Lucene search
K
CveMost viewed

368281 matches found

CVE
CVE
added 2018/03/09 8:0 p.m.3148 views

CVE-2016-8612

CVE-2016-8612 affects Apache HTTP Server mod_cluster prior to httpd 2.4.23, with a flaw in the protocol parsing logic of the load balancer that can cause a Segmentation Fault in the httpd process due to improper input validation. Exploitation details are not provided in the connected documents; r...

4.3CVSS5.2AI score0.04692EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/08/24 1:23 a.m.3145 views

CVE-2023-32559

CVE-2023-32559 describes a privilege-escalation vulnerability in Node.js via the experimental policy mechanism. The attack leverages the deprecated API process.binding(), potentially bypassing policy.json and abusing process.binding('spawn_sync') to run arbitrary code outside policy limits. The i...

7.5CVSS8.7AI score0.01484EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.3134 views

CVE-2024-22723

Webtrees 2.1.18 is affected by a Directory Traversal via the media_folder URL parameter, enabling an administrator to access files outside the intended media/ directory. The issue is documented across multiple sources (Red Hat, GHSA, OSV, NVD, CVE records). Affected component: media_folder handli...

4.9CVSS6.5AI score0.00876EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/03/02 11:55 p.m.3123 views

CVE-2021-26855

CVE-2021-26855 is an Exchange Server SSRF vulnerability that enables pre-auth access to Exchange backend and, when chained with CVE-2021-27065, can lead to remote code execution. Public exploitation activity and PoCs (e.g., Nmap http-vuln-cve2021-26855 scripts and curl demonstrations) illustrate ...

9.8CVSS9.5AI score0.99999EPSS
In wildExploits63References6Affected Software1
CVE
CVE
added 2018/08/14 1:0 p.m.3111 views

CVE-2016-4975

CVE-2016-4975: Apache HTTP Server is vulnerable to CRLF injection in mod_userdir causing HTTP response splitting. Affected: 2.4.1–2.4.23. Mitigation/fix: upgrade to Apache HTTP Server 2.4.25 (and 2.2.32 for the 2.2 line). The issue is resolved by changes that prohibit CR or LF injection into head...

6.1CVSS6.9AI score0.19798EPSS
Exploits0References24Affected Software1
CVE
CVE
added 2018/01/18 11:0 p.m.3105 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.29726EPSS
Exploits2References38Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.3093 views

CVE-2023-42840

CVE-2023-42840 affects macOS components and is addressed by Apple in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The public description states that an app may be able to access user-sensitive data and that the issue was fixed via improved checks. The connected Red Hat entr...

5.5CVSS6.6AI score0.00245EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/04/11 12:0 a.m.3091 views

CVE-2023-29483

CVE-2023-29483 affects dnspython (used with eventlet) and enables a remote attacker to interfere with DNS name resolution by sending an invalid UDP packet before a valid one (a TuDoor attack). Affected combo: eventlet before 0.35.2 used in dnspython before 2.6.0. The note indicates 2.6.0 is unusa...

7CVSS6.3AI score0.01857EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2024/11/18 8:12 p.m.3089 views

CVE-2024-52304

CVE-2024-52304 – aiohttp request-smuggling vulnerability : Prior to 3.10.11, aiohttp’s Python parser mishandled newlines in chunk extensions, enabling a request-smuggling condition under certain scenarios. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker coul...

7.5CVSS7AI score0.00576EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/08/07 3:32 p.m.3073 views

CVE-2020-11993

CVE-2020-11993 affects Apache HTTP Server 2.4.20–2.4.43: when trace/debug is enabled for the HTTP/2 module and certain traffic patterns, logging can be performed on the wrong connection, leading to concurrent use of memory pools. Mitigation in public advisories: set LogLevel for mod_http2 above i...

7.5CVSS8.6AI score0.58716EPSS
In wildExploits2References26Affected Software1
CVE
CVE
added 2019/08/13 8:50 p.m.3067 views

CVE-2019-9516

CVE-2019-9516 is an HTTP/2 header leak vulnerability affecting nginx and several Linux distributions. The issue occurs when an attacker sends streams with 0-length header names and values (optionally Huffman encoded), causing nginx to allocate memory for headers that may be kept until the session...

7.5CVSS7.3AI score0.56262EPSS
Exploits0References37Affected Software1
CVE
CVE
added 2015/07/14 11:0 p.m.3066 views

CVE-2015-1763

Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 are affected by CVE-2015-1763, caused by use of uninitialized memory during certain virtual function calls, enabling remote authenticated code execution via a crafted query. This aligns with MS15-058 vulnerabilities. Explo...

