Lucene search
K
CveMost viewed

368410 matches found

CVE
CVE
added 2024/05/01 5:28 a.m.3716 views

CVE-2024-26996

Summary: CVE-2024-26996 relates to a use-after-free in the Linux kernel USB gadget NCM implementation. When the NCM function is active and the usb0 interface is brought down, an error in usb_ep_enable() may cause in_ep/out_ep to remain disabled. During ncm_disable(), gether_disconnect() is not ca...

7.8CVSS6.3AI score0.00233EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/05/23 4:58 p.m.3715 views

CVE-2024-35082

CVE-2024-35082 concerns J2EEFAST v2.7.0, where a SQL injection flaw exists in the SysOperLogMapper.xml file’s findPage function. The root cause per CNVD/Red Hat style descriptions is lack of input SQL statement validation for that function, enabling potential manipulation of database queries. Rep...

6.3CVSS8.2AI score0.00254EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/04/01 12:0 a.m.3702 views

CVE-2025-26415

CVE-2025-26415 is listed in the Pixel Update Bulletin (April 2025) as an Elevation of Privilege affecting Google Assistant, with a Critical severity. The issue is tied to a logic/implementation flaw in the Google Assistant component, enabling local escalation of privilege without user interaction...

Exploits0
CVE
CVE
added 2017/03/17 12:0 a.m.3702 views

CVE-2017-0144

CVE-2017-0144 is the SMBv1 Remote Code Execution vulnerability in Windows SMB server (EternalBlue). Connected sources confirm exploitation activity (e.g., DLTMiner/WannaCry-era campaigns) and identification as a high-severity network-based RCE affecting multiple Windows editions. The root cause i...

9.3CVSS7.8AI score0.9923EPSS
In wildExploits55References13Affected Software1
CVE
CVE
added 2024/05/03 2:13 a.m.3696 views

CVE-2023-42115

Exim’s SMTP service (port 25) is affected by CVE-2023-42115: an AUTH-less out-of-bounds write that enables remote code execution via improper validation of user-supplied data, allowing code execution under the service account. The vulnerability details and impact are stated in multiple sources (E...

9.8CVSS8.1AI score0.10042EPSS
Exploits5References1Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.3695 views

CVE-2023-47422

CVE-2023-47422 affects Tenda TX9 V1 (22.03.02.54), AX3 V3 (16.03.12.11), AX9 V1 (22.03.01.46), and AX12 V1 (22.03.01.46). Root cause: access control flaw in /usr/sbin/httpd allowing authentication bypass on any endpoint via a crafted URL. Impact: unauthorized access to endpoints with high confide...

8.8CVSS6.9AI score0.00491EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/01 12:49 p.m.3692 views

CVE-2024-4059

CVE-2024-4059 describes an out-of-bounds read in the V8 API used by Google Chrome/Chromium prior to 124.0.6367.78. The vulnerability enables a remote attacker to leak cross-site data via a crafted HTML page. Affected component is the Chromium-derived web browser stack (V8 API). The documented imp...

6.5CVSS5.3AI score0.009EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2024/02/20 1:21 p.m.3679 views

CVE-2024-1552

CVE-2024-1552 involves incorrect code generation on 32-bit ARM devices, potentially causing undefined behavior. Public references show affected Mozilla products including Firefox (pre-123 and ESR 115.8, and Firefox ESR 115.8) and Thunderbird 115.8.x line, with multiple advisories (CentOS, Debian ...

7.5CVSS7.4AI score0.00667EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2025/02/18 6:27 p.m.3675 views

CVE-2025-26465

The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...

6.8CVSS6.7AI score0.06997EPSS
Exploits4References26Affected Software1
CVE
CVE
added 2019/09/25 4:39 p.m.3667 views

CVE-2019-10098

Apache httpd (2.4.0–2.4.39) is affected by CVE-2019-10098 via mod_rewrite: self-referential redirects can be fooled by encoded newlines, causing redirects to an unexpected URL. Connected advisories confirm affected versions and that exploitation could enable phishing via redirects. Mitigation is ...

