Lucene search
K
CveMost viewed

368426 matches found

CVE
CVE
added 2024/02/15 10:31 p.m.4227 views

CVE-2023-40115

The CVE-2023-40115 issue is in readLogs of StatsService.cpp, causing memory corruption via a use-after-free and enabling local privilege escalation with no extra user interaction. Multiple sources (NVD/Red Hat/OSV/PRION, etc.) confirm the vulnerability. Affected component is part of Android’s Sta...

9.8CVSS7.2AI score0.00217EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.4226 views

CVE-2024-26455

Converging evidence from multiple sources confirms CVE-2024-26455 affects fluent-bit 2.2.2, with a Use-After-Free in /fluent-bit/plugins/custom_calyptia/calyptia.c. The underlying issue is a post-release Use-After-Free vulnerability in that file, leading to an impact on availability (CVSS v3.1: H...

7.5CVSS6.7AI score0.00713EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.4219 views

CVE-2024-25398

CVE-2024-25398 affects Srelay (the SOCKS proxy and Relay) v0.4.8p3. The provided documents describe a vulnerability where a specially crafted network payload can trigger a denial of service and disrupt the service. The exact root cause, exploitation details, affected components beyond the main bi...

7.5CVSS6.7AI score0.00746EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/23 12:0 a.m.4213 views

CVE-2024-24310

In PrestaShop, the Ether Creation module “Generate barcode on invoice / delivery slip” (ecgeneratebarcode) is vulnerable in versions

8.8CVSS7.8AI score0.00499EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 5:17 a.m.4211 views

CVE-2024-26941

CVE-2024-26941 affects the Linux kernel DRM subsystem, specifically the DP DisplayPort driver. Description from the provided documents shows a divide-by-zero regression when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub while using the nouveau driver. The regression occurs in the drm_d...

5.5CVSS6.8AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/04 3:20 p.m.4210 views

CVE-2024-54134

CVE-2024-54134 affects the Solana JavaScript library solana/web3.js, specifically versions 1.95.6 and 1.95.7. A publish-access account was compromised, enabling attackers to publish unauthorized malicious packages that could exfiltrate private key material and drain funds from dapps that handle p...

8.3CVSS6.5AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2018/01/21 10:0 p.m.4209 views

CVE-2016-10708

OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...

7.5CVSS5.9AI score0.15716EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4195 views

CVE-2024-26491

CVE-2024-26491 affects flusity-CMS v2.33, specifically the Addon JD Flusity 'Media Gallery with description' module. The vulnerability is cross-site scripting (XSS) where a crafted payload injected into the Gallery name text field can lead to execution of arbitrary web scripts or HTML. The connec...

6.1CVSS5.7AI score0.00436EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.4193 views

CVE-2023-49959

Summary of CVE-2023-49959 : A command injection in the firmware’s gedtupdater service affects Indo-Sol PROFINET-INspektor NT up to version 2.4.0. An attacker can send a crafted filename in a POST to the path /api/updater/ctrl/start_update to execute arbitrary commands with root privileges. Exploi...

9.8CVSS8.4AI score0.01379EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/11/13 5:0 a.m.4190 views

CVE-2024-21540

CVE-2024-21540: Directory Traversal in the retrieveSourceMap function of the source-map-support package. Affected IBM products (as per IBM security bulletins) include Instana/Process Mining and IBM Event Processing components, with multiple builds affected. Root cause: improper handling of pathna...

7.5AI score
Exploits0
CVE
CVE
added 2024/02/22 12:0 a.m.4190 views

CVE-2024-26481

CVE-2024-26481 concerns Kirby CMS v4.1.0, where a reflected self‑XSS vulnerability exists via the URL parameter. Multiple sources describe that Kirby copied the entered URL into the link target in the Panel without validating or sanitizing, enabling a malicious javascript: URL to execute in a use...

4.7CVSS7.1AI score0.00405EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.4189 views

CVE-2023-7167

CVE-2023-7167 affects the Persian Fonts WordPress plugin (versions

6.1CVSS5.7AI score0.00396EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4186 views

CVE-2024-25385

CVE-2024-25385 affects flvmeta v1.2.2, where a local attacker can cause a denial of service via the function flv_close in flvmeta/src/flv.c:375:21. The issue is confirmed across multiple sources (NVD, Red Hat, Ubuntu, OSV, CVE registries). Practical impact is local, with availability disruption; ...

6.2CVSS6.4AI score0.00242EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.4179 views

CVE-2024-27507

Summary of CVE-2024-27507 : A memory leak vulnerability in libLAS 1.8.1 affecting the component/file /libLAS/apps/ts2las.cpp. The issue is linked to the package libLAS 1.8.1 (LiDAR LAS format library). Fedora advisories indicate that updating to the git commit f1da555 (liblas-1.8.2-0.12.gitf1da55...

