Lucene search
K
CveMost viewed

368391 matches found

CVE
CVE
added 2024/04/04 7:20 p.m.3864 views

CVE-2024-24795

CVE-2024-24795 (httpd) describes HTTP response splitting in multiple Apache HTTP Server modules when malicious response headers can be injected into backend applications, enabling HTTP desynchronization. The vulnerability is mitigated by upgrading to Apache HTTP Server 2.4.59, as indicated across...

6.3CVSS7AI score0.02874EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.3864 views

CVE-2023-42877

CVE-2023-42877 affects macOS components and was fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The issue allowed an app to modify protected parts of the file system due to insufficient checks; remediation is to upgrade to the listed OS versions where Adobe-style chec...

7.7CVSS6.6AI score0.00197EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.3863 views

CVE-2023-42928

CVE-2023-42928 affects Apple iOS/iPadOS; root cause: impaired bounds checks; impact: an app may be able to gain elevated privileges; remediation: patch in iOS 17.1 and iPadOS 17.1.

8.4CVSS7.4AI score0.00173EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/02/28 8:13 a.m.3860 views

CVE-2021-47044

CVE-2021-47044 describes a Linux kernel issue in sched/fair/load_balance where sd->nr_balance_failed could grow unbounded if a task could not run on env->dst_cpu. The root cause was a potentially unbounded shift operation used to decide when to trigger an active balance, leading to extremel...

7.7CVSS7.3AI score0.00267EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/22 2:14 a.m.3859 views

CVE-2024-23124

The CVE-2024-23124 issue affects Autodesk AutoCAD via ASMIMPORT228A.dll when parsing STP files, causing an Out-of-Bounds Write that can crash, corrupt data, or allow arbitrary code execution in the current process. Public sources (e.g., ZDI) describe this as a remote code execution vulnerability ...

7.8CVSS7.8AI score0.00554EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/22 9:51 a.m.3854 views

CVE-2024-22393

The CVE-2024-22393 issue affects Apache Answer up to version 1.2.1 and enables a pixel-flood DoS by uploading large image files. A logged-in user can trigger memory exhaustion, leading to a server DoS. Remediation is to upgrade to version 1.2.5 (or later). Multiple sources (NVD, Red Hat, CNVD, Ve...

9.1CVSS9.2AI score0.0248EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3854 views

CVE-2022-25377

Summary : Multiple sources (Red Hat, Veracode, OSV, GHSA, NVD mirrors) confirm a directory-traversal flaw in Appwrite’s ACME-challenge endpoint. Affected versions : Appwrite 0.5.0 through 0.12.x before 0.12.2. The vulnerability requires the path APP_STORAGE_CERTIFICATES/.well-known/acme-challenge...

7.5CVSS6.6AI score0.00793EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3850 views

CVE-2024-25410

Summary: CVE-2024-25410 affects flusity-CMS 2.33. The issue is an Unrestricted Upload of File with Dangerous Type in update_setting.php. The connected sources confirm the affected product and vulnerable component/file, but do not provide concrete remediation steps or exploit details beyond the up...

6.5CVSS6.7AI score0.00585EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.3847 views

CVE-2023-7165

CVE-2023-7165 affects JetBackup WordPress plugin prior to 2.0.9.9. The vulnerability stems from not using index files to block public directory listings, enabling leakage of backup files from /wp-content/uploads/jetbackup in certain configurations. Patch to 2.0.9.9+ or apply server-side controls ...

7.5CVSS7.4AI score0.01915EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3846 views

CVE-2024-27455

The CVE-2024-27455 issue affects Bentley Assetwise ALIM Web and Assetwise Information Integrity Server. A configuration-related flaw can cause exposure of a user’s ALIM session token when downloading files. Affected versions are Assetwise ALIM Web prior to 23.00.04.04 and Assetwise Information In...