6.1CVSS7.7AI score0.73981EPSS
Exploits1References17Affected Software1
CVE
CVE
added 2024/05/01 12:54 p.m.3666 views

CVE-2024-27049

CVE-2024-27049 is a Linux kernel issue affecting the wifi/mt76 driver for MT7925e. The root cause is a use-after-free in the shared IRQ handling (free_irq) when a device is deregistered. A patch set around the commit “[PATCH] Debug shared irqs” adds a test to ensure the shared IRQ handler won’t a...

7.8CVSS6.6AI score0.00277EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/01 5:19 a.m.3664 views

CVE-2024-26968

CVE-2024-26968: In the Linux kernel, the clk: qcom: gcc-ipq9574 component fix terminates frequency table arrays with an empty element to prevent out-of-bounds access when traversing with qcom_find_freq() or qcom_find_freq_floor(). The patch adds the missing terminating entry; only compile-tested....

5.5CVSS6.7AI score0.00224EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3656 views

CVE-2024-27456

CVE-2024-27456 concerns rack-cors 2.0.1 with insecure file permissions: .rb files shipped as 0666, potentially impacting integrity, confidentiality, and availability. Root cause: default permissive file permissions. Public exposure documented by Red Hat and other sources; exploitation details are...

9.1CVSS6.6AI score0.00771EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/01/02 3:59 p.m.3655 views

CVE-2024-12907

CVE-2024-12907 affects Kentico CMS 7, where a Reflected XSS can be triggered by manipulating a specific GET parameter sent to the /CMSMessages/AccessDenied.aspx endpoint. The description notes that Kentico 7 reached end of support in 2016, and Kentico 8 has been tested and does not contain this v...

5.3CVSS6.3AI score0.00379EPSS
Exploits0References1
CVE
CVE
added 2024/05/01 1:4 p.m.3654 views

CVE-2024-27071

CVE-2024-27071 affects the Linux kernel backlight hx8357 driver. The root cause was a missing NULL check for ik pins in hx8357_probe(), which could lead to a NULL pointer dereference. The connected Astra Linux advisory confirms the issue is resolved in Linux kernel and cites the fix in hx8357_pro...

5.5CVSS6.7AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/20 3:46 p.m.3652 views

CVE-2024-50555

CVE-2024-50555 : Affected product is Elementor Website Builder (WordPress) up to version 3.29.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw arising from improper input neutralization during web page generation. Multiple connected sources confirm the same issue and list the affe...

6.5CVSS5.5AI score0.00205EPSS
Exploits0References1
CVE
CVE
added 2024/05/01 12:54 p.m.3648 views

CVE-2024-27042

Technical details about CVE-2024-27042 are not provided in the connected documents. No product/version specifics are disclosed here. Monitor for updates.

6.7AI score0.00013EPSS
Exploits0
CVE
CVE
added 2024/05/01 5:28 a.m.3646 views

CVE-2024-26995

The CVE-2024-26995 issue affects the Linux kernel USB Type-C controller (tcpdm) code path, specifically pd_set handling in usb: typec: tcpm. The root cause is an off-by-one error where nr_snk_pdo and nr_src_pdo are incremented one time too many, causing loop index misalignment during Power Negoti...

7.8CVSS6.6AI score0.00236EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/05/08 3:31 p.m.3639 views

CVE-2024-24788

CVE-2024-24788: A malformed DNS message in response to a query can cause the Lookup functions to loop infinitely. Connected docs explicitly reference this issue under Go/Golang components (e.g., container-tools and related advisories) as causing an infinite loop in DNS handling. The initial descr...

5.9CVSS6.2AI score0.01001EPSS
Exploits0References7
CVE
CVE
added 2024/12/18 8:37 p.m.3634 views

CVE-2024-56145

Craft CMS is affected by CVE-2024-56145 due to a code execution vector triggered when php.ini register_argc_argv is enabled. Reports indicate an RCE vulnerability exists in affected versions, with remediation via upgrading to Craft CMS 3.9.14, 4.13.2, or 5.5.2. If upgrading is not possible, the r...

