Lucene search
K
CveMost viewed

368717 matches found

CVE
CVE
added 2023/09/06 8:13 p.m.2589 views

CVE-2023-29198

CVE-2023-29198 affects Electron apps that use contextIsolation with contextBridge. The vulnerability is a context isolation bypass that occurs when a main-world exposed API returns an unserializable object (e.g., a canvas rendering context), allowing access from the renderer to the isolated Elect...

8.5CVSS6.9AI score0.0049EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/26 5:41 a.m.2589 views

CVE-2023-20891

The CVE-2023-20891 issue affects VMware Tanzu Application Service for VMs and Isolation Segment. A information-disclosure vulnerability arises from credentials being logged in hex encoding within platform system audit logs. A non-admin user with access to these logs could access hex-encoded CF AP...

6.5CVSS6.3AI score0.00528EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/07/27 3:43 p.m.2588 views

CVE-2023-38492

Kirby CMS is affected by CVE-2023-38492. The vulnerability stems from the authentication endpoint not enforcing password length limits, allowing passwords potentially as long as the server’s max request body. Hashing longer passwords can exhaust CPU/memory, risking a DoS where the site becomes sl...

7.5CVSS6.5AI score0.01028EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/11/13 3:1 a.m.2585 views

CVE-2023-23684

WPGraphQL

6.5CVSS6.9AI score0.00437EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/24 3:49 p.m.2584 views

CVE-2023-47504

CVE-2023-47504 affects Elementor Website Builder (

9.8CVSS8AI score0.01452EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2014/02/03 2:0 a.m.2583 views

CVE-2011-4327

Technical details for CVE-2011-4327 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

5.5CVSS5.7AI score0.00416EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/12/27 6:0 p.m.2582 views

CVE-2007-6750

CVE-2007-6750 affects Apache HTTP Server 1.x and 2.x. The vulnerability arises from handling partial HTTP requests (Slowloris), related to absence of the mod_reqtimeout protection in versions before 2.2.15, enabling remote DoS (daemon outage). Public details in connected docs confirm PoCs/exploit...

5CVSS7AI score0.71634EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2023/07/05 8:57 p.m.2580 views

CVE-2023-36457

1Panel (open-source Linux server operation/maintenance panel) prior to v1.3.6 is affected by a command injection vulnerability when adding container repositories. An authenticated attacker can craft a malicious payload (as demonstrated by the reported payloads in advisories) to trigger code execu...

8.8CVSS7.5AI score0.01989EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/11 1:2 p.m.2579 views

CVE-2022-28831

Adobe InDesign is affected by CVE-2022-28831 (Font Parsing Out-Of-Bounds Write) leading to remote code execution in the context of the current user. Affected versions include 17.1 and earlier, and 16.4.1 and earlier. The vulnerability arises from an out-of-bounds write during font parsing and req...

7.8CVSS7.8AI score0.00402EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/03/05 10:22 p.m.2576 views

CVE-2024-24786

CVE-2024-24786 concerns protojson.Unmarshal entering an infinite loop when unmarshalling certain invalid JSON, notably into messages containing google.protobuf.Any or when UnmarshalOptions.DiscardUnknown is set. Connected advisories show multiple vendor/package records (e.g., kata-containers, mob...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References5
CVE
CVE
added 2023/09/22 1:31 p.m.2576 views

CVE-2023-5002

CVE-2023-5002 affects pgAdmin’s server HTTP API where path validation for external PostgreSQL utilities (e.g., pg_dump/pg_restore) was insufficient. An authenticated user could cause the server to execute arbitrary commands due to improper control of server-side code. Reports across multiple sour...

8.8CVSS7.2AI score0.0147EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2019/12/27 1:6 p.m.2576 views

CVE-2019-19781

CVE-2019-19781 affects Citrix ADC (formerly NetScaler) and Citrix Gateway/SD-WAN WANOP appliances. The issue is a path traversal flaw in the ADC/Gateway stack that could enable remote code execution. Exploitation was discussed publicly with advisories and mitigations; Citrix released fixes and mi...

