Lucene search
K
CveMost viewed

368289 matches found

CVE
CVE
added 2024/05/01 12:54 p.m.3533 views

CVE-2024-27048

CVE-2024-27048 : Linux kernel wifi (brcm80211) vulnerability where kzalloc() may return NULL for pmk_op, risking a NULL dereference. The fix returns -ENOMEM from brcmf_pmksa_v3_op() when kzalloc() fails for pmk_op, mitigating local-exploit risk. Connected advisories ( MiracleLinux AXSA and IBM li...

5.5CVSS6.6AI score0.00274EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.3533 views

CVE-2024-25202

CVE-2024-25202 is a cross-site scripting vulnerability in the Phpgurukul User Registration & Login and User Management System v1.0. The vulnerability affects the system’s search bar and enables attackers to run arbitrary code. Reported metrics indicate a CVSS v3.1 base score of 6.1 (Network acces...

6.1CVSS6.8AI score0.00992EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/22 9:40 a.m.3528 views

CVE-2023-29180

CVE-2023-29180 is a NULL pointer dereference in Fortinet FortiOS and FortiProxy that can cause a denial of service via specially crafted HTTP requests. Affected: FortiOS 7.2.0–7.2.4, 7.0.0–7.0.11, 6.4.0–6.4.12, 6.2.0–6.2.14, 6.0.0–6.0.16; FortiProxy 7.2.0–7.2.3, 7.0.0–7.0.10, 2.0.0–2.0.12, 1.2.0–...

7.5CVSS7.3AI score0.0261EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3528 views

CVE-2024-26483

CVE-2024-26483 affects Kirby CMS v4.1.0: an unrestricted file upload in the Profile Image module allows arbitrary code execution via a crafted PDF. The issue is confirmed by multiple sources (Veracode/GitHub advisory) and is mitigated by upgrades to Kirby releases (e.g., 3.6.6.5, 3.7.5.4, 3.8.4.3...

8.8CVSS7.5AI score0.00966EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/05/17 2:47 p.m.3511 views

CVE-2024-35855

CVE-2024-35855 : Linux kernel issue in mlxsw spectrum_acl_tcam caused a local use-after-free during activity update. The bug happens when the rule activity update traverses configured rules and reads ventry->entry, which can be concurrently changed by the rehash path. The fix closes the race b...

7.8CVSS6.7AI score0.00247EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/03/01 12:0 a.m.3510 views

CVE-2024-27354

CVE-2024-27354 affects phpseclib 1.x < 1.0.23, 2.x < 2.0.47, and 3.x

7.5CVSS7.1AI score0.00601EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/06/05 4:0 p.m.3508 views

CVE-2012-1667

CVE-2012-1667 affects ISC BIND 9.x before patched releases (examples: 9.7.6-P1, 9.8.3-P1, 9.9.1-P1; and 9.4-ESV/9.6-ESV before listed P1s). The vulnerability arises from improper handling of resource records with a zero-length RDATA, enabling remote DNS servers to trigger a DoS (daemon crash or d...

8.5CVSS8.3AI score0.13405EPSS
Exploits1References16Affected Software1
CVE
CVE
added 2024/02/22 2:25 a.m.3506 views

CVE-2024-23126

CVE-2024-23126 affects Autodesk AutoCAD through CC5Dll.dll when parsing CATPART files, causing a stack-based overflow. The description and multiple sources indicate exploitation can crash the process, read sensitive data, or execute arbitrary code in the context of the current process. A ZDI advi...

7.8CVSS7.7AI score0.00418EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/31 12:0 a.m.3494 views

CVE-2023-27163

CVE-2023-27163 affects Request-Baskets versions up to 1.2.1. The issue is a Server-Side Request Forgery (SSRF) via the /api/baskets/{name} endpoint, where the forward_url parameter can direct requests to internal or restricted resources. Ambitious attackers can leverage this to access internal ne...

6.5CVSS6.1AI score0.07497EPSS
In wildExploits29References6Affected Software1
CVE
CVE
added 2025/11/09 12:0 a.m.3493 views

CVE-2022-12345

Technical details for CVE-2022-12345 are not provided in the supplied documents. No affected products, root cause, impact, or remediation are disclosed here. Monitor for official updates.

