Lucene search
K
CveMost viewed

368426 matches found

CVE
CVE
added 2023/08/14 5:21 p.m.2701 views

CVE-2023-0872

OpenNMS Horizon CVE-2023-0872 affects Horizon REST API users endpoint in Horizon 31.0.8 and older than 32.0.2, enabling privilege elevation (to admin) via REST. The issue stems from role escalation between ROLE_REST and ROLE_ADMIN when accessing /rest/users, with confirmed guidance that upgrading...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References2Affected Software2
CVE
CVE
added 2023/09/26 6:30 p.m.2700 views

CVE-2023-39347

Cilium CVE-2023-39347: An attacker with Kubernetes API Server access can update pod labels, causing Cilium to apply incorrect network policies by using user-provided labels to select policies. This can bypass policies when a pod label (e.g., namespace) resolves to non-existent constructs, affecti...

9CVSS8.3AI score0.0046EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/22 4:17 a.m.2699 views

CVE-2023-3247

The CVE-2023-3247 issue affects PHP 8.0.x before 8.0.29, 8.1.x before 8.1.20, and 8.2.x before 8.2.7 when using SOAP HTTP Digest Authentication. The root cause is a random value generator not checked for failure and operating in a narrower value range, which could disclose 31 bits of uninitialize...

4.3CVSS6.7AI score0.00709EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/20 11:20 a.m.2699 views

CVE-2021-44224

CVE-2021-44224 concerns Apache HTTP Server (httpd) with the mod_proxy forward proxy configuration. A crafted URI to a forward proxy (ProxyRequests on) can trigger a NULL pointer dereference, causing a crash. In configurations that mix forward and reverse proxy declarations, it can enable requests...

8.2CVSS8.7AI score0.82295EPSS
Exploits0References19Affected Software1
CVE
CVE
added 2020/01/07 11:5 p.m.2699 views

CVE-2019-17148

CVE-2019-17148 describes a local privilege escalation in Parallels Desktop (v14.1.3, build 45485). The flaw is in the Parallels Service and results from improper validation of a user-supplied string before it is used to perform a system call, enabling an attacker with low-privilege code execution...

7.8CVSS7.6AI score0.005EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/28 12:0 a.m.2692 views

CVE-2023-20178

CVE-2023-20178 affects Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client for Windows. The issue arises in the client update process after a VPN connection, where improper permissions on a temporary directory created during the update could allow a low-privileged, authent...

7.8CVSS7.6AI score0.05374EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2025/01/21 6:46 p.m.2684 views

CVE-2025-23369

CVE-2025-23369 affects GitHub Enterprise Server and centers on an improper verification of the cryptographic signature that can enable signature spoofing for unauthorized internal users. Public details indicate that versions before 3.12.14, 3.13.10, 3.14.7, 3.15.2, and 3.16.0 are impacted. Some c...

8.8CVSS6.4AI score0.01552EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/07/31 12:0 a.m.2681 views

CVE-2023-34644

CVE-2023-34644 is a remote code execution vulnerability in Ruijie Networks products. A crafted POST to /cgi-bin/luci/api/auth allows unauthorized remote attackers to gain the highest privileges. Affected products and versions include Ruijie RG-EW series (EW_3.0(1)B11P204), RG-NBS and RG-S1930 ser...

9.8CVSS9.6AI score0.01523EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/04/15 5:0 a.m.2678 views

CVE-2024-1310

CVE-2024-1310 affects WooCommerce for WordPress up to version 8.5.x (fixed in 8.6). The issue is aBroken Access Control: users with at least the contributor role could leak private, draft, or trashed products they should not access. Publicly documented by multiple sources (e.g., Patchstack, Red H...

4.9CVSS9.3AI score0.0068EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/09/26 8:35 p.m.2675 views

CVE-2023-42820

JumpServer exposes the random number seed to its API, enabling replay of generated verification codes and potentially password resets. Affected versions include 2.28.19 and 3.6.5; upgrades to these versions are recommended. If MFA is enabled or if users are not using local authentication, they ar...