9.8CVSS9.8AI score0.99999EPSS
In wildExploits48References11Affected Software1
CVE
CVE
added 2023/08/08 8:37 a.m.2575 views

CVE-2023-4009

Summary: CVE-2023-4009 affects MongoDB Ops Manager. An authenticated user with project owner or project user admin access could generate an API key with the privileges of org owner, enabling privilege escalation. Affected versions: Ops Manager 5.0 prior to 5.0.22 and 6.0 prior to 6.0.17. Impact: ...

7.2CVSS7AI score0.00614EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/12/24 9:24 a.m.2569 views

CVE-2024-53241

CVE-2024-53241 affects the Linux kernel when running with Xen PV guests. The root cause is an unsafe PV iret hypercall path via the Xen hypercall page. The fix replaces the hypercall-page jump with an inlined sequence in xen-asm.S to stop using the hypercall page, preparing for its removal due to...

5.5CVSS7.2AI score0.00304EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2023/09/05 2:42 p.m.2562 views

CVE-2023-40743

Apache Axis 1.x is affected by CVE-2023-40743 due to unsafe handling in ServiceFactory.getService, which can enable DoS, SSRF, and remote code execution when untrusted input is used. The issue arises from LDAP-like lookups via the API. Mitigation is to migrate to a maintained SOAP engine (e.g., A...

9.8CVSS9.4AI score0.01931EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/01/17 7:11 p.m.2562 views

CVE-2022-36760

CVE-2022-36760 affects Apache HTTP Server mod_proxy_ajp, enabling HTTP Request Smuggling by an attacker to forward requests to the AJP backend. Public docs confirm impact on Apache httpd 2.4.54 and earlier; remediation is to upgrade to a fixed release (e.g., httpd 2.4.55+ as referenced by advisor...

9CVSS8.5AI score0.01879EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.2561 views

CVE-2024-27516

CVE-2024-27516 affects livehelperchat prior to version 4.34. The SSTI exists in the search parameter of lhc_web/modules/lhfaq/faqweight.php, enabling remote code execution and access to sensitive data. Impact is high (as per sources) including arbitrary code execution and data disclosure. Recomme...

9.8CVSS7.8AI score0.01472EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/01/24 8:50 p.m.2561 views

CVE-2019-1414

CVE-2019-1414 affects Visual Studio Code. A local elevation-of-privilege vulnerability arises when VS Code exposes a debug listener/port to the local user, allowing code injection in the user context. Affected versions are generally prior to 1.39.1; remediation is to update VS Code to 1.39.1 or l...

7.8CVSS7.5AI score0.01045EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/07/18 2:1 a.m.2557 views

CVE-2023-3709

The CVE-2023-3709 vulnerability affects the WordPress plugin Royal Elementor Addons, with affected versions up to and including 1.3.70. The issue allows unauthenticated disclosure of a site’s MailChimp API key because the plugin writes the API key into the source code of pages that render the Mai...

5.3CVSS6.7AI score0.00579EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/01/21 12:18 p.m.2555 views

CVE-2025-21664

CVE-2025-21664 affects the Linux kernel’s device-mapper thin provisioning path (dm-thin). The issue arises from get_first_thin using a sequence of RCU-safe list operations (list_empty_rcu() followed by list_first()) that perform separate READ_ONCE()s of the list head, which can yield inconsistent...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2023/09/19 5:0 a.m.2553 views

CVE-2023-26143

CVE-2023-26143 affects the blamer package prior to version 1.0.4. The root cause is an Arbitrary Argument Injection via the blameByFile() API due to insufficient input sanitization and invalid file-path handling, coupled with improper passing of git flags ( -- ) to terminate options. Public analy...

9.1CVSS9.4AI score0.00924EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/01/31 11:25 a.m.2552 views

CVE-2025-21678

CVE-2025-21678 affects the Linux kernel gtp driver. The root cause was in gtp_newlink(), which linked a created UDP tunnel device to the wrong netns (dev_net instead of src_net). This caused the gtp device to remain in the wrong namespace even after the source namespace was deleted, leading to a ...

