AI score0.0062EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.4275 views

CVE-2024-25366

CVE-2024-25366 affects mz-automation.de libiec61859 v1.4.0. A buffer overflow in the mmsServer_handleGetNameListRequest function of the mms_getnamelist_service can allow a remote attacker to cause a denial of service. Documents consistently name the component and function involved; impact is deni...

6.2CVSS6.8AI score0.00873EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.4271 views

CVE-2024-25196

Open Robotics ROS 2 and Nav2 humble contain a buffer overflow in the nav2_controller process, triggerable by a crafted YAML file. Affected components: ROS 2, Nav2 (humble); root cause: uncontrolled memory handling in nav2_controller. Impact per sources: potential crash/denial by exploitation of Y...

3.3CVSS7.6AI score0.00285EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/10/21 7:58 p.m.4266 views

CVE-2020-24422

Adobe Creative Cloud Desktop Application (Windows) 5.2 and earlier, and 2.1 and earlier, is affected by an uncontrolled search path vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. A patch is avail...

7.8CVSS7.5AI score0.02951EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/04/07 12:0 a.m.4266 views

CVE-2014-0160

CVE-2014-0160 (Heartbleed) is an information-disclosure vulnerability in OpenSSL’s TLS/DTLS heartbeat implementation. Affected: OpenSSL 1.0.1 before 1.0.1g. Root cause: improper handling of the Heartbeat extension (d1_both.c, t1_lib.c) leading to a buffer over-read, enabling an attacker to read m...

7.5CVSS7.5AI score0.99999EPSS
In wildExploits87References129Affected Software1
CVE
CVE
added 2024/12/02 5:10 p.m.4258 views

CVE-2024-53990

The CVE-2024-53990 issue affects the AsyncHttpClient (AHC) library where an auto-enabled CookieStore silently replaces cookies with the same name from the cookie jar. This can cause cookies from one user to be used in another user’s requests, creating potential unauthorized data exposure in multi...

9.2CVSS6.7AI score0.00587EPSS
Exploits0References4
CVE
CVE
added 2024/02/26 12:0 a.m.4255 views

CVE-2024-25751

The CVE-2024-25751 entry affects the Tenda AC9 router (v3.0) with firmware v15.03.06.42_multi. It is a Stack-Based Buffer Overflow in the fromSetSysTime function that enables a remote attacker to execute arbitrary code. The threat is described as remote code execution with a high impact; the CVSS...

9.8CVSS7.9AI score0.00983EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.4250 views

CVE-2024-25288

SLiMS 9 Bulian v9.6.1 is vulnerable to SQL Injection in the pop-scope-vocabolary.php script. Root cause: unsafe SQL construction in that file. Impact: confidentiality of data could be exposed (C:H) with network exposure (AV:N, UI:N; PR:H). No exploit status or patch details are provided in the co...

4.9CVSS8AI score0.00549EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/11/27 3:50 a.m.4245 views

CVE-2024-5921

CVE-2024-5921 : Palo Alto Networks GlobalProtect app suffers from insufficient certificate validation, allowing the client to connect to arbitrary servers. This can enable a local non-admin user or an attacker on the same subnet to install malicious root certificates and subsequently execute malw...

8.8CVSS9AI score0.01454EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2024/12/19 3:14 p.m.4241 views

CVE-2024-12798

CVE-2024-12798 corresponds to an ACE vulnerability in JaninoEventEvaluator via QOS.CH logback-core, affecting Java applications that rely on logback-core configurations. The connected IBM Security Bulletin pages enumerate the CVE under IBM API Connect context and explicitly list CVE-2024-12798 am...

5.9CVSS7.1AI score0.00404EPSS
Exploits0References2
CVE
CVE
added 1976/01/01 12:0 a.m.4241 views

CVE-2021-0937

CVE-2021-0937 entry is rejected/not used per the Initial Description.

8.3AI score
Exploits0
CVE
CVE
added 2020/02/24 9:19 p.m.4239 views

CVE-2020-1938

CVE-2020-1938 (Tomcat AJP vulnerability) : The issue affects Apache Tomcat where the AJP Connector, enabled by default in several legacy releases, could be reached through untrusted networks. An attacker could exploit the configured AJP path to read arbitrary files in the web application and pote...

9.8CVSS9.9AI score0.9927EPSS
In wildExploits45References52Affected Software2
CVE
CVE
added 2024/05/01 5:18 a.m.4230 views

CVE-2024-26944

CVE-2024-26944 affects the Linux kernel, specifically a use-after-free in btrfs when handling device replacements during zone finish. The issue is a use-after-free in do_zone_finish() caused by dereferencing a freed btrfs_device in the mapping during the dev_replace workflow (btrfs_dev_replace_st...

7.8CVSS6.3AI score0.00227EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000