Exploits2
CVE
CVE
added 2024/02/26 12:0 a.m.3489 views

CVE-2024-25344

CVE-2024-25344 relates to ITFlow.org prior to commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378, described as a Cross Site Scripting/CSRF issue affecting multiple settings components (settings.php, settings+company.php, settings_defaults.php, settings_integrations.php, settings_invoice.php, setti...

6.1CVSS6.8AI score0.00741EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2022/05/03 2:14 p.m.3488 views

CVE-2022-29860

CVE-2022-29860 is described in connected documents as a TLS-related vulnerability affecting Avaya switches (TLS reassembly heap overflow) with a very high CVSS (9.8). Affected devices include Avaya ERS series; remediation is tied to vendor/Extreme Networks updates and guidance (Avaya/Extreme Netw...

Exploits0References3
CVE
CVE
added 2019/09/26 2:40 p.m.3487 views

CVE-2019-10082

CVE-2019-10082 affects Apache HTTP Server 2.4.18–2.4.39, where fuzzed network input could cause read-after-free in http/2 session shutdown. Impact: remote, unauthenticated triggering memory faults in httpd workers, enabling potential DoS and other consequences. Connected sources indicate remediat...

9.1CVSS8.9AI score0.16549EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2024/02/27 12:0 a.m.3486 views

CVE-2024-25723

CVE-2024-25723 affects ZenML Server in the ZenML Python package (prior to 0.46.7). The REST endpoint /api/v1/users/{user_name_or_id}/activate allows remote privilege escalation by authenticating with a valid username and a new password in the request body, enabling total compromise of the account...

8.8CVSS7.2AI score0.70581EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2024/02/22 4:27 a.m.3478 views

CVE-2024-23134

CVE-2024-23134 corresponds to a use-after-free in Autodesk AutoCAD triggered by parsing a malicious IGS file (tbb.dll). Multiple connected sources (ZDI advisory, Red Hat, NVD, CVE lists) confirm remote code execution potential when an affected IGS file is opened or viewed, with user interaction o...

7.8CVSS6.7AI score0.00488EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/20 12:0 a.m.3475 views

CVE-2024-24474

CVE-2024-24474 affects QEMU up to 8.2.0, where an integer underflow in the TI command enables a buffer overflow in esp_do_nodma (hw/scsi/esp.c) when a non-DMA transfer length is shorter than the available FIFO data (async_len underflow). This is triggered in the SCSI ESP device and could impact g...

8.8CVSS6.6AI score0.01397EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.3473 views

CVE-2024-26886

CVE-2024-26886 (Linux kernel): The vulnerability affects Bluetooth af_bluetooth in the Linux kernel, where attempting to lock a socket during .recvmsg could deadlock. The fix switches from using sock_sock to using the bt path with sk_receive_queue.lock in bt_sock_ioctl, preventing a use-after-fre...

6.5CVSS6.7AI score0.00489EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/05/01 1:4 p.m.3470 views

CVE-2024-27064

CVE-2024-27064 : Linux kernel nf_tables memory leak when nft_netdev_register_hooks() fails. The fix moves nft_stats_alloc() to after successful registration, preventing leaks of nft_stats if registration aborts. Connected Astra Linux advisory mirrors this description for kernel 5.x series, confir...

5.5CVSS6.6AI score0.00222EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/11/12 5:49 p.m.3466 views

CVE-2024-8068

CVE-2024-8068 affects Citrix Session Recording. According to Citrix’s security bulletin CTX691941, affected versions include Current Release prior to hotfix 2407 (24.5.200.8) and LTSR releases: 1912 LTSR before CU9 (19.12.9100.6), 2203 LTSR before CU5 (22.03.5100.11), and 2402 LTSR before CU1 (24...

8CVSS6.6AI score0.01399EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2016/01/14 12:0 a.m.3459 views

CVE-2016-0777

CVE-2016-0777 pertains to an information leak and buffer overflow in OpenSSH client roaming (roaming_bytes reading memory) affecting OpenSSH 5.x, 6.x, and 7.x prior to 7.1p2. Exploitation would allow a remote server to obtain memory contents (e.g., private keys) via a roaming request. Connected d...