8.2CVSS7.5AI score0.05404EPSS
In wildExploits4References2Affected Software1
CVE
CVE
added 2024/05/03 2:13 a.m.2673 views

CVE-2023-42117

CVE-2023-42117 affects Exim (smtp service). Root cause: Improper neutralization/validation of user-supplied data leading to a memory corruption and remote code execution, with no authentication required. Impact: remote code execution in Exim processes, on affected installations. Affected componen...

9.8CVSS8.4AI score0.05673EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/03 5:57 p.m.2670 views

CVE-2025-24898

CVE-2025-24898 affects rust-openssl: ssl::select_next_proto can return a slice tied to the server buffer with a lifetime bound to the client, enabling a use-after-free if the server buffer’s lifetime is shorter. The Debian LTS advisory notes a fix in rust-openssl 0.10.29-1+deb11u1, addressing the...

6.3CVSS6.9AI score0.0065EPSS
Exploits0References4
CVE
CVE
added 2024/02/28 8:13 a.m.2670 views

CVE-2021-46976

CVE-2021-46976 refers to a Linux kernel vulnerability in drm/i915: Fix crash in auto_retire. The issue arises from using the two lower bits of the retire function pointer to store flags, and because auto_retire may not be 4-byte aligned, this can cause a jump to an incorrect address and a crash. ...

5.5CVSS6.5AI score0.00232EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/04/04 7:21 p.m.2669 views

CVE-2024-27316

CVE-2024-27316 affects the mod_http2 component used with Apache httpd; the issue occurs when HTTP/2 headers exceed the configured limit, causing nghttp2 to buffer headers and potentially leading to memory exhaustion if the client continues sending headers. Connected sources identify affected pack...

7.5CVSS7.2AI score0.91327EPSS
Exploits2References10Affected Software1
CVE
CVE
added 2011/12/06 11:0 a.m.2668 views

CVE-2011-4130

CVE-2011-4130 is a use-after-free in ProFTPD’s Response API prior to 1.3.3g that allows remote authenticated users to execute arbitrary code after an FTP data transfer. Connected sources confirm affected ProFTPD versions and reference patches/updates; Gentoo GLSA 201309-15 recommends upgrading to...

9CVSS7AI score0.12804EPSS
Exploits4References4Affected Software1
CVE
CVE
added 2023/09/20 5:0 a.m.2667 views

CVE-2023-26144

CVE-2023-26144 affects the graphql package: versions 16.3.0 and earlier are vulnerable, with the issue fixed in 16.8.1. Root cause is insufficient checks in OverlappingFieldsCanBeMergedRule.ts when parsing large queries, enabling Denial of Service and degraded performance. The description notes t...

5.3CVSS5AI score0.01198EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2012/01/27 7:0 p.m.2667 views

CVE-2012-0814

The CVE-2012-0814 issue affects OpenSSH’s sshd, specifically the auth_parse_options function in auth-options.c, with reports noting that versions before 5.7 emit debug messages containing authorized_keys command options. This can allow remote authenticated users to read potentially sensitive info...

6.5CVSS4.7AI score0.03672EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2020/02/11 9:22 p.m.2664 views

CVE-2020-0688

CVE-2020-0688 is a remote-code-execution vulnerability in Microsoft Exchange Server. The issue centers on Exchange Control Panel/ViewState deserialization and improper handling of install-time validation keys, enabling an attacker to execute code on a vulnerable server. Public sources in the conn...

9CVSS8.5AI score0.99965EPSS
In wildExploits30References5Affected Software1
CVE
CVE
added 2025/02/19 8:18 p.m.2662 views

CVE-2025-25196

CVE-2025-25196 concerns OpenFGA (< v1.8.4; Helm chart < openfga-0.2.22; docker

9.8CVSS6.4AI score0.00401EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2023/08/07 8:37 p.m.2655 views

CVE-2023-39529

PrestaShop prior to version 8.1.1 is vulnerable to an issue where a file on the server can be deleted through the Attachments controller and the Attachments API. The root cause is an improper handling in the attachments logic that permits deletion of server files. Version 8.1.1 contains a patch t...