8.5CVSS8AI score0.11925EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/23 4:31 p.m.3051 views

CVE-2024-34931

CVE-2024-34931 describes a SQL injection in Campcodes Complete Web-Based School Management System 1.0, exploitable via the parameter name in /model/update_subject.php. The root cause is unsanitized user input allowing arbitrary SQL commands, leading to high-impact outcomes across confidentiality,...

9.8CVSS8.5AI score0.0051EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/11/06 3:53 p.m.3047 views

CVE-2025-22288

CVE-2025-22288 is a path traversal vulnerability in the WordPress Smush Image Compression and Optimization plugin (wp-smushit) by WPMU DEV. The issue is described as a directory traversal flaw allowing access via a path like '.../...//', affecting the Smush Image Compression and Optimization plug...

4.1CVSS8.6AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2023/07/25 6:8 a.m.3045 views

CVE-2023-35078

CVE-2023-35078 is an authentication-bypass vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core. Public exploit/tooling exists targeting the API path /mifs/aad/api/v2/authorized/users to access restricted data without authentication. Affected versions include Ivanti/Mob...

10CVSS9.5AI score0.99999EPSS
In wildExploits14References5Affected Software1
CVE
CVE
added 2024/12/17 3:55 p.m.3044 views

CVE-2024-53144

CVE-2024-53144 corresponds to a Linux kernel Bluetooth issue: “Bluetooth: hci_event: Align BR/EDR JUST_WORKS pairing with LE” which aligns BR/EDR JUST_WORKS with LE and interacts with policy that now requires user confirmation. Connected items show concrete detail for CVE-2024-8805 (BlueZ HID ove...

5.5CVSS6.6AI score0.00256EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2025/01/09 12:33 a.m.3032 views

CVE-2024-27980

CVE-2024-27980 affects Node.js where improper handling of batch files in child_process.spawn/spawnSync allows a malicious command line argument to inject arbitrary commands and achieve code execution even when shell is not enabled. The issue is documented across multiple feeds (Node.js CVE entry,...

8.1CVSS7.7AI score0.01387EPSS
Exploits0References5
CVE
CVE
added 2025/01/21 12:18 p.m.3003 views

CVE-2025-21659

CVE-2025-21659 relates to the Linux kernel where the netdev subsystem previously allowed NAPI instances to be accessed across different network namespaces. The underlying issue was that NAPI IDs were not fully namespace-aware before the netlink API, allowing potential cross-namespace exposure of ...

5.5CVSS6.5AI score0.00173EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/03/26 3:0 p.m.2994 views

CVE-2017-15710

The CVE-2017-15710 issue affects Apache httpd when mod_authnz_ldap is used with AuthLDAPCharsetConfig. A crafted Accept-Language header is looked up in a charset table; if not present, it is truncated to two characters, and values shorter than two characters trigger an out-of-bounds write of a NU...

7.5CVSS7.5AI score0.18197EPSS
Exploits0References27Affected Software1
CVE
CVE
added 2023/08/21 4:51 p.m.2990 views

CVE-2023-38035

CVE-2023-38035 affects Ivanti Sentry (MobileIron Sentry) 9.18.0 and earlier, via an unauthenticated path to the System Manager Portal on port 8443 due to an insufficiently restricting Apache HTTPD config. Exploitation can allow an attacker to bypass admin interface controls, change configuration,...

9.8CVSS9.7AI score0.99949EPSS
In wildExploits6References3Affected Software1
CVE
CVE
added 2023/08/21 6:55 a.m.2989 views

CVE-2022-46751

CVE-2022-46751: Apache Ivy is vulnerable to XML External Entity (XXE) or XML injection due to improper restriction of DTD processing. Affected versions: Ivy prior to 2.5.2. Root cause: parsing XML files (Ivy config, Ivy files, POMs) can download external DTDs and expand entities, enabling data ex...

8.2CVSS8.4AI score0.01855EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/12/13 8:16 a.m.2983 views

CVE-2022-22942

CVE-2022-22942 concerns the VMware VMWGFX Linux kernel driver, enabling local privilege escalation due to a dangling file pointer in the driver that can let unprivileged users access files opened by other processes. Affected component: VMware vmwgfx/VGA driver in the kernel. Root cause/impact: lo...

7.8CVSS7.9AI score0.02579EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2024/07/01 6:14 p.m.2976 views

CVE-2024-38474

CVE-2024-38474 affects Apache HTTP Server’s mod_rewrite: substitutions that capture and substitute unsafely can be mis-encoded, enabling unintended access paths. The issue is fixed by upgrading to Apache HTTP Server 2.4.60 (and related advisories note versions 2.4.61+ as subsequent fixes). Connec...

9.8CVSS9.8AI score0.02456EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2008/08/27 8:0 p.m.2971 views

CVE-2008-3844

CVE-2008-3844 corresponds to tampered Red Hat OpenSSH packages from August 2008 signed with a Red Hat key. The Trojan-Horse modification was introduced in certain RHEL 4/5 OpenSSH packages and its impact remains unknown; distribution was limited to unofficial channels, with no known official Red ...