6.5CVSS6.4AI score0.63468EPSS
Exploits2References34Affected Software1
CVE
CVE
added 2024/05/01 12:49 p.m.3455 views

CVE-2024-27025

CVE-2024-27025 concerns the Linux kernel: a NULL return from nla_nest_start() could lead to NULL pointer dereference if not checked. The patch inserts a NULL check and sets errno consistent with other call sites, preventing a potential crash. Public references show the issue resolved in the kerne...

5.5CVSS6.5AI score0.00292EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.3453 views

CVE-2024-23094

Summary: CVE-2024-23094 affects Flusity-CMS v2.33 through a Cross-Site Request Forgery (CSRF) vulnerability in the component /cover/addons/info_media_gallery/action/edit_addon_post.php. Affected software: Flusity-CMS 2.33. Root cause: CSRF vulnerability in the specified PHP action path. Impact (a...

8.8CVSS7.4AI score0.00296EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/13 10:20 a.m.3448 views

CVE-2024-4741

CVE-2024-4741 affects OpenSSL when applications directly call SSL_free_buffers to free internal buffers for processing network records. The issue is a use-after-free: in two scenarios, the buffer is freed while still in use (during partial record processing or when only part of a record is read),...

7.5CVSS7.7AI score0.02945EPSS
Exploits0References9
CVE
CVE
added 2024/02/22 3:33 a.m.3443 views

CVE-2024-23130

Summary (CVE-2024-23130): A memory corruption vulnerability arises when parsing malicious SLDASM or SLDPRT files in Autodesk applications via ODXSW_DLL.dll, potentially enabling code execution in the current process. The issue is described across multiple advisories (notably ZDI reports for Autod...

7.8CVSS6.7AI score0.00526EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/04/08 8:11 p.m.3442 views

CVE-2019-0217

This CVE affects Apache HTTP Server 2.4.x up to 2.4.38, where a race condition in mod_auth_digest could allow an authenticated user to act as another user and bypass access control. The issue is tied to running in threaded MPMs; the underlying cause is a race condition in authentication handling....

7.5CVSS7.5AI score0.17666EPSS
Exploits0References39Affected Software1
CVE
CVE
added 2024/02/26 12:0 a.m.3440 views

CVE-2023-49960

CVE-2023-49960 affects Indo-Sol PROFINET-INspektor NT up to version 2.4.0. A path-traversal in the firmware’s httpuploadd service allows remote attackers to write arbitrary files via a crafted filename parameter in requests to the /upload endpoint. Connected sources confirm the details and indica...

7.5CVSS7.1AI score0.00664EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/22 4:11 a.m.3438 views

CVE-2024-23133

CVE-2024-23133 affects Autodesk AutoCAD Desktop Software due to a vulnerability in parsing a malicious STP file (ASMDATAX228A.dll). The issue is described as a memory corruption via a write access violation, and, in combination with other vulnerabilities, could lead to code execution in the conte...

7.8CVSS8AI score0.00255EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/01/08 8:40 p.m.3436 views

CVE-2025-22145

Carbon (PHP DateTime extension) has a vulnerability where unsanitized input passed to Carbon::setLocale could lead to arbitrary file include if a PHP file is uploaded in a folder that is includable. This affects users of the Carbon extension and is mitigated by fixes in Carbon release 3.8.4 and 2...

6.3CVSS7AI score0.00696EPSS
Exploits0References3
CVE
CVE
added 2024/05/01 12:53 p.m.3434 views

CVE-2024-27029

CVE-2024-27029 affects the Linux kernel’s DRM AMDGPU path: mmhub client id out-of-bounds access, caused by improper handling of cid 0x140. Reports across multiple advisories (SUSE live patch for SLE 15 SP6, OpenVAS/UUbuntu advisories) confirm this as a kernel vulnerability with high impact (local...

7.1CVSS6.8AI score0.00282EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/25 12:0 a.m.3431 views

CVE-2024-27359

The CVE-2024-27359 issue affects WithSecure products (Client Security 15; Server Security 15; Email and Server Security 15; Elements Endpoint Protection 17+; Client Security for Mac 15; Elements Endpoint Protection for Mac 17+; Linux Security 64 12.0 / Linux Protection 12.0; Atlant 1.0.35-1). Roo...

