Lucene search
K
CveMost viewed

367610 matches found

CVE
CVE
added 2023/07/14 12:0 a.m.2489 views

CVE-2023-32761

CVE-2023-32761 is a CSRF vulnerability in Archer Platform prior to version 6.13. An authenticated attacker can execute arbitrary code via a crafted request. The issue is fixed in Archer Platform versions 6.12.0.6 and 6.13.0. No exploitation details are provided beyond the authenticated vector; no...

8.1CVSS8AI score0.00356EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/01 5:28 a.m.2488 views

CVE-2024-27005

CVE-2024-27005 : The vulnerability is a race in the Linux kernel interconnect subsystem where the req_list of icc_node could be modified while icc_set_bw() iterates it, due to locking not guaranteeing mutual exclusion between icc_bw_lock and icc_lock. The issue arises after splitting icc_lock and...

6.3CVSS6.3AI score0.00178EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/09/01 10:48 a.m.2488 views

CVE-2023-25042

CVE-2023-25042 : Stored XSS in the oAuth Twitter Feed for Developers WordPress plugin (

5.9CVSS5.1AI score0.00339EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/03 6:51 a.m.2488 views

CVE-2023-21410

CVE-2023-21410 affects the AXIS License Plate Verifier via the api.cgi endpoint, where user input is not sanitized, enabling arbitrary code execution. Public details (NVD) list a high-impact CVSSv3.1 score (base 8.8) with NETWORK attack vector, low attack complexity, and privileges required as lo...

8.8CVSS7.7AI score0.00749EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/21 8:8 p.m.2488 views

CVE-2023-37918

CVE-2023-37918 affects Dapr and describes an API-token authentication bypass in HTTP endpoints when API token authentication is