9.3CVSS6.1AI score0.02674EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2022/03/17 7:37 a.m.2966 views

CVE-2022-8011

CRI-O suffers CVE-2022-0811: a code change introduced in CRI-O 1.19 allows setting kernel.core_pattern to trigger a core dump to a malicious command, enabling container escape and potential root execution on a node. Affected: CRI-O versions 1.19 and later. Impact: remote code execution on the hos...

Exploits0
CVE
CVE
added 2024/05/01 5:26 a.m.2963 views

CVE-2024-26980

CVE-2024-26980 is confirmed with concrete technical details in connected Astra Linux bulletin: Linux kernel ksmbd slab-out-of-bounds in smb2_allocate_rsp_buf when SMB2_TRANSFORM_PROTO_NUM is used; an SMB2 request smaller than sizeof(struct smb2_query_info_req) could trigger a slab read before buf...

5.5CVSS6.4AI score0.00226EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/09/15 2:12 a.m.2961 views

CVE-2022-20917

CVE-2022-20917 describes a vulnerability in the XMPP message processing feature of Cisco Jabber. The issue arises from improper handling of nested XMPP messages in requests, enabling an authenticated, remote attacker to manipulate the content of XMPP messages used by the Jabber client and potenti...

4.3CVSS4.7AI score0.00887EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/02 12:33 p.m.2960 views

CVE-2021-3613

CVE-2021-3613 affects OpenVPN Connect for Windows (versions 3.2.0–3.3.0). A local user can load arbitrary dynamic loadable libraries via an OpenSSL configuration file, enabling arbitrary code execution with the same privileges as OpenVPNConnect.exe. Public sources confirm the affected range and i...

7.8CVSS7.6AI score0.00568EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/20 12:0 a.m.2957 views

CVE-2022-40286

Seagate Media Sync has a local privilege escalation vulnerability: improper handling of data transfer via the named pipe MEDIA_AGGRE_PIPE.PIP and a registry-value creation via the service’s A function allow an attacker to spawn a SYSTEM shell by manipulating the Seagate service. PT-2022-25321 not...

Exploits0References2
CVE
CVE
added 2024/03/11 4:35 p.m.2950 views

CVE-2024-0044

CVE-2024-0044 is an Android framework issue in PackageInstallerService where createSessionInternal accepts an installerPackageName that is not properly validated, allowing a local attacker with adb access to run-as any app. The root cause is insufficient validation of the installerPackageName arg...

7.8CVSS6.8AI score0.0146EPSS
Exploits17References7Affected Software1
CVE
CVE
added 2024/05/07 9:1 p.m.2942 views

CVE-2024-0022

CVE-2024-0022 affects Android’s CompanionDeviceManagerService.java. The issue is improper input validation that can cause a NotificationAccessConfirmationActivity to be launched for another user profile, enabling local information disclosure without extra privileges and without user interaction. ...

5.5CVSS6.1AI score0.00105EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/11 7:13 p.m.2932 views

CVE-2023-23384

CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...

7.3CVSS7.6AI score0.00871EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/09 10:48 a.m.2931 views

CVE-2023-32732

CVE-2023-32732: gRPC vulnerability where a base64 encoding error for -bin suffixed headers can cause the gRPC server to terminate a connection with an HTTP/2 proxy, potentially affecting availability (LOW). Root cause described as a header encoding mishap that proxies may still allow, with remedi...

5.3CVSS5.5AI score0.00531EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/08 8:40 p.m.2923 views

CVE-2024-27282

CVE-2024-27282 affects Ruby 3.x through 3.3.0: attacker-supplied data in the Ruby regex compiler may read arbitrary heap data from the start of the text, including pointers and sensitive strings. Fixed versions: 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Multiple connected advisories reference this CVE and ...

6.6CVSS6.5AI score0.00629EPSS
Exploits0References6
CVE
CVE
added 2023/07/21 12:0 a.m.2923 views

CVE-2023-38646

CVE-2023-38646 affects Metabase Open Source versions before 0.46.6.1 and Metabase Enterprise versions before 1.46.6.1, allowing unauthenticated remote code execution via the api/setup/validate endpoint (pre-auth RCE). Exploitation details are documented in multiple PoCs and exploits (e.g., via /a...

9.8CVSS9.7AI score0.97924EPSS
In wildExploits36References6Affected Software1
CVE
CVE
added 2022/04/13 12:0 a.m.2923 views

CVE-2015-20107

The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...