9.1CVSS7.8AI score0.00596EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/24 12:7 a.m.2651 views

CVE-2023-1260

CVE-2023-1260 describes an authentication bypass in kube-apiserver within Red Hat OpenShift Container Platform, enabling an authenticated user with update/patch rights on pods/ephemeralcontainers to bypass SCC admission restrictions and gain control of a privileged pod. Affected OpenShift version...

8CVSS7.7AI score0.01569EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2022/03/07 12:0 a.m.2651 views

CVE-2022-0847

CVE-2022-0847 (Dirty Pipe) is a Linux kernel local privilege-escalation flaw in the pipe buffer handling (flags field) where copy_page_to_iter_pipe and push_pipe fail to initialize flags, allowing an unprivileged local user to write to pages cached from read-only files. Public advisories confirm ...

7.8CVSS7.7AI score0.88106EPSS
In wildExploits100References11Affected Software1
CVE
CVE
added 2024/03/03 12:0 a.m.2648 views

CVE-2019-25210

CVE-2019-25210 affects Helm up to 3.13.3: using --dry-run can display secret values in clear text. The vendor states this behavior was introduced intentionally and cannot be removed without breaking compatibility. Red Hat advisories (RHSA entries) list this CVE as a security fix in OCP/OpenShift,...

9.1CVSS6.3AI score0.00675EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/01/05 12:0 a.m.2648 views

CVE-2016-10009

OpenSSH/OpenSSH-ssh-agent PKCS#11 path trust issue (CVE-2016-10009) is still referenced in connected documents as an incomplete fix leading to remote code execution when an agent is forwarded to an attacker-controlled system. Astra Linux notes: The vulnerability is due to an insufficiently trustw...

7.5CVSS7AI score0.37431EPSS
Exploits4References20Affected Software1
CVE
CVE
added 2023/08/03 12:0 a.m.2644 views

CVE-2023-38950

ZKTeco BioTime v8.5.5 is affected by a path traversal vulnerability in the iclock API that allows unauthenticated attackers to read arbitrary files by supplying a crafted payload. This is due to insufficient path validation in the iclock API parameter handling. The issue is fixed in ZKBioTime ver...

7.5CVSS7.9AI score0.8488EPSS
In wildExploits3References5Affected Software1
CVE
CVE
added 2023/08/09 12:0 a.m.2641 views

CVE-2023-38999

OPNsense CSRF in the System Halt API (/system/halt) affects Community Edition <23.7 and Business Edition

6.5CVSS6.4AI score0.00328EPSS
Exploits1References2Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2641 views

CVE-2023-4998

CVE-2023-4998 corresponds to a GitLab vulnerability where an attacker could abuse scheduled security scan policies to run pipelines as another user, potentially gaining elevated privileges. The issue affects GitLab CE/EE versions 13.12 through 16.2.7 and 16.3 through 16.3.4. The mitigation is to ...

7.1AI score
Exploits0
CVE
CVE
added 2024/06/19 10:32 a.m.2637 views

CVE-2023-48759

CVE-2023-48759 is a Missing Authorization vulnerability in Crocoblock JetElements For Elementor (affected: Elementor JetElements <= 2.6.13). The issue allows unauthenticated users to download arbitrary attachments due to a missing authorization check on the download path (arbitrary attachment ...

7.5CVSS7.5AI score0.00399EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/02 9:25 p.m.2634 views

CVE-2021-34527

CVE-2021-34527, known as PrintNightmare, is a Windows Print Spooler remote code execution vulnerability. The flaw allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by abusing privileged file operations in the Print Spooler, enabling installation of programs, data a...

9CVSS9AI score0.99759EPSS
In wildExploits41References6Affected Software17
CVE
CVE
added 2024/05/07 9:1 p.m.2632 views

CVE-2024-0027

The CVE-2024-0027 issue affects Google Android’s SnoozeHelper.java, where multiple methods can exhaust resources and cause a local boot loop/denial of service. Vulnerability details across connected sources consistently describe a DoS resulting from resource exhaustion with no extra privileges an...

