Lucene search
K
CveMost viewed

368410 matches found

CVE
CVE
added 2024/05/01 5:28 a.m.2868 views

CVE-2024-26994

CVE-2024-26994 (Linux kernel) is a concrete vulnerability: the Speakup console driver may crash when a very long word (>256 chars) is presented, due to a buffer length issue. The fix prevents using a word buffer beyond its limit, stopping word processing before overflow. Connected Astra Linux ...

5.9CVSS6.3AI score0.00277EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2024/02/21 6:41 a.m.2868 views

CVE-2023-42858

CVE-2023-42858 affects Apple macOS: an app may access user-sensitive data due to a prior access-control issue. It is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, and macOS Ventura 13.6.1. The issue is described as addressed with improved checks; no exploit details are provided in the connec...

5.5CVSS6.6AI score0.00187EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/04/04 10:0 a.m.2858 views

CVE-2011-5000

OpenSSH

3.5CVSS4.7AI score0.02595EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/08/09 3:6 p.m.2852 views

CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 had a vulnerability in JWT-based service-mesh authentication that allowed or denied access independent of service identities. The issue is fixed in version 1.16.1. No exploitation details are provided in the connected documents. Affected product/versi...

7.4CVSS7.1AI score0.0038EPSS
Exploits0References1Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2848 views

CVE-2021-0447

CVE-2021-0447 entry is rejected/not used per the description.

7.5AI score
Exploits0
CVE
CVE
added 2023/07/18 8:18 p.m.2847 views

CVE-2023-22044

CVE-2023-22044 affects OpenJDK/OpenJDK-based runtimes (e.g., Debian openjdk-17, AlmaLinux java-17-openjdk) as part of the July 2023 Java updates. Connected advisories confirm it is among multiple OpenJDK vulnerabilities and are addressed by updates to OpenJDK 17 (e.g., 17.0.8) across distribution...

3.7CVSS3.9AI score0.01127EPSS
Exploits0References3Affected Software4
CVE
CVE
added 2024/05/01 1:4 p.m.2838 views

CVE-2024-27073

CVE-2024-27073 concerns the Linux kernel media/ttpci budget code. The connected sources describe two memory leaks in budget_av_attach that occur when saa7146_register_device or saa7146_vv_init fail, and that budget_av_attach should free resources similarly to the error-handling in ttpci_budget_in...

5.5CVSS6.4AI score0.00282EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2023/08/03 9:24 p.m.2833 views

CVE-2023-20214

Cisco SD-WAN vManage REST API authentication validation vulnerability (CVE-2023-20214) allows unauthenticated remote attackers to read or partially modify configuration due to insufficient REST API request validation. Affected product: Cisco SD-WAN vManage (REST API surface only; web UI/CLI unaff...

9.1CVSS9.3AI score0.00731EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/10/25 5:10 p.m.2830 views

CVE-2021-34859

CVE-2021-34859 affects TeamViewer 15.16.8.0. The issue stems from improper validation during parsing of TVS files, leading to memory corruption that enables remote code execution in the context of the current process. Exploitation requires user interaction (the target opens a malicious file or vi...

8.8CVSS8.9AI score0.09134EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/12 12:9 a.m.2827 views

CVE-2025-1243

Temporal api-go library prior to v1.44.1 fails to send update response data to Data Converter when used in a gRPC proxy during UpdateWorkflowExecution, causing incomplete Data Converter transformations (e.g., encryption) on the update response field. This occurs only when using the UpdateWorkflow...

2CVSS6.2AI score0.0009EPSS
Exploits0References2
CVE
CVE
added 2024/12/11 10:35 p.m.2826 views

CVE-2024-53845

CVE-2024-53845 concerns ESPRESSIF ESP-IDF’s ESPTouch v2 AES/CBC encryption where the Initialization Vector (IV) was not configurable prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8, causing a deterministic ciphertext and potential data leakage. The fixed behavior, implemented in these versions, ...

8.7CVSS6.8AI score0.0056EPSS
Exploits0References9
CVE
CVE
added 2024/05/23 4:33 p.m.2811 views

CVE-2024-34932

The CVE-2024-34932 entry concerns Campcodes Complete Web-Based School Management System 1.0. A SQL injection vulnerability exists in the /model/update_exam.php endpoint, exploitable via the name parameter to execute arbitrary SQL commands. The issue is described across multiple connected records ...

9.8CVSS8.5AI score0.0051EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/03/14 6:24 p.m.2807 views

CVE-2023-42938

The CVE-2023-42938 entry concerns Apple iTunes for Windows prior to version 12.13.1, where a logic issue could allow a local user to elevate privileges. The vulnerability is described across multiple Connected documents as a local privilege escalation affecting iTunes on Windows, caused by insuff...