8CVSS7.8AI score0.07017EPSS
Exploits1References30Affected Software1
CVE
CVE
added 2019/04/19 12:0 a.m.2921 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.87218EPSS
In wildExploits4References73Affected Software1
CVE
CVE
added 2024/02/28 11:7 p.m.2918 views

CVE-2024-23910

CVE-2024-23910 describes a CSRF vulnerability in ELECOM wireless LAN routers and repeaters, allowing remote unauthenticated attackers to hijack administrator sessions and perform unintended operations. Affected products include models such as WMC-X1800GST-B and WSC-X1800GS-B (also part of the e-M...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/09 1:35 p.m.2913 views

CVE-2024-53947

CVE-2024-53947 : Apache Superset is affected by an SQL Injection vulnerability due to improper neutralization of certain engine-specific functions, allowing bypass of SQL authorization. The issue affects versions

9.8CVSS7AI score0.0079EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/18 8:18 p.m.2912 views

CVE-2023-22045

CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...

3.7CVSS4.4AI score0.01164EPSS
Exploits0References5Affected Software4
CVE
CVE
added 2020/02/07 3:9 p.m.2911 views

CVE-2019-18988

CVE-2019-18988 affects TeamViewer Desktop up to 14.7.1965, where a single AES key was reused across different customer installations (used for OptionsPasswordAES). This allows an attacker who gains the key to decrypt protected data stored in registry/configuration files, potentially revealing the...

7CVSS7AI score0.04746EPSS
In wildExploits2References5Affected Software1
CVE
CVE
added 2023/06/09 10:54 a.m.2906 views

CVE-2023-32731

CVE-2023-32731 involves a vulnerability in the gRPC HTTP/2 HPACK handling. When the HPACK header size exceeded error is raised, the stack skips parsing the remainder of the HPACK frame, causing HPACK table mutations to be ignored and desynchronizing the HPACK tables between sender and receiver. T...

7.5CVSS7.5AI score0.00502EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/09/24 6:0 p.m.2901 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildExploits130References171Affected Software1
CVE
CVE
added 2025/01/31 5:51 p.m.2894 views

CVE-2025-0938

Summary (CVE-2025-0938): The issue arises in Python’s standard library URL parsing, where urllib.parse.urlsplit/urlparse accepted domain names containing square brackets, contrary to RFC 3986. This leads to differential parsing between Python’s parser and other RFC-compliant parsers. The connecte...

6.3CVSS6.5AI score0.01499EPSS
Exploits0References11
CVE
CVE
added 2024/05/03 2:13 a.m.2894 views

CVE-2023-42114

CVE-2023-42114 corresponds to an Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure vulnerability. The flaw occurs in NTLM challenge handling due to improper validation of user-supplied data, enabling a read past the end of an allocated structure. A remote attacker can disclose informa...

5.3CVSS6.1AI score0.28084EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/20 1:34 p.m.2892 views

CVE-2022-1438

CVE-2022-1438 is an XSS vulnerability in Keycloak where HTML entities are not sanitized during user impersonation. Red Hat advisories (RHSA-2023:1043/1044/1045) fix this issue in Red Hat Single Sign-On 7.6.2 on RHEL 7/8/9. The NVD CVSS data indicates a MEDIUM to HIGH impact depending on the vecto...

6.4CVSS5.5AI score0.0066EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/05/13 11:0 p.m.2887 views

CVE-2024-27789

CVE-2024-27789 is a logic issue in Apple systems where improved checks address a vulnerability that could allow an app to access user-sensitive data. The fix is deployed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, and macOS Sonoma 14.4. The connected documents co...

5.5CVSS7.1AI score0.00622EPSS
Exploits0References15Affected Software3
CVE
CVE
added 2023/07/03 8:5 p.m.2886 views

CVE-2023-2727

CVE-2023-2727: Kubernetes clusters that use ephemeral containers are affected when the ImagePolicyWebhook admission plugin is used together with ephemeral containers; this may allow launching containers from images restricted by ImagePolicyWebhook. The vulnerability is described in the initial do...

6.5CVSS6.6AI score0.01134EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/06/09 10:46 a.m.2877 views

CVE-2023-1428

CVE-2023-1428: gRPC for C++ is affected by a denial of service due to specific HTTP/2 header handling. When certain headers (for example te: x; :scheme: x; grpclb_client_stats: x) are sent and the total header size exceeds 8 KB, gRPC’s C++ implementation can abort(). The vulnerability is a NETWOR...

7.5CVSS7.3AI score0.00412EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/18 12:4 p.m.2873 views

CVE-2023-32187

CVE-2023-32187 describes an “Allocation of Resources Without Limits or Throttling” vulnerability in SUSE k3s. Remote/unauthenticated actors who can access the K3s apiserver/supervisor port (TCP 6443) may cause a denial of service by improper resource throttling. Affected k3s releases include: v1....

7.5CVSS7.3AI score0.00605EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000