5.9CVSS6.6AI score0.00103EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/12/07 9:0 a.m.2632 views

CVE-2018-19935

The connected documents corroborate CVE-2018-19935 affecting PHP 5.x and 7.x versions prior to 7.3.0, where imap_mail() with an empty message string can trigger a NULL pointer dereference and crash the application. Affected component: ext/imap/php_imap.c. Impact per sources is denial of service v...

7.5CVSS7.3AI score0.07065EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/09/28 6:17 p.m.2628 views

CVE-2023-5256

Summary: CVE-2023-5256 affects Drupal sites with the JSON:API module enabled. In certain scenarios, the module outputs error backtraces that may cause sensitive information to be cached and accessible to anonymous users, enabling privilege escalation. Affected scope: Drupal installations with JSO...

7.5CVSS7.3AI score0.00694EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/08/07 8:51 p.m.2626 views

CVE-2023-39530

PrestaShop prior to 8.1.1 is affected by a vulnerability in the CustomerMessage API that allows deletion of server-side files. Root cause aligns with an input validation issue enabling file deletion. Impact is high (integrity/availability affected) as described in multiple advisories; exploitatio...

9.1CVSS7.7AI score0.00741EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/05 6:0 p.m.2624 views

CVE-2023-4169

The CVE-2023-4169 entry affects Ruijie RG-EW1200G model 1.0(1)B1P5. Affected component: /api/sys/set_passwd in Administrator Password Handler. Root cause: improper access controls allow an attacker to reset the administrator password remotely. Impact: attacker can take full control of the router ...

8.8CVSS7.4AI score0.47109EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2023/12/21 9:24 a.m.2623 views

CVE-2023-2585

CVE-2023-2585 concerns Keycloak’s Device Authorization Grant, where flawed validation of device_code and client_id could allow a malicious OAuth client to spoof a consent request and trick an admin into granting access to other OAuth clients or cause unauthorized access. Connected sources corrobo...

8.1CVSS5.6AI score0.00694EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/05/01 5:27 a.m.2619 views

CVE-2024-26991

CVE-2024-26991 relates to the Linux kernel KVM x86/mmu path. The vulnerability stems from overflow of the lpage_info array when checking attributes during KVM_SET_MEMORY_ATTRIBUTES, which can lead to a vmalloc-out-of-bounds read in hugepage attribute checks (observed as KASAN: vmalloc-out-of-boun...

5.5CVSS6.4AI score0.00227EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/01/31 3:25 p.m.2617 views

CVE-2025-23215

PMD Designer’s release signing keys were found with passphrases exposed in Maven Central jars. The two compromised keys (94A5 2756 9CAF 7A47 AFCA BDE4 86D3 7ECA 8C2E 4C5B and EBB2 41A5 45CB 17C8 7FAC B2EB D0BF 1D73 7C9A 1C22) have been revoked; signatures on past artifacts remain valid, and the g...

9.3CVSS6.6AI score0.00315EPSS
Exploits0References3
CVE
CVE
added 2023/08/09 12:0 a.m.2614 views

CVE-2023-39008

The CVE-2023-39008 entry describes a command-injection vulnerability in the /api/cron/settings/setJob/ component of OPNsense. Affected products are OPNsense Community Edition prior to 23.7 and OPNsense Business Edition prior to 23.4.2. The underlying issue allows an attacker to execute arbitrary ...

9.8CVSS9.8AI score0.02561EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/08/01 12:0 a.m.2613 views

CVE-2023-34960

CVE-2023-34960 affects Chamilo LMS (version 1.11.* up to 1.11.18) with a command-injection vulnerability in the wsConvertPpt component. An unauthenticated SOAP API call using a crafted PowerPoint name can lead to arbitrary OS command execution. Public details indicate a high/critical impact (CVSS...

9.8CVSS9.5AI score0.99397EPSS
In wildExploits9References3Affected Software1
CVE
CVE
added 2023/08/10 5:42 p.m.2602 views

CVE-2023-39965

CVE-2023-39965 affects the 1Panel backend (version 1.4.3) where authenticated users can download arbitrary files through the API interface, causing information leakage. The root cause is unauthorized file access via the API (not requiring high privileges). The issue is addressed in version 1.5.0,...