9.8CVSS7.4AI score0.97446EPSS
In wildExploits9References4Affected Software1
CVE
CVE
added 2025/01/15 12:0 a.m.3633 views

CVE-2025-23013

CVE-2025-23013 affects pam-u2f, a PAM module for U2F/U2F devices (e.g., YubiKey) used on Linux/macOS. The issue: pam-u2f does not properly handle PAM_IGNORE return values, allowing local privilege escalation or authentication bypass under certain configurations. Attack requires unprivileged acces...

7.3CVSS7.1AI score0.00397EPSS
Exploits0References7
CVE
CVE
added 2024/05/23 4:46 p.m.3630 views

CVE-2024-35083

CVE-2024-35083 affects J2EEFAST v2.7.0 with a SQL injection vulnerability in SysLoginInfoMapper.xml findPage function. Root cause stated as lack of validation of external input SQL statements, enabling an attacker to execute arbitrary SQL and potentially steal data. The CVSS v3.1 score is 8.8 ( H...

8.8CVSS8.2AI score0.00405EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.3628 views

CVE-2023-52649

CVE-2023-52649 refers to a Linux kernel issue where the DRM VKMS LUT reading could read beyond the LUT array when lut_index points to the last floor entry. The fix guards against the ceil LUT index reading past the end by using the floor LUT index value, preventing an out-of-bounds access. Public...

7.8CVSS6.7AI score0.00277EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/12/05 3:10 p.m.3627 views

CVE-2024-54130

CVE-2024-54130 affects NASA’s ION-DTN BPv7 (BPv7) where receiving a bundle with Destination EID dtn:none on version 4.1.3 triggers a segmentation fault, causing the node to become unresponsive to incoming bundles and resulting in a Denial of Service (DoS). The issue is documented as fixed in vers...

9.2CVSS6.4AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2024/02/27 12:0 a.m.3626 views

CVE-2024-27356

CVE-2024-27356 affects GL.iNet devices (examples include MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, and others listed). The issue allows an attacker to trigger commands that download files (e.g., logread.tar) from the device, potentially exposing critical user informatio...

7.5CVSS6.8AI score0.23905EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.3622 views

CVE-2024-27031

CVE-2024-27031 (Linux kernel) : The NFS read path (nfs_netfs_issue_read) locked with xa_lock while submitting pages for writeback, but did not disable interrupts during iteration, creating a deadlock risk if an interrupt runs and touches the xa_lock. The fix replaces manual iteration with xa_for_...

5.5CVSS6.4AI score0.002EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/27 8:30 a.m.3622 views

CVE-2023-6584

CVE-2023-6584 affects the WP JobSearch WordPress plugin up to version 2.3.3 (pre-2.3.4). The vulnerability allows unauthenticated attackers to log in as any user by knowing that user’s email address, effectively bypassing authentication. The root cause is described in multiple sources as an authe...

7.5CVSS7.5AI score0.00549EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.3620 views

CVE-2024-27033

The CVE-2024-27033 issue affects the Linux kernel’s f2fs filesystem code. The root cause described in the sources is a panic when verify_blkaddr() could be triggered due to a fault injected into f2fs_is_valid_blkaddr(), prompting removal of an unnecessary f2fs_bug_on() call. The advisory notes th...

5.5CVSS6.7AI score0.00266EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/05/01 5:28 a.m.3620 views

CVE-2024-26998

CVE-2024-26998 affects the Linux kernel serial subsystem, specifically the core path handling the circular buffer in the 8250 serial port code. The root cause is a mismatch between the buffer pointer state and head/tail positions during shutdown: the circular buffer is cleared (NULLified) under a...

5.5CVSS6.6AI score0.00228EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3618 views

CVE-2024-27447

pretix prior to 2024.1.1 has an improper file validation vulnerability in its upload handling. This misvalidation can affect confidentiality, integrity, and availability, with a CVSS v3.1 base score of 9.8 (CRITICAL) and network attack vector, no user interaction. Public details from connected so...