9.1CVSS6.6AI score0.00645EPSS
Exploits0References1
CVE
CVE
added 2019/08/13 8:50 p.m.3846 views

CVE-2019-9511

CVE-2019-9511 is an HTTP/2 denial-of-service issue observed in multiple products where an attacker manipulates HTTP/2 window size and stream prioritization to force queuing of data in 1-byte chunks, potentially exhausting CPU/memory. Connected advisories confirm affected components include nginx ...

7.8CVSS6.8AI score0.58373EPSS
Exploits0References47Affected Software1
CVE
CVE
added 2024/12/02 4:8 p.m.3845 views

CVE-2024-53862

CVE-2024-53862 affects Argo Workflows (Kubernetes) where, in --auth-mode=client, archived workflows could be retrieved with a fake token due to a missing auth check, and in --auth-mode=sso all archived workflows could be retrieved with a valid token. The vaulting component that should validate to...

7.5CVSS6.7AI score0.00656EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3843 views

CVE-2024-26967

In CVE-2024-26967, the issue is in the Linux kernel clock framework for Qualcomm camcc-sc8280xp (clk: qcom: camcc-sc8280xp). The vulnerability arises because frequency table arrays are not terminated with an empty element, which can lead to out-of-bounds access when traversed by functions such as...

5.5CVSS6.7AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 5:28 a.m.3840 views

CVE-2024-27002

CVE-2024-27002 affects the Linux kernel mediatek clock controllers. Root cause: a mutual dependency between mt8183-mfgcfg and genpd during probing could deadlock with a runtime PM path. The fix: perform a runtime PM get on controllers during probe to ensure clk_register() does not acquire the gen...

5.5CVSS6.2AI score0.00173EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/03/15 6:3 p.m.3839 views

CVE-2024-2193

The connected advisories confirm CVE-2024-2193 is a Speculative Race Condition (SRC) vulnerability tied to Spectre V1, allowing an unauthenticated attacker to disclose data via race conditions in speculative execution paths. The affected surface is the Linux kernel, with mitigations/updates relea...

5.7CVSS6.4AI score0.01231EPSS
Exploits0References13
CVE
CVE
added 2024/05/22 3:11 p.m.3837 views

CVE-2024-5157

CVE-2024-5157 affects Google Chrome/Chromium: a use-after-free in the Scheduling component allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. The vulnerability is present in Chromium/GChromium pre-125.0.6422.76; exploitation could yield full code execut...

8.8CVSS7.4AI score0.00772EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.3833 views

CVE-2024-25262

CVE-2024-25262 affects TeX Live's texlive-bin. A heap buffer overflow in the ttfLoadHDMX:ttfdump path can be triggered by a crafted TTF file, enabling Denial of Service (DoS) and, per some advisories, potential arbitrary code execution. Public disclosures across Ubuntu/Debian and related advisori...

8.1CVSS7.2AI score0.00902EPSS
Exploits0References3
CVE
CVE
added 2024/02/27 8:30 a.m.3831 views

CVE-2023-6585

The CVE-2023-6585 issue affects the WP JobSearch WordPress plugin prior to version 2.3.4. The vulnerability stems from inadequate validation of uploaded files, allowing unauthenticated attackers to upload arbitrary files (e.g., PHP) to the server, potentially enabling remote code execution. The i...

7.5CVSS7.7AI score0.00602EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/05/01 5:29 a.m.3829 views

CVE-2024-27010

CVE-2024-27010 is about a Linux kernel net/sched deadlock in mirred on classful egress qdiscs, fixed by introducing an owner field in the qdisc (preventing recursive locking). The connected Broadcom/Miracle/KOSS advisories include a note (AXSA:2025-9528/NASL) that Brocade Fabric OS before 10.0.0 ...

5.5CVSS6.4AI score0.00175EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/05/01 5:29 a.m.3828 views

CVE-2024-27011

CVE-2024-27011 is a Linux kernel memleak fix in netfilter nf_tables. Root cause: a combination of delete element and delete set from the abort path could restore twice the refcount of a mapping when the transaction object is not used for element removal. The fix adds a check for inactive elements...