6.5CVSS5.4AI score0.00382EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/01 10:1 a.m.2600 views

CVE-2023-1555

GitLab CVE-2023-1555 affects all versions from 15.2 before 16.1.5, 16.2 before 16.2.5, and 16.3 before 16.3.1. The root cause is a namespace-level banned user being able to access the API, enabling unauthorized API access. The issue is documented with fixed versions: 16.1.5, 16.2.5, and 16.3.1 re...

4.3CVSS4.3AI score0.00387EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/24 6:24 p.m.2598 views

CVE-2023-34478

Apache Shiro prior to 1.12.0 or 2.0.0-alpha-3 is vulnerable to a path traversal issue that can enable an authentication bypass when used with APIs or web frameworks that route requests based on non-normalized paths. Affected versions include Shiro before 1.12.0 and 2.0.0-alpha-3, with the mitigat...

9.8CVSS9.5AI score0.01533EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/04/29 12:55 a.m.2598 views

CVE-2021-25216

CVE-2021-25216 affects BIND: in 64-bit builds it can trigger a buffer over-read, and in 32-bit builds a buffer overflow with potential remote code execution, when GSS-TSIG is enabled. The ISC SPNEGO implementation is being removed from the April releases of BIND 9.11 and 9.16 (and 9.17 already dr...

9.8CVSS8.1AI score0.83406EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2023/09/01 10:30 a.m.2597 views

CVE-2023-4647

GitLab CVE-2023-4647 affects all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, and all versions starting from 16.3 before 16.3.1, where the projects API pagination can be skipped, potentially causing DoS on affected instances. Root cause: flaw in handli...

7.5CVSS5.8AI score0.00612EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/24 12:0 a.m.2595 views

CVE-2023-51767

CVE-2023-51767 — IBM’s connected bulletin confirms a vulnerability mapped to the OpenSSH/OpenSSH-derived issue in OpenSSH up to version 10.0, where row hammer attacks on common DRAM types could enable authentication bypass. Root cause per the bulletin: the integer value of authenticated in mm_ans...

7CVSS6AI score0.00661EPSS
Exploits0References34Affected Software1
CVE
CVE
added 2023/07/05 8:57 p.m.2595 views

CVE-2023-36458

1Panel is an open source Linux server operation and maintenance panel. Affected versions are

8.8CVSS7.5AI score0.01989EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/10/16 12:17 p.m.2594 views

CVE-2023-32191

The CVE-2023-32191 issue affects Rancher RKE: cluster state is stored in the full-cluster-state configmap in the kube-system namespace, containing sensitive credentials and keys (e.g., SSH keys, cloud provider credentials, encryption keys). This enables non-admin users to escalate to admin. Patch...

9.9CVSS9.4AI score0.00641EPSS
Exploits0References2
CVE
CVE
added 2024/05/01 12:54 p.m.2593 views

CVE-2024-27041

CVE-2024-27041 affects the Linux kernel DRM AMD display path. The issue is a NULL-ptr dereference in amdgpu_dm_fini() if adev->dm.dc is NULL before dc_enable_dmub_notifications(). The fix consolidates NULL checks under a single conditional and ensures safe access prior to deinitialization, per...

5.5CVSS6.5AI score0.00272EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2019/03/08 11:0 p.m.2593 views

CVE-2019-9641

CVE-2019-9641 affects PHP's EXIF extension (older PHP 7.1.x/7.2.x/7.3.x branches). Affected versions are PHP 7.1.0–7.1.26/7.2.0–7.2.15/7.3.0–7.3.2 (per sources: 7.1.27, 7.2.16, 7.3.3 as fixed). The root cause is an uninitialized read in exif_process_IFD_in_TIFF (with related notes on exif_process...

9.8CVSS9.2AI score0.09395EPSS
Exploits2References11Affected Software1
CVE
CVE
added 2024/05/23 6:53 p.m.2591 views

CVE-2024-35375

CVE-2024-35375 affects DedeCMS 5.7.114 backend and its mediaadd.php page, where an arbitrary file upload vulnerability exists in the media add functionality. The connected sources do not provide a confirmed fix or patched version. Root cause details are not explicitly described beyond the upload ...

9.8CVSS7AI score0.00469EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000