7.8CVSS5.6AI score0.00189EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/30 4:48 p.m.2806 views

CVE-2024-56734

CVE-2024-56734 affects Better Auth (TypeScript) prior to version 1.1.6, where the verify-email endpoint accepts a callbackURL parameter and uses JWT without proper domain validation. This open-redirect flaw can allow an attacker to redirect users to arbitrary, attacker-controlled sites. Root caus...

7.9CVSS6.7AI score0.00388EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/13 4:31 p.m.2802 views

CVE-2023-4785

CVE-2023-4785: Google gRPC core flaw — lack of error handling in the TCP server on posix platforms (e.g., Linux) can cause DoS when many connections are opened. Affected: gRPC C++, Python, Ruby (not Java/Go). Upgrades exist: CBLMariner advises grpc >= 1.62.0-2; IBM advisories for Cloud Pak for...

7.5CVSS7.2AI score0.00666EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/01/14 6:43 p.m.2800 views

CVE-2024-50349

CVE-2024-50349 affects Git. When prompting for credentials in terminal (no credential helper), Git decodes URL-encoded parts and prints the host; attackers can craft URLs with ANSI escape sequences to mislead users. The issue was patched via commits 7725b81 and c903985 and is addressed in multipl...

4.7CVSS3.7AI score0.00643EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/01/14 6:39 p.m.2797 views

CVE-2024-52006

Git vulnerability CVE-2024-52006 involves newline confusion in credential helpers that use a line-based protocol. Some environments (notably .NET and Node.js) may treat a single Carriage Return as a newline, bypassing protections for credential helpers that rely on CR handling. The issue has been...

7.5CVSS7.4AI score0.01019EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/11/26 6:52 p.m.2797 views

CVE-2024-52008

Fides (open-source privacy engineering platform) has a password policy bypass in its invite flow. The /api/v1/user/accept-invite endpoint does not enforce the server-side password policy, allowing an invited user to set an arbitrarily weak password during initial account setup despite UI client-s...

8.8CVSS6.5AI score0.00536EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/10/09 6:59 p.m.2797 views

CVE-2024-3656

The issue CVE-2024-3656 affects Keycloak prior to 24.0.5, where several admin REST API endpoints allow low-privilege users to perform administrator actions. The root cause is broken access control enabling authenticated non-admin users to access functionalities intended for admins, potentially le...

8.1CVSS7.9AI score0.02837EPSS
Exploits0References8
CVE
CVE
added 2024/05/01 12:54 p.m.2792 views

CVE-2024-27054

The CVE-2024-27054 issue resides in the Linux kernel s390/dasd path where the module refcount could be decremented twice due to manual handling of refcounts after device association. The vulnerability results in an artificial decrease of the module’s refcount on each error path, rather than keepi...

5.5CVSS6.5AI score0.00273EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/03/19 12:2 p.m.2792 views

CVE-2024-2609

The CVE-2024-2609 issue concerns a permission-prompt input delay that can expire when the window is not focused, enabling clickjacking on malicious sites. Affected products and versions include Firefox < 124, Firefox ESR < 115.10, and Thunderbird

6.1CVSS5.5AI score0.00598EPSS
Exploits1References6Affected Software2
CVE
CVE
added 2014/01/29 3:0 p.m.2792 views

CVE-2014-1692

CVE-2014-1692 affects OpenSSH up to version 6.4 when Makefile.inc enables J-PAKE; the hash_buffer function in schnorr.c may not initialize certain data structures, enabling remote attackers to trigger a memory corruption denial of service (and potentially other impact). The provided documents do ...

7.5CVSS5.3AI score0.04587EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2023/07/26 1:54 p.m.2788 views

CVE-2023-39153

CVE-2023-39153 is a CSRF vulnerability in Jenkins GitLab Authentication Plugin versions ≤ 1.17.1. The flaw allows an attacker to lure a logged-in user into authenticating to the attacker’s account, via a crafted request, effectively abusing the OAuth flow. The root cause is the plugin’s lack of a...

5.4CVSS5.3AI score0.00608EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/07 12:0 a.m.2787 views

CVE-2024-34397

GLib vulnerability CVE-2024-34397: a GDBus signal-subscription spoofing flaw allows non-trusted local users on shared systems to inject spoofed D-Bus signals, potentially making a GDBus client misbehave (application-dependent impact). Affected: GLib’s GDBus-based clients; vulnerable in GLib up to...

5.2CVSS6.2AI score0.00756EPSS
Exploits1References14Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.2787 views

CVE-2024-26880

CVE-2024-26880 (Linux kernel) summary The issue concerns the DM stack’s suspend/resume flow: dm_internal_resume previously called origin_postsuspend/DM targets’ resume in a way that could corrupt the hash_list due to paired suspend/resume calls being mismatched. The fix changes __dm_internal_resu...