5.5CVSS6.5AI score0.00232EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.3826 views

CVE-2024-0855

Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...

5.3CVSS5.1AI score0.00482EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/02/23 12:0 a.m.3825 views

CVE-2024-24309

The CVE-2024-24309 affects the Ecomiz Survey TMA module for PrestaShop, up to version 2.0.0. The Red Hat/NVD entries and related advisories describe a design/logic flaw in the Survey TMA that allows a guest to download personal information without restriction, constituting an information disclosu...

7.5CVSS6.5AI score0.00581EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3816 views

CVE-2024-22917

CVE-2024-22917 : The issue is a SQL injection in the Dynamic Lab Management System Project in PHP v1.0 that allows a remote attacker to execute arbitrary code via a crafted script. Affected component is the web application logic handling SQL queries; root cause is injection due to unsanitized inp...

8.6CVSS8.6AI score0.00739EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 5:28 a.m.3813 views

CVE-2024-27003

CVE-2024-27003 affects the Linux kernel clock framework. The issue arises when printing clk_state via debugfs without proper runtime PM synchronization, risking deadlock if a thread resuming a device also resumes in another thread. The fix removes the now-superfluous clk_pm_runtime_get/put calls ...

5.5CVSS6.3AI score0.00173EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/05/01 1:5 p.m.3805 views

CVE-2024-27392

The CVE-2024-27392 entry concerns the Linux kernel nvme subsystem. A double-free occurred in ns_update_nuse() where kfree() ran after nvme_identify_ns() failed, freeing nvme_id_ns twice and triggering KASAN. The root cause is freeing the struct after identify_ns failure; the fix is to skip kfree(...

7.8CVSS6.4AI score0.00259EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3802 views

CVE-2024-25770

CVE-2024-25770 affects libming 0.4.8 with a memory leak in /libming/src/actioncompiler/listaction.c. The issue can be exploited to cause a denial of service. Multiple connected sources corroborate the vulnerable component and file, and there is no publicly documented vendor patch or remediation i...

4.3CVSS6.7AI score0.00599EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3802 views

CVE-2024-26349

CVE-2024-26349 affects Flusity-CMS v2.33, with a Cross-Site Request Forgery (CSRF) in the component /core/tools/delete_translation.php. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, base score 4.3 (Medium), indicating network access without authentication but limited impact on confi...

4.3CVSS7.4AI score0.00303EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3794 views

CVE-2024-26352

CVE-2024-26352 affects flusity-CMS v2.33. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component /core/tools/add_places.php. The consolidated data describes a CSRF that can impact multiple security properties, with a CVSS 3.1 base score of 8.8 (HIGH) and UI required for exploit...

8.8CVSS7.4AI score0.00335EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3789 views

CVE-2024-25875

CVE-2024-25875 is an XSS vulnerability in the Header module of Enhavo CMS v0.13.1, exploitable via crafted input in the Undertitle text field. Affected component: Undertitle handling in the Header module; root cause: insufficient input validation/escaping in Undertitle processing as described acr...

6.1CVSS5.6AI score0.00424EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/04/12 2:0 p.m.3789 views

CVE-2017-0199

CVE-2017-0199 affects Microsoft Office client suites (Office 2007 SP3, 2010 SP2, 2013 SP1, 2016) and Windows platforms (Vista SP2, Server 2008 SP2, 7 SP1, 8.1). The vulnerability allows remote code execution via a crafted document, exploiting how Office components interact with the Windows API an...

9.3CVSS8.3AI score0.99933EPSS
In wildExploits29References12Affected Software5
CVE
CVE
added 2024/05/01 12:54 p.m.3788 views

CVE-2024-27045

Summary: CVE-2024-27045 affects the Linux kernel DRM AMD display path (amdgpu_dm). The vulnerability is a potential buffer overflow in dp_dsc_clock_en_read() caused by unsafe snprintf usage. The patch tightens the snprintf output limit from 30 to 10 bytes, mitigating overflow. The issue is tied t...