7.5CVSS6.3AI score0.01158EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4153 views

CVE-2024-22547

CVE-2024-22547 affects WayOS IBR-7150 firmware prior to version 17.06.23. The vulnerability is Cross Site Scripting (XSS). Based on the connected sources, the affected product is WayOS IBR-7150 and versions earlier than 17.06.23 are implicated; no explicit root-cause details are provided beyond t...

4.7CVSS6.3AI score0.00373EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/22 9:40 a.m.4149 views

CVE-2023-29181

CVE-2023-29181 is a vulnerability caused by a use of an externally-controlled format string (CWE-134) in Fortinet products, including FortiOS, FortiProxy, and FortiPAM, across multiple versions (FortiOS 7.x/6.x, FortiProxy, FortiPAM) that allows a remote attacker to execute arbitrary code or comm...

8.8CVSS8.8AI score0.00724EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/06 4:14 p.m.4145 views

CVE-2024-54143

CVE-2024-54143 affects OpenWrt ASU (image-on-demand server). The build request hash truncates SHA-256 to 12 characters, lowering entropy and enabling potential hash collisions. An attacker could poison the artifact cache by serving a previously built malicious image, possibly combined with a comm...

9.3CVSS7.3AI score0.01867EPSS
Exploits0References2
CVE
CVE
added 2024/02/23 12:0 a.m.4142 views

CVE-2024-22776

Wallos 0.9 is affected by a Cross Site Scripting (XSS) vulnerability in all text-based input fields, due to insufficient input validation (fields excluding those with specific formats like dates). The vulnerability is reported across multiple sources (NVD/Red Hat/CVE records and third-party catal...

4.7CVSS5.9AI score0.00474EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.4138 views

CVE-2024-25166

CVE-2024-25166 affects 71CMS v1.0.0. A Cross Site Scripting flaw allows a remote attacker to execute arbitrary code via the uploadfile action parameter in controller.php. The Red Hat/NVD/CVE reports and related vendors confirm the vulnerability; no official patch/version is provided in the suppli...

6.1CVSS7.2AI score0.00549EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 5:27 a.m.4136 views

CVE-2024-26988

CVE-2024-26988 concerns the Linux kernel where a memory overflow could occur in init/main.c during static_command_line construction. The bug stemmed from allocating xlen + strlen(boot_command_line) + 1 bytes for static_command_line but then copying extra_command_line and command_line into it, ins...

7.8CVSS6.4AI score0.00272EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4134 views

CVE-2024-26445

CVE-2024-26445 concerns flusity-CMS v2.33, where a Cross-Site Request Forgery (CSRF) vulnerability is exposed via the component /core/tools/delete_place.php. Multiple connected sources (Red Hat, NVD, OSV, CVE lists) corroborate that the issue involves CSRF in the affected application path, with t...

6.1CVSS7.4AI score0.0022EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/27 9:9 a.m.4131 views

CVE-2023-51518

CVE-2023-51518 affects Apache James before 3.7.5 and 3.8.0, exposing a JMX endpoint on localhost that is vulnerable to pre-authentication deserialization. An attacker could leverage a deserialization gadget to achieve privilege escalation as part of an exploit chain; the endpoint is local by defa...

9.8CVSS9.5AI score0.01189EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/16 7:33 p.m.4126 views

CVE-2024-0020

CVE-2024-0020 affects the Android platform component NotificationSoundPreference.java. The flaw arises in onActivityResult, enabling a confused deputy to disclose audio files belonging to another user on the same device. Exploitation is local, requires no user interaction, and can lead to local i...

5.5CVSS6.1AI score0.00107EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/16 8:2 p.m.4121 views

CVE-2024-55949

MinIO is affected by a privilege-escalation flaw in the IAM import API. The issue impacts all users since the commit 580d9db85e04f1b63cc2909af50f0ed08afa965f, with a fix introduced in commit f246c9053f9603e610d98439799bdd2a6b293427 and released in RELEASE.2024-12-13T22-19-12Z. There are no workar...

9.3CVSS6.7AI score0.00702EPSS
Exploits0References4
CVE
CVE
added 2024/02/27 12:0 a.m.4120 views

CVE-2024-25840

CVE-2024-25840 affects the PrestaShop module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) for Prestashop, with versions up to 9.0. A path traversal flaw allows a guest to download personal information without restriction, exposing confidentiality. The root cause a...