5.5CVSS6.9AI score0.0021EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2023/07/11 4:52 p.m.2551 views

CVE-2023-28001

CVE-2023-28001 affects Fortinet FortiOS FortiOS REST API. The issue is an insufficient session expiration that could allow an attacker to reuse the session of a deleted user to execute unauthorized code/commands. Connected sources confirm the vulnerability and note Fortinet/FortiGuard PSIRT advis...

9.8CVSS9.5AI score0.0043EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/31 9:37 a.m.2550 views

CVE-2023-3345

CVE-2023-3345 affects the LMS by Masteriyo WordPress plugin prior to 1.6.8. The plugin’s REST API endpoints lack proper authorization, enabling any student to retrieve other students’ email addresses (information disclosure). Root cause per connected details: insufficient access checks on REST ro...

6.5CVSS6.7AI score0.01926EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/09/18 12:0 a.m.2548 views

CVE-2023-33831

CVE-2023-33831 affects FUXA 1.1.13 via the unauthenticated /api/runscript endpoint, enabling remote code execution through a crafted POST request. The underlying issue allows attackers to execute arbitrary commands, potentially compromising the SCADA/HMI system. Affected component: runscript API ...

9.8CVSS9.6AI score0.13746EPSS
In wildExploits3References2Affected Software1
CVE
CVE
added 2023/09/21 2:49 p.m.2546 views

CVE-2023-42457

The CVE-2023-42457 issue affects the plone.rest component of Plone. When the ++api++ traverser is accidentally used multiple times in a URL on the 2.x branch (before 2.0.1) and the 3.x branch (before 3.0.1), request handling becomes progressively slower, causing a Denial of Service risk by reduci...

7.5CVSS7.3AI score0.00822EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/01/19 10:18 a.m.2545 views

CVE-2025-21653

CVE-2025-21653 affects the Linux kernel net_sched flow classifier (net/sched/cls_flow.c). The vulnerability was due to missing validation of TCA_FLOW_RSHIFT, which could trigger undefined behavior (UB) and a shift-out-of-bounds on large 32-bit shifts, as shown by UBSAN. Connected advisories (Astr...

5.5CVSS6.9AI score0.0021EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2023/08/03 12:0 a.m.2545 views

CVE-2023-38949

CVE-2023-38949 affects ZKTeco BioTime v8.5.5 via a hidden API in the web interface that can be abused by unauthenticated attackers to reset the Administrator password through a crafted request. The root cause is an exposed, unauthenticated password-reset pathway in the BioTime web platform; impac...

7.5CVSS7.5AI score0.00355EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/13 12:0 a.m.2545 views

CVE-2019-20907

CVE-2019-20907 affects Python’s tarfile handling (Lib/tarfile.py) up to Python 3.8.3. A crafted TAR archive can trigger an infinite loop when opened via tarfile.open because _proc_pax lacks header validation. Connected advisories confirm the issue is treated as a tarfile DoS, with patches release...

7.5CVSS7.6AI score0.06304EPSS
Exploits0References27Affected Software1
CVE
CVE
added 2024/05/01 1:3 p.m.2544 views

CVE-2022-48669

CVE-2022-48669 : In the Linux kernel, the powerpc/pseries path had a memleak in papr_get_attr() where a krealloc() could fail and the original buffer would not be freed. The fix ensures the original buf is freed on allocation failure. Affected: Linux kernel (powerpc/pseries implementation); Root ...

5.5CVSS6.6AI score0.00272EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/08/23 6:21 p.m.2544 views

CVE-2023-20230

CVE-2023-20230 affects Cisco Application Policy Infrastructure Controller (APIC). The issue arises from improper access control in the restricted security domain implementation used to enforce multi-tenancy, allowing an authenticated, remote attacker with a restricted-domain account to read, modi...