7.8CVSS6.8AI score0.00303EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2022/03/23 3:18 p.m.3784 views

CVE-2022-23242

TeamViewer Linux versions before 15.28 fail to delete the connection password after a process crash, enabling remote reuse of the pre-crash password if an attacker knows the crash event and TeamViewer ID or has local authenticated access. This CVE is grounded in the NVD entry for CVE-2022-23242; ...

6.3CVSS5AI score0.00201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3782 views

CVE-2024-25846

In PrestaShop, the vulnerability CVE-2024-25846 affects the Product Catalog (CSV, Excel) Import module (simpleimportproduct) version ≤ 6.7.0 from MyPrestaModules. The issue allows a guest to upload files with a .php extension, enabling potential code execution on the server. The Red Hat and NVD e...

9.1CVSS6.9AI score0.00789EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/26 12:19 p.m.3776 views

CVE-2023-49114

CVE-2023-49114 affects Qognify VMS Client Viewer 7.1 and later. The root cause is a DLL hijacking vulnerability that allows a local user to execute arbitrary code and achieve higher privileges by placing a malicious DLL under specific pre-conditions. Impact stated in documents: local code executi...

6.7CVSS6.8AI score0.00359EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2024/02/21 12:0 a.m.3774 views

CVE-2024-24476

CVE-2024-24476 relates to a reported buffer overflow in Wireshark prior to version 4.2.0 that could allow a remote attacker to cause a denial of service via the pan/addr_resolv.c and ws_manuf_lookup_str() components. The Azure Linux 3.0 Nessus update notes that the Wireshark package on a host ins...

7.5CVSS6.8AI score0.01296EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3771 views

CVE-2024-26964

Mode C: CVE-2024-26964 is present in MiracleLinux advisories (AXSA-2024-8481:17) and is described as a Linux kernel USB (xhci) issue: kzalloc() null path could lead to crash in xhci_map_urb_for_dma. The MiracleLinux advisories for AXSA-2024-8481 list affected products and advise upgrading to Mira...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.3768 views

CVE-2023-49034

ProjeQtOr 11.0.2 has a Cross Site Scripting (XSS) vulnerability that allows a remote attacker to execute arbitrary code via a crafted script targeting the checkvalidHtmlText function in ack.php and security.php. The issue stems from the input handling in these files, enabling injection of scripts...

6.1CVSS6.3AI score0.00538EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/01 5:27 a.m.3763 views

CVE-2024-26983

CVE-2024-26983 is a Linux kernel issue about freeing xbc memory in bootconfig. The root cause was memblock_free() being used during xbc_exit() when memory may have already been handed to the buddy allocator, causing use-after-free (UAF) on certain architectures (e.g., CONFIG_ARCH_KEEP_MEMBLOCK di...

7.8CVSS6.1AI score0.0023EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3757 views

CVE-2024-26542

Bonitasoft S.A. has a Cross-Site Scripting vulnerability (CVE-2024-26542) in the Groups Display name field. The flaw affects versions prior to 7.14.8, 7.15.7, 8.0.3, and 9.0.2, with remediation by upgrading to 7.14.8, 7.15.7, 8.0.3, or 9.0.2 respectively. The issue allows attackers to execute arb...

6.1CVSS7.1AI score0.00527EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3757 views

CVE-2024-27444

The CVE-2024-27444 entry applies to langchain_experimental (LangChain Experimental) in LangChain prior to 0.1.8, where an attacker can bypass the fixes for CVE-2023-44467 and execute arbitrary Python code via privileged attributes (import , subclasses , builtins , globals , getattribute , bases ,...