7.5CVSS6.5AI score0.00582EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/07/04 8:36 a.m.4114 views

CVE-2024-39884

CVE-2024-39884 affects Apache HTTP Server (notably 2.4.60 and older) where legacy content-type based configuration (e.g., AddType) could cause source code disclosure for indirectly requested files, potentially exposing local content (e.g., PHP scripts being served). Affected vendors consistently ...

6.2CVSS7.4AI score0.00889EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4108 views

CVE-2024-25874

CVE-2024-25874 is an XSS in Enhavo CMS v0.13.1, exposed in the New/Edit Article module via the Create Tag field. The vulnerability allows execution of arbitrary scripts/HTML when a crafted payload is injected into that field. Public details confirm the affected software/component and impact, but ...

5.4CVSS5.6AI score0.00397EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/11/29 12:0 a.m.4104 views

CVE-2024-36610

CVE-2024-36610 is associated with Symfony’s VarDumper deserialization issue in the Stub class, reportedly allowing crafted serialized data to trigger code execution. The primary public entries treat the candidate as withdrawn/invalid (e.g., advisories and sources noting withdrawal or removal). A ...

9.5AI score
Exploits0
CVE
CVE
added 2024/02/15 10:31 p.m.4099 views

CVE-2023-40104

CVE-2023-40104 affects ca-certificates with an information-disclosure flaw due to untrusted cryptographic certificates, enabling remote read of encrypted TLS data and requiring no user interaction. Connected sources confirm this vulnerability across multiple ecosystems (NVD/Red Hat/NASL/Nessus pl...

7.5CVSS6.3AI score0.00287EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/03/06 6:45 a.m.4096 views

CVE-2023-52601

The CVE-2023-52601 entry refers to a Linux kernel flaw in the XFS-like JFS file system: a missing bound check in dbAdjTree when accessing dmt_stree can cause an array-index-out-of-bounds. The fix introduces a bool is_ctl to determine size, as described in the cited kernel commits. Affected/affect...

7.8CVSS7.4AI score0.00249EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.4096 views

CVE-2023-42838

CVE-2023-42838 is an Apple macOS sandbox-related access issue fixed in macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.2. The description indicates an app may be able to execute arbitrary code outside its sandbox or with certain elevated privileges, driven by a sandbox-related vu...

8.6CVSS8.2AI score0.00195EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/11/12 6:15 p.m.4092 views

CVE-2024-8534

Summary: CVE-2024-8534 is a memory safety vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause memory corruption and Denial of Service when the device is configured as a Gateway/VPN Vserver with RDP features enabled (or with an RDP Proxy Server Profile) or when the Auth Serv...

8.4CVSS6.9AI score0.00562EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/02/27 12:0 a.m.4077 views

CVE-2024-25843

The CVE-2024-25843 affects the PrestaShop module Import/Update Bulk Product from any Csv/Excel File Pro (ba_importer) up to version 1.1.28 by Buy Addons. The root cause is a SQL injection in the module, allowing a guest to inject SQL in affected versions. Impact is a security compromise of data c...

9.8CVSS7.8AI score0.00574EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.4075 views

CVE-2024-26461

CVE-2024-26461 affects Kerberos 5 (krb5) 1.21.2, with a memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Several advisories (e.g., AlmaLinux ALSA-2024:3268, Astra Linux bulletin, CBLMARINER entries) confirm the issue and indicate a patched version: krb5 1.21.3-1 (or newer). The connected docu...

7.5CVSS9.1AI score0.01128EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/04/28 11:28 a.m.4068 views

CVE-2024-26928

CVE-2024-26928 relates to the Linux kernel SMB/CIFS client. The advisory notes a use-after-free (UAF) in cifs_debug_files_proc_show() triggered by session teardown. The fix adds a guard to skip sessions in status SES_EXITING during teardown, preventing UAF. Multiple connected sources (Astra Linux...

7.8CVSS6.7AI score0.00276EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2024/03/19 12:2 p.m.4065 views

CVE-2024-2616

The CVE-2024-2616 entry describes a vulnerability in ICU handling for out-of-memory conditions that causes a crash instead of continued operation. Affected products include Firefox ESR and Thunderbird versions prior to 115.9. The change is intended to harden against exploitation, with the impact ...

2.7CVSS6.9AI score0.00699EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2024/04/05 8:24 a.m.4064 views

CVE-2024-26810

Technical details about CVE-2024-26810 are not provided in the supplied documents. The Astra bulletin repeats the vulnerability description without specifying affected products/versions or remediation. Monitor for official advisories to obtain precise impact and fixes.

4.4CVSS7.2AI score0.00194EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.4063 views

CVE-2024-24323

CVE-2024-24323 is a SQL injection vulnerability affecting linlinjava litemall v.1.8.0. The issue arises in AdminOrdercontroller.java where the nickname, consignee, orderSN, and orderStatusArray parameters can be exploited by an attacker to access sensitive information. Multiple sources (NVD, Red ...