5.4CVSS5.5AI score0.00333EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/27 2:23 p.m.2543 views

CVE-2024-56570

CVE-2024-56570 – Linux kernel ovl (overlayfs) : The vulnerability arises in the ovl module where directory inodes that lack the lookup function could be processed, potentially triggering errors in overlayfs when passed to the lowerstack. The fix adds a check in ovl_dentry_weird() to filter/skip i...

7.8CVSS6.5AI score0.0023EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2023/09/07 10:11 p.m.2541 views

CVE-2023-40029

Argo CD CVE-2023-40029 exploits leakage of full cluster secret bodies via kubectl.kubernetes.io/last-applied-configuration in cluster secrets. Affected by PR #7139; exposure occurs when clusters are stored as secrets and viewed through the API with clusters, get RBAC. Patches available in 2.8.3, ...

9.9CVSS9.2AI score0.00975EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/07/25 6:24 p.m.2540 views

CVE-2023-35942

CVE-2023-35942 affects Envoy. Prior to fixes, gRPC access loggers using a listener’s global scope can cause a use-after-free crash when the listener is drained. Affected versions: < 1.23.12, < 1.24.10, < 1.25.9, < 1.26.4,

6.5CVSS7.8AI score0.00735EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/06/10 7:10 a.m.2540 views

CVE-2020-35452

The CVE-2020-35452 entry concerns Apache HTTP Server 2.4.0–2.4.46, where a specially crafted Digest nonce can trigger a stack overflow in mod_auth_digest. The description notes there was no reported exploit against Apache at the time, though certain compiler/compile options might enable it with l...

7.3CVSS8.5AI score0.53191EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2023/09/28 9:54 p.m.2539 views

CVE-2023-43662

ShokoServer exposes the /api/Image/WithPath endpoint without authentication in affected versions, passing serverImagePath to System.IO.File.OpenRead without sanitization, enabling arbitrary file reads via a path-traversal/LFI pattern. This can leak sensitive server files, particularly when the Wi...

8.6CVSS8.6AI score0.08147EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/18 12:0 a.m.2537 views

CVE-2023-42328

PeppermintLabs Peppermint v0.2.4 and earlier are affected by a vulnerability where a hardcoded session cookie allows a remote attacker to obtain sensitive information and execute arbitrary code. Root cause: hardcoded session cookie in Peppermint; impact is high (CVE-2023-42328, CVSS v3.1: AV:N/AC...

8.8CVSS8.7AI score0.0116EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/08/24 1:31 a.m.2537 views

CVE-2023-40573

CVE-2023-40573 affects XWiki Platform’s Groovy job scheduler. The vulnerability arises because the system validates the content author for programming rights on scheduled Groovy jobs, while modifications to a job script on a document do not update the author, enabling an attacker with edit rights...

9CVSS9.3AI score0.00997EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/08/10 5:39 p.m.2537 views

CVE-2023-39964

Summary: CVE-2023-39964 affects 1Panel O&M panel. In version 1.4.3, the function LoadFromFile in api/v1/file.go reads a server file directly from the unfiltered path parameter, enabling arbitrary file reads of important configuration files. The issue is a background file read vulnerability exploi...

7.5CVSS7.3AI score0.0082EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2023/09/27 5:17 p.m.2536 views

CVE-2023-20252

CVE-2023-20252 affects Cisco Catalyst SD-WAN Manager (Cisco vManage) SAML API authentication. Root cause: improper authentication checks in SAML API endpoints allow unauthenticated remote attackers to obtain an authorization token and gain access as an arbitrary user. Impact: high – remote unauth...

9.8CVSS9.7AI score0.01063EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/24 11:28 a.m.2534 views

CVE-2024-53158

CVE-2024-53158 relates to the Linux kernel: in soc: qcom: geni-se, an array underflow in geni_se_clk_tbl_get() occurred because a loop’s break condition using clk_round_rate() poorly handled the first iteration, causing reads before the start of these->clk_perf_tbl[]. The issue was fixed in th...