7.5CVSS6.8AI score0.00713EPSS
Exploits0References1
CVE
CVE
added 2019/01/30 10:0 p.m.3430 views

CVE-2018-17199

In Apache HTTP Server 2.4.x up to 2.4.37, the vulnerability CVE-2018-17199 is caused by mod_session_cookie: the session expiry time is checked before decoding the session, so expiry is ignored for mod_session_cookie sessions. This means session expiry may not be enforced for affected sessions. Th...

7.5CVSS6.4AI score0.19994EPSS
Exploits0References28Affected Software1
CVE
CVE
added 2022/05/03 2:14 p.m.3429 views

CVE-2022-29861

CVE-2022-29861 is a HTTP header parsing stack overflow in Avaya switches (TLStorm 2.0). THN lists Avaya ERS3500/3600/4900/5900 series among affected devices; NCSC-2022-0321 confirms remote code execution potential on Avaya/Extreme-rebranded devices. Mitigation involves applying vendor updates; Ex...

Exploits0References3
CVE
CVE
added 2024/11/29 6:56 p.m.3423 views

CVE-2024-53980

RIOT OS vulnerability affecting CC2538 radio reception. A malicious actor can send a IEEE 802.15.4 packet with a spoofed length byte (and optionally spoofed FCS), causing the receiver to enter an endless loop. The root cause is the CRC position check: before PR #20998 the code used the full 8 bit...

7.5CVSS6.6AI score0.00726EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2024/05/03 2:13 a.m.3421 views

CVE-2023-42116

Exim SMTP vulnerability CVE-2023-42116 is a stack-based buffer overflow in handling NTLM challenge data, allowing unauthenticated remote code execution. Affected software: Exim (MTA). Root cause: insufficient validation of user-supplied data length prior to copying into a fixed-length stack buffe...

9.8CVSS8AI score0.03158EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/09/26 2:7 p.m.3421 views

CVE-2019-10092

The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...

6.1CVSS7.3AI score0.81466EPSS
Exploits4References34Affected Software1
CVE
CVE
added 2024/07/29 4:26 p.m.3419 views

CVE-2024-42089

CVE-2024-42089 affects the Linux kernel’s ASoC: fsl-asoc-card driver. The root cause is that priv->pdev was assigned after it was used in fsl_asoc_card_audmux_init(), risking a NULL dereference because priv is zero-initialised. The fix moves the priv->pdev assignment to the start of the pro...

5.5CVSS6.5AI score0.00233EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/02/27 6:46 p.m.3418 views

CVE-2021-46958

CVE-2021-46958 is a Linux kernel issue affecting the Btrfs subsystem. The vulnerability stems from a race between transaction aborts during commit, an ongoing fsync, and the transaction kthread, which can cause a use-after-free of the log_root_tree. Reported symptoms in the description include fo...

4.7CVSS6AI score0.00231EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/02/22 4:34 a.m.3414 views

CVE-2024-23135

Autodesk AutoCAD is affected by a use-after-free in parsing SLDPRT files within ASMkern228A.dll, enabling code execution in the current process. Several sources describe CVE-2024-23135 as a remote code execution vulnerability exploitable via a malicious SLDPRT file; one advisory notes that user i...

7.8CVSS7.7AI score0.00478EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/01/08 5:56 p.m.3414 views

CVE-2022-2602

CVE-2022-2602 is a Linux kernel vulnerability in io_uring related to a use-after-free in the Unix garbage collection path. Multiple connected sources confirm a local, kernel-side issue (io_uring UAF) that can be exploited to crash the kernel and, in PoC scenarios, enable privilege escalation by r...

7CVSS6.9AI score0.01281EPSS
Exploits2References7Affected Software1
CVE
CVE
added 2024/02/22 4:49 a.m.3407 views

CVE-2024-23137

Autodesk AutoCAD contains CVE-2024-23137: a maliciously crafted STP or SLDPRT file processed by ODXSW_DLL.dll can cause uninitialized memory access, enabling code execution in the current process. Multiple related advisories (including ZDI-24-745 and RH notices) describe this as a parsing/initial...