6.3CVSS6.2AI score0.00689EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2025/03/07 3:13 p.m.2785 views

CVE-2025-27152

CVE-2025-27152 affects axios, a promise-based HTTP client for browser and Node.js. The issue occurs when passing absolute URLs (not protocol-relative) to axios; even if baseURL is set, requests may be sent to the absolute URL, enabling SSRF and potential credential leakage for both server-side an...

8.7CVSS6.9AI score0.00759EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/05/01 5:18 a.m.2778 views

CVE-2024-26950

CVE-2024-26950 concerns the Linux kernel's WireGuard netlink handling. The connected documents confirm a concrete issue in the kernel’s WireGuard netlink path where a NULL peer->device could be dereferenced. The fix changes the device retrieval to ctx->wg (i.e., obtain the device from the c...

5.5CVSS6.4AI score0.00236EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.2778 views

CVE-2024-26889

CVE-2024-26889 refers to a Linux kernel security fix for a Bluetooth (hci_core) buffer overflow. The root cause was a fixed-size name field in struct hci_dev_info (name[8]); a larger hdev->name could cause strcpy to overrun its destination. The fix switches to strscpy to safely copy the device...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2019/07/16 8:16 p.m.2773 views

CVE-2019-3571

WhatsApp Desktop versions prior to 0.3.3793 are affected by an input validation issue that allows malicious clients to send files to users that would be displayed with a wrong extension. Root cause: input validation weakness. Supported by multiple sources (NVD/NVD-linked CVE records). No exploit ...

5.3CVSS5.2AI score0.00776EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 5:17 a.m.2771 views

CVE-2024-26940

CVE-2024-26940 refers to a Linux kernel issue in drm/vmwgfx where /sys/kernel/debug/dri/0/mob_ttm could be created even if the corresponding ttm_resource_manager was not allocated, risking a crash when reading the file. The fix adds checks to only create mob_ttm, system_mob_ttm, and gmr_ttm debug...

5.5CVSS6.4AI score0.00227EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/02/11 3:48 p.m.2767 views

CVE-2025-24976

Distribution’s token authentication flaw (CVE-2025-24976) affects registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token auth enabled. The root cause: JWT JWK verification accepts a header with a certificate chainless JWK but only validates the KeyID against trusted keys, not the actual key...

8.7CVSS6.5AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2023/07/03 8:6 p.m.2767 views

CVE-2023-2728

CVE-2023-2728 : The vulnerability allows containers to bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when ephemeral containers are used. Kubernetes clusters are affected only if both the ServiceAccount admission plugin and the annotation kubernetes.io/enforce...

6.5CVSS6.6AI score0.02157EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/12/24 9:22 a.m.2761 views

CVE-2024-53240

The CVE-2024-53240 entry refers to a Xen netfront crash in the Linux kernel. The issue occurs when removing a netfront device directly after a suspend/resume cycle, where queues may not be reinitialized and a crash can happen when stopping them. The fix is to check that the queues exist before st...

5.7CVSS6.9AI score0.00612EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2024/12/24 11:28 a.m.2748 views

CVE-2024-53148

CVE-2024-53148 affects the Linux kernel (comedi: Flush partial mappings in error case). If remap_pfn_range() partially succeeded before a failure, user mappings can remain in place until the mmap error path is taken; the fix explicitly flushes all mappings in the VMA on error. A commit titled mm:...

5.5CVSS6.4AI score0.0022EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2023/08/15 3:11 p.m.2748 views

CVE-2023-35082

CVE-2023-35082 describes an authentication bypass in Ivanti EPMM 11.10 and older, allowing unauthenticated access to restricted API functionality. The vulnerability is tied to Ivanti EPMM/MobileIron Core deployments and is documented as an authentication bypass that enables unauthorized access to...

10CVSS9.5AI score0.99999EPSS
In wildExploits2References2Affected Software1
CVE
CVE
added 2024/04/17 10:27 a.m.2743 views

CVE-2024-26894

CVE-2024-26894 affects the Linux kernel: ACPI: processor_idle memory leak after CPU idle device unregister. Root cause: memory allocated for acpi_processor_power_exit is not freed. Remediation: free the CPU idle device after unregistering it (kernel patch cited in multiple advisories).

6CVSS6.3AI score0.00254EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2018/03/29 7:0 a.m.2740 views

CVE-2018-7600

CVE-2018-7600 (Drupalgeddon2) is a remote code execution vulnerability in Drupal core. Public details confirm it affects: Drupal 7.x up to 7.57/7.58; Drupal 8.x up to 8.3.8/8.3.9; 8.4.x up to 8.4.5/8.4.6; 8.5.x up to 8.5.0/8.5.1, with default or common module configurations. The root cause involv...