5.5CVSS6.5AI score0.00265EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2023/08/30 9:3 p.m.2534 views

CVE-2023-41041

CVE-2023-41041 concerns Graylog2-server where, in a multi-node cluster, a user session can remain valid for API requests after logout due to per-node session caching. When a user logs out, local caches are cleared and the database may delete the session, but other nodes retain a cached copy, allo...

3.1CVSS3.5AI score0.00411EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/08/04 12:0 a.m.2534 views

CVE-2023-29505

Zoho ManageEngine Network Configuration Manager 12.6.165 has a WebSocket endpoint vulnerability that enables Cross-site WebSocket hijacking. The connected documents consistently identify the affected product/version and the attack class, but do not provide concrete exploit details, affected confi...

8.8CVSS8.5AI score0.00894EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/09/20 1:6 a.m.2533 views

CVE-2023-31013

The CVE-2023-31013 entry concerns the NVIDIA DGX H100 BMC REST service vulnerability caused by improper input validation. Affected component: BMC REST service on DGX H100; root cause: input validation weakness allows privilege escalation and information disclosure. Impact, as described in connect...

8.8CVSS8.8AI score0.00522EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/11/25 10:0 a.m.2533 views

CVE-2018-19518

CVE-2018-19518 affects University of Washington IMAP Toolkit (uw-imap) 2007f on UNIX, used by imap_open() in PHP and other apps. The vulnerability arises when imap_rimap (c-client/imap4r1.c) and tcp_aopen (osdep/unix/tcp_unix.c) invoke rsh/ssh with untrusted server input, enabling remote command ...

8.5CVSS8.1AI score0.9523EPSS
Exploits6References20Affected Software1
CVE
CVE
added 2023/08/02 3:55 p.m.2530 views

CVE-2023-38419

CVE-2023-38419 affects F5 BIG-IP and BIG-IQ iControl SOAP. An authenticated attacker with guest or higher privileges can cause the iControl SOAP daemon to terminate/cease responding by sending undisclosed requests (DoS). Affected branches and fixes include: BIG-IP 17.x vulnerable (versions 17.0.0...

4.3CVSS4.8AI score0.00453EPSS
Exploits0References1Affected Software20
CVE
CVE
added 2025/01/31 11:25 a.m.2529 views

CVE-2025-21668

CVE-2025-21668 (Linux kernel) : A missing loop break in the imx8mp_blk_ctrl_remove path (imx8mp_blk_ctrl) allows the for loop to run out of bounds, potentially affecting system shutdown/reboot flows. The vulnerability is tied to the imx8mp domain handling in dev_pm_domain_detach during platform s...

5.5CVSS7.2AI score0.00199EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/09/07 7:25 a.m.2529 views

CVE-2023-39240

CVE-2023-39240 affects ASUS RT-AX56U V2: a format string vulnerability in the iperf client API, caused by insufficient validation in set_iperf3_cli.cgi. A remote attacker with administrator privileges could achieve remote code execution or service disruption. Exploitation details are not provided...

7.2CVSS7.3AI score0.01158EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/07 7:18 a.m.2529 views

CVE-2023-39239

The CVE-2023-39239 entry concerns an authenticated/remote (sources vary on privilege) format string vulnerability in the General function API (apply.cgi) of ASUS RT-AX56U V2. The flaw arises from lack of input validation for a specific value in apply.cgi, enabling remote code execution or disrupt...

7.2CVSS7.3AI score0.01158EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/06 8:38 p.m.2529 views

CVE-2023-41327

CVE-2023-41327: WireMock Webhooks could forward webhook POSTs to arbitrary targets due to improper filtering of proxy targets prior to versions 2.35.1 and 3.0.3. Affected: WireMock (2.x up to 2.35.1, 3.x up to 3.0.3) and WireMock Studio (discontinued). Root cause: Webhook configuration allowed re...

5.4CVSS5.4AI score0.00469EPSS
Exploits0References3Affected Software2
Total number of security vulnerabilities5000