9.8CVSS6.7AI score0.00816EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/08 10:0 a.m.3617 views

CVE-2022-28615

CVE-2022-28615 affects Apache HTTP Server 2.4.53 and earlier, where a read beyond bounds can occur in ap_strcmp_match() when given a very large input buffer. The issue may affect third‑party modules or lua scripts that call this function. Advisories in connected documents reference an official fi...

9.1CVSS9AI score0.05729EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3614 views

CVE-2024-22543

CVE-2024-22543 affects Linksys Router E1700, version 1.0.04 (build 3). An authenticated attacker can escalate privileges by sending a crafted request to the "/goform/" URI or via the ExportSettings function. The linked PT Security advisory recommends disabling access to the "/goform/ " URI and re...

6.1CVSS6.8AI score0.01214EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/01 5:20 a.m.3612 views

CVE-2024-26975

CVE-2024-26975 affects the Linux kernel powercap/intel_rapl MMIO RAPL path. A NULL pointer dereference occurs when probing intel_rapl on platforms whose CPU ID is not in intel_rapl_common’s model list, because defaults_msr may be uninitialized after the cited commit. The fix adds a sanity check t...

5.5CVSS6.6AI score0.00227EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/05/21 12:0 a.m.3610 views

CVE-2024-36039

CVE-2024-36039 affects PyMySQL up to 1.1.0, where untrusted JSON input can cause SQL injection because escape_dict does not escape keys. Connected documents corroborate vulnerability details and indicate fixes in newer PyMySQL releases (e.g., PyMySQL 1.1.1+ and package updates across Linux distri...

6.3CVSS7.4AI score0.00691EPSS
Exploits1References4
CVE
CVE
added 2024/05/13 11:0 p.m.3610 views

CVE-2024-27818

Apple fixed CVE-2024-27818 by addressing a memory-handling issue that could allow a local attacker to cause an app to terminate unexpectedly or execute arbitrary code. The vulnerability affects iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5; exploitation requires local access and user interaction. ...

7.8CVSS7.5AI score0.00727EPSS
Exploits0References10Affected Software3
CVE
CVE
added 2021/05/06 4:41 a.m.3609 views

CVE-2020-28026

Exim 4 before 4.94.2 contains a vulnerability (CVE-2020-28026) described as Improper Neutralization of Line Delimiters in DSN contexts. In non-default configurations using DSN, ORCPT= can insert a newline into a spool header file, enabling unauthenticated remote attackers to execute arbitrary com...

9.8CVSS8AI score0.09285EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/23 4:57 p.m.3604 views

CVE-2024-23320

CVE-2024-23320 is an improper input validation vulnerability in Apache DolphinScheduler (up to version 3.2.1). An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. The issue is described as a legacy of CVE-2023-49299, with an additional patch applied to ...

8.8CVSS8.4AI score0.01388EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3590 views

CVE-2024-24027

CVE-2024-24027 affects Likeshop versions prior to 2.5.7, where a SQL injection vulnerability exists in DistributionMemberLogic::getFansLists. The root cause is improper handling of input in that function, enabling arbitrary SQL commands to be executed against the database. Impact is consistent wi...

7.2CVSS8.2AI score0.00668EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/03/23 12:0 a.m.3590 views

CVE-2021-3618

ALPACA (CVE-2021-3618) is an application-layer protocol content confusion attack affecting multiple assets (e.g., nginx, vsftpd, sendmail) where TLS servers configured for different protocols with compatible certificates can allow a MITM attacker to redirect subdomain traffic to another, potentia...

7.4CVSS7.5AI score0.02037EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/05/16 6:17 p.m.3585 views

CVE-2019-0708

CVE-2019-0708 (BlueKeep) is a remote code execution vulnerability in Windows Remote Desktop Services (RDP). Affected: Windows 7, Windows Server 2008 R2/2008 era deployments; vulnerable components include the RDP service. Root cause: use-after-free in RDP handling that enables unauthenticated, net...

10CVSS9.4AI score0.99999EPSS
In wildExploits123References15Affected Software2
CVE
CVE
added 2024/02/28 11:8 p.m.3584 views

CVE-2024-25579

CVE-2024-25579 is an OS command injection in ELECOM wireless LAN routers (notably WRC-1167GS2-B/H-B, WRC-2533GS2-B/W/V-B, WRC-X3200GST3-B, WRC-G01-W) that allows a network-adjacent attacker with administrative privileges to run arbitrary OS commands via a crafted request. Affected versions: WRC-1...