9.8CVSS10AI score0.99993EPSS
In wildExploits46References21Affected Software1
CVE
CVE
added 2024/11/26 11:34 p.m.2737 views

CVE-2024-53849

The CVE-2024-53849 issue affects editorconfig-core-c (EditorConfig core library in C) where multiple escaped characters in input patterns can trigger stack/pointer overflows in the '[' handling during parsing. The root cause is that added backslashes reduce available space in nested-bracket outpu...

4.8CVSS6.5AI score0.00203EPSS
Exploits0References6
CVE
CVE
added 2024/05/01 5:18 a.m.2736 views

CVE-2024-26956

CVE-2024-26956 covers a kernel vulnerability in nilfs2 within the Linux kernel. The issue has two flaws: (1) nilfs_get_block() may misinterpret a DAT-corrupted data block as existing, due to DAT translation returning -ENOENT; and (2) after this inconsistency, the caller may request a read on an u...

7.8CVSS6.8AI score0.00255EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2023/09/14 2:48 p.m.2734 views

CVE-2023-1108

CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...

7.5CVSS7.3AI score0.01771EPSS
Exploits0References18Affected Software12
CVE
CVE
added 2021/01/11 2:33 p.m.2729 views

CVE-2020-35483

AnyDesk on Windows prior to 6.1.0 (portable mode) is affected. If an attacker can write to the application directory, a Trojan horse gcapi.dll can be placed with a read‑only setting, enabling local user account compromise. Affected component is the application executable/dll loading mechanism in ...

7.8CVSS7.3AI score0.00468EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/14 9:55 a.m.2728 views

CVE-2024-52577

CVE-2024-52577 concerns Apache Ignite: versions 2.6.0 through

9.5CVSS7.4AI score0.02427EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/29 11:2 a.m.2720 views

CVE-2024-27906

CVE-2024-27906 affects Apache Airflow versions before 2.8.2. The published docs describe a vulnerability where authenticated users can view DAG code and import errors for DAGs they should not be allowed to view via the API and the UI. The primary impact is information disclosure of DAG contents a...

5.9CVSS5.5AI score0.00343EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/11/15 3:0 a.m.2718 views

CVE-2017-11882

CVE-2017-11882 is a memory corruption vulnerability in Microsoft Office's Equation Editor that affects Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016. The flaw resides in eqnedt32.exe, an out-of-process COM server, and can lead to remote code execution when a user opens a specially crafted Word do...

9.3CVSS8.3AI score0.99945EPSS
In wildExploits33References15Affected Software1
CVE
CVE
added 2023/09/07 1:12 p.m.2716 views

CVE-2022-30637

Adobe Illustrator CVE-2022-30637 is an out-of-bounds write in font parsing that could allow arbitrary code execution. Affected: Illustrator 26.0.2 and earlier, and 25.4.5 and earlier. Exploitation requires user interaction (open a malicious file). No exploit details are provided in the documents....

7.8CVSS7.8AI score0.00402EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/25 12:0 a.m.2712 views

CVE-2023-2804

CVE-2023-2804 affects libjpeg-turbo; a heap-based buffer overflow in h2v2_merged_upsample_internal() of jdmrgext.c can be triggered when decoding 12-bit lossless JPEGs with out-of-range samples, leading to segmentation faults or buffer overflows and application crashes. The vulnerability requires...

6.5CVSS6.3AI score0.012EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2024/07/30 7:46 a.m.2708 views

CVE-2024-42139

CVE-2024-42139 affects the Linux kernel component related to ice/extts handling for PTP; when the driver is removed while an application using ts2phc is running, a previously enabled extts event may remain active, potentially causing a kernel crash. On driver reload, a remaining extts event for t...

5.5CVSS6.5AI score0.002EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/09 4:37 p.m.2707 views

CVE-2024-27393

CVE-2024-27393 involves the Linux kernel: xen-netfront missing skb_mark_for_recycle call due to history of page_pool_release_page usage. The root cause is that skb_mark_for_recycle() was introduced after fixes tag and a missing call to page_pool_release_page() in older revisions (v5.9–v5.14). Fro...

5.5CVSS6.5AI score0.00253EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/08/16 2:32 p.m.2705 views

CVE-2023-40343

CVE-2023-40343 affects Jenkins Tuleap Authentication Plugin (versions 1.1.20 and earlier). The root cause is a non-constant-time comparison function when validating authentication tokens, which could allow attackers to apply statistical methods to obtain a valid token. The issue is mitigated by u...

5.9CVSS5.7AI score0.00494EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/26 8:19 p.m.2703 views

CVE-2023-41333

Cilium is vulnerable: an attacker who can create/modify CiliumNetworkPolicy objects in a namespace can bypass namespace restrictions and affect traffic across the entire cluster by crafting an endpointSelector that uses the DoesNotExist operator on the reserved:init label. The issue requires API ...

8.1CVSS7.1AI score0.00408EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000