7.2CVSS7.2AI score0.00719EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/01 5:28 a.m.4061 views

CVE-2024-26993

The CVE-2024-26993 issue in the Linux kernel’s fs: sysfs_break_active_protection() leaks a kobject reference in the error path if kernfs_find_and_get() fails. The root cause was an obvious reference leak when kn is NULL, which prevented the corresponding sysfs_unbreak_active_protection() from rel...

5.5CVSS6.1AI score0.00267EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.4049 views

CVE-2024-24100

CVE-2024-24100 affects Code-projects Computer Book Store 1.0. The issue is a SQL Injection via the PublisherID parameter in the application, constituting an input handling flaw that can lead to unauthorized data exposure or modification. The CVSS 3.1 metrics given indicate a high-severity, networ...

8.3CVSS8AI score0.00556EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4044 views

CVE-2024-25748

The CVE-2024-25748 entry describes a stack-based buffer overflow in the Tenda AC9 AC9 v3.0 firmware (v15.03.06.42_multi) affecting the fromSetIpMacBind function. The root cause is a stack overflow that allows remote code execution with high impact: confidentiality, integrity, and availability are...

8.8CVSS7.9AI score0.00594EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4043 views

CVE-2024-25873

Enhavo v0.13.1 contains an HTML injection vulnerability in the Blockquote module’s Author text field that can execute arbitrary code via a crafted payload. Public sources identify the affected component (Author field in Blockquote) and the impact (arbitrary code execution). No explicit patches ar...

5.4CVSS8.1AI score0.00482EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/20 5:23 p.m.4042 views

CVE-2024-0794

HP CVE-2024-0794 affects HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers. The issue is a buffer overflow in the CFF/font rendering path when parsing embedded fonts in PDFs, leading to Remote Code Execution. Public sources describe network-adjacent or remote exploitation ...

9.8CVSS9.9AI score0.01342EPSS
Exploits0References2
CVE
CVE
added 2024/02/16 12:8 a.m.4036 views

CVE-2024-0040

CVE-2024-0040 centers on a heap buffer overflow in the setParameter function of MtpPacket.cpp, causing a possible out-of-bounds read and remote information disclosure without privileges or user interaction. Multiple trusted sources (NVD, Red Hat, PRION, Vuln enrichment, CVE lists, and Android sec...

7.5CVSS6.6AI score0.01954EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.4035 views

CVE-2024-25746

CVE-2024-25746 affects Tenda AC9 v3.0 with firmware v15.03.06.42_multi. The vulnerability is a stack-based buffer overflow in the add_white_node function that enables a remote attacker to execute arbitrary code. Root cause described as overflow from add_white_node. Impact reported as high (confid...

8.8CVSS7.9AI score0.00393EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.4028 views

CVE-2024-27508

Atheme 7.2.12 is affected by CVE-2024-27508, describing a memory leak in /atheme/src/crypto-benchmark/main.c. The vulnerability is characterized with CVSS v3.1 base score 7.5 (HIGH), attack vector NETWORK, impact on availability. The connected Red Hat, SUSE, Ubuntu, Debian, and other advisories a...

7.5CVSS6.7AI score0.00744EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/16 12:8 a.m.4028 views

CVE-2024-0034

Technical details beyond the BAL Bypass description are not publicly provided in the supplied documents. Monitor Android security advisories and vendor advisories for affected products, versions, and fixes.

7.8CVSS7.1AI score0.00118EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.4022 views

CVE-2023-46967

CVE-2023-46967 involves a Cross Site Scripting vulnerability in the sanitize function of Enhancesoft osTicket 1.18.0 . The underlying issue allows a remote attacker to escalate privileges via a crafted support ticket. Core details from the connected documents confirm the affected software and the...

6.1CVSS6.6AI score0.00439EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/12 7:6 p.m.4015 views

CVE-2022-34309

CVE-2022-34309 affects IBM CICS TX Standard and Advanced 11.1. The vulnerability arises from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. IBM’s advisories indicate that IBM CICS TX Standard and IBM CICS TX Advance...

7.5CVSS5.5AI score0.00486EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/01 12:54 p.m.4011 views

CVE-2024-27043

In CVE-2024-27043, the Linux kernel vulnerability is a use-after-free in DVB convolution: dvb_register_device assigns *pdvbdev to dvbdev and frees dvbdev in error paths without nulling *pdvbdev, enabling UAFs via the dvb device lifecycle. A fix exists (kernel patch) to null the pointer after free...

7.8CVSS6.2AI score0.00291EPSS
Exploits0References11Affected Software1
Total number of security vulnerabilities5000