7.8CVSS6.7AI score0.00968EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/22 3:24 a.m.3406 views

CVE-2024-23129

CVE-2024-23129 describes a memory corruption vulnerability in Autodesk AutoCAD when parsing certain 3D model files (3DM, STP, SLDASM) via opennurbs.dll. The root cause is a write access violation during file parsing, which, in the context of the current process, could lead to code execution. Publ...

7.8CVSS6.8AI score0.00401EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/09/18 3:0 p.m.3406 views

CVE-2017-9798

CVE-2017-9798 affects the Apache HTTP Server (httpd) up to 2.4.27 and 2.2.34. A use-after-free flaw in how httpd handles invalid/previously unregistered HTTP methods specified by the Limit directive (used in .htaccess or certain httpd.conf configurations) can allow a remote, unauthenticated attac...

7.5CVSS7.7AI score0.94999EPSS
Exploits9References56Affected Software1
CVE
CVE
added 2024/02/22 4:5 a.m.3404 views

CVE-2024-23131

Autodesk AutoCAD STP file parsing memory corruption vulnerability leading to remote code execution. The issue occurs when parsing STP files, with the memory corruption exploitable to run code in the current process. Descriptions from ZDI advisories confirm a remote code execution condition requir...

7.8CVSS6.7AI score0.00515EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/22 4:48 a.m.3403 views

CVE-2024-23136

Autodesk AutoCAD is affected by CVE-2024-23136 due to a malicious STP file parsed by ASMKERN228A.dll that can cause a dereference of an untrusted pointer, potentially enabling code execution in the current process. The CVSS indicates local access, no privileges required, user interaction required...

7.8CVSS7.7AI score0.00439EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/04 6:55 p.m.3402 views

CVE-2021-24042

The CVE-2021-24042 entry describes a vulnerability in WhatsApp clients where calling logic during 1:1 calls could trigger an out-of-bounds write. Affected products/versions: Android WhatsApp before v2.21.23; Android WhatsApp Business before v2.21.23; iOS WhatsApp before v2.21.230; iOS WhatsApp Bu...

9.8CVSS8.8AI score0.01242EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/16 4:45 p.m.3401 views

CVE-2025-0518

CVE-2025-0518 affects FFmpeg 7.1 and is due to an unchecked return value causing an out-of-bounds read in libavfilter/af_pan.C. The issue is addressed by the FFmpeg commit b5b6391d64807578ab872dc58fb8aa621dcfc38a, which provides the fix. Discovery credited to Simcha Kosman. Public references in c...

5.3CVSS6.6AI score0.00372EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/05/27 11:37 a.m.3400 views

CVE-2025-27462

Citrix XenServer XenServer VM Tools for Windows (Windows PV drivers) are affected by CVE-2025-27462 (and related CVEs 27463, 27464). The XSA advisory confirms that the Windows PV drivers expose facilities to unprivileged users inside a guest, lacking proper security descriptors, enabling privileg...

Exploits0References29
CVE
CVE
added 2024/02/22 3:18 a.m.3400 views

CVE-2024-23128

CVE-2024-23128 relates to Autodesk AutoCAD: parsing of MODEL files in libodxdll.dll and ASMDATAX229A.dll can trigger a memory corruption via write access violation, potentially enabling code execution in the current process. Connected sources (ZDI advisories) describe remote code execution with m...

7.8CVSS6.8AI score0.00515EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/22 1:38 a.m.3400 views

CVE-2024-23123

CVE-2024-23123 affects Autodesk AutoCAD when parsing CATPART files via CC5Dll.dll and ASMBASE228A.dll. The vulnerability is an out-of-bounds write in the parsing path, which can lead to a crash, data corruption, or execution of arbitrary code in the context of the current process. Exploitation co...

7.8CVSS7.7AI score0.00639EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/05/18 3:0 p.m.3398 views

CVE-2015-3306

CVE-2015-3306 affects ProFTPD before patches for 1.3.5, via the mod_copy module. Unauthenticated attackers can use SITE CPFR/CPTO to copy files anywhere on the server and can read/write arbitrary files, enabling remote code execution and information disclosure. Public exploits and proofs (e.g., e...

10CVSS9.2AI score0.96803EPSS
Exploits21References14Affected Software1
Total number of security vulnerabilities5000