9.8CVSS9.5AI score0.00766EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/30 6:4 p.m.3750 views

CVE-2022-22693

Technical details for CVE-2022-22693 are not provided in the supplied documents; the connected ThreatPost item discusses CVE-2022-22963, not this CVE. Monitor for updates.

Exploits0
CVE
CVE
added 2024/05/03 2:11 a.m.3744 views

CVE-2023-40477

CVE-2023-40477 affects WinRAR (Recovery Volume processing). The issue stems from insufficient validation of user-supplied data during recovery-volume handling, enabling a memory access past the end of an allocated buffer and potentially remote code execution in the context of the target process. ...

7.8CVSS8.1AI score0.1308EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/28 8:13 a.m.3741 views

CVE-2021-47034

CVE-2021-47034 affects the Linux kernel on powerpc/64s with radix paging. Root cause: radix__set_pte_at() omits a ptesync when updating a PTE, risking out-of-order updates for kernel memory and spurious faults during patching. The fix adds a ptesync path in flush_cache_vmap() (to be invoked when ...

4.4CVSS5.7AI score0.00221EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.3734 views

CVE-2024-27070

Summary (CVE-2024-27070): The Linux kernel f2fs subsystem is affected by a use-after-free in f2fs_filemap_fault. The root cause is that vmf->vma may be not alive after filemap_fault(), causing an invalid access to vmf->vma->vm_flags in trace_f2fs_filemap_fault. The fix is to keep vm_flag...

7.8CVSS6.7AI score0.00227EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/03/06 6:45 a.m.3731 views

CVE-2024-26627

CVE-2024-26627 concerns the Linux kernel SCSI subsystem. The issue arises from calling and checking scsi_host_busy() with host locks during scsi_eh_wakeup(), which can serialize recovery when N hardware queues and queue depth M are large, leading to heavy overhead and, in worst cases, a hard lock...

5.5CVSS6.4AI score0.00242EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3730 views

CVE-2024-25251

CVE-2024-25251 affects code-projects Agro-School Management System 1.0 with an Incorrect Access Control flaw. Connected sources consistently reference the product and version, describing improper access control as the issue. The CVSS v3.1 vector indicates high impact to confidentiality, integrity...

8.8CVSS6.8AI score0.00689EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/05/19 10:10 a.m.3728 views

CVE-2024-35933

CVE-2024-35933 affects the Linux kernel Bluetooth btintel path. The root cause is a NULL pointer dereference in btintel_read_version when hci_cmd_sync_complete() is triggered and skb is NULL, leading to hdev->req_skb being NULL. The issue can enable local exploitation scenarios as described in...

5.5CVSS6.7AI score0.00223EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3725 views

CVE-2024-26962

CVE-2024-26962 — Linux kernel (dm-raid/raid456 deadlock during reshape) Root cause: when a RAID-456 reshape is in progress, IO across the reshape position may wait for reshape progress. In the dm-raid path, certain states (read-only array, MD_RECOVERY_WAIT, MD_RECOVERY_FROZEN) caused reshape to f...

5.5CVSS6.5AI score0.00174EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/29 12:0 a.m.3723 views

CVE-2024-22871

CVE-2024-22871 affects IBM Cognos Analytics (11.2.x FP4 and 12.0.x) via a DoS in Clojure’s clojure.core$partial$fn__5920 function. The IBM Security Bulletin enumerates vulnerable products/versions and links remediation: upgrade to Cognos Analytics 12.0.4 or 11.2.4 FP5. The CVSS-based impact is HI...

7.5CVSS6.2AI score0.01533EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2024/12/04 2:11 p.m.3719 views

CVE-2024-53125

CVE-2024-53125 involves the Linux kernel BPF verifier. The issue occurs in sync_linked_regs() where subreg_def marks and range propagation can be incorrect, leading to an incorrect rewrite of BPF instructions when BPF_F_TEST_RND_HI32 is set. Publicly documented impact indicates potential misbehav...

5.5CVSS6.4AI score0.00207EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities5000