6.8CVSS7.8AI score0.00838EPSS
Exploits0References2
CVE
CVE
added 2025/10/23 12:0 a.m.3581 views

CVE-2025-62813

CVE-2025-62813 corresponds to a vulnerability in LZ4 processing of untrusted frames (CVE-2025-62813) that can cause a denial of service or other unspecified impact. Connected advisories show affected packages across Linux distributions: LZ4 (versions less than 1.9.4-2 on Amazon Linux 2/ALAS2 and ...

6.9AI score
Exploits0
CVE
CVE
added 2024/02/22 2:59 a.m.3576 views

CVE-2024-23127

Autodesk CVE-2024-23127 affects AutoCAD via parsing MODEL/SLDPRT/SLDASM files, triggering a heap-based overflow in ODXSW_DLL.dll and libodxdll.dll. The vulnerability can allow a crash, data leakage of sensitive information, or arbitrary code execution in the current process. Exploitation context ...

7.8CVSS6.6AI score0.00515EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/27 2:29 p.m.3575 views

CVE-2024-27905

Apache Aurora is affected by a vulnerability described as an exposure of sensitive information to an unauthenticated actor, arising from an endpoint that exposes internals and can function as a padding oracle to craft a valid authentication cookie. The issue can potentially be combined with other...

9.1CVSS9.6AI score0.01471EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/03/26 3:0 p.m.3569 views

CVE-2018-1283

In Apache httpd (mod_session) versions 2.4.0–2.4.29, when SessionEnv forwarding is enabled to CGI applications, a remote attacker can influence their content by sending a crafted Session header. This arises from mod_session forwarding data using the HTTP_SESSION variable name, which overlaps with...

5.3CVSS7AI score0.10118EPSS
Exploits0References26Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.3567 views

CVE-2024-27068

CVE-2024-27068 – Linux kernel (Mediatek lvts_thermal): The vulnerability is a memory leak in an error path where, if devm_krealloc() fails, the efuse resource is leaked. The issue has been fixed by freeing the leaked efuse to prevent resource exhaustion. The CVE is described as a local-attack vec...

5.5CVSS6.6AI score0.00224EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3562 views

CVE-2024-22873

CVE-2024-22873 affects Tencent Blueking CMDB versions 3.2.x–3.9.x. The vulnerability is a Server-Side Request Forgery in the event subscription function (/service/subscription.go) that allows an attacker to access internal requests via a crafted POST. CVSS data in the initial document indicates h...

8.1CVSS7.1AI score0.00666EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/03/27 12:0 a.m.3559 views

CVE-2024-28085

The CVE-2024-28085 issue is in util-linux, where wall (and related utilities) installed with setgid tty permission fails to filter escape sequences from command-line arguments. Escape sequences from argv can be sent to other users’ terminals, potentially enabling local information disclosure or a...

3.3CVSS6.2AI score0.02242EPSS
Exploits3References18Affected Software1
CVE
CVE
added 2025/01/15 5:35 p.m.3552 views

CVE-2024-52005

CVE-2024-52005 affects Git via ANSI escape sequence injections in the sideband channel. A PoC demonstrates exploitation; affected versions include pre-2.48.1, 2.47.3, 2.46.5, 2.45.4, and 2.44.3. Impacts include hiding/misrepresenting output, fake security prompts, social‑engineering payloads, and...

8.8CVSS6.8AI score0.00494EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/03/01 12:0 a.m.3540 views

CVE-2024-27497

Linksys E2000 router (Firmware 1.0.06 build 1) is affected by CVE-2024-27497 due to an authentication bypass in the position.js file. The vulnerability enables unauthorized access to the device. Remediation is to upgrade to a patched firmware version as indicated in the connected documents; explo...

8.8CVSS6.9AI score0.2646EPSS
In wildExploits0References1Affected Software1
Total number of security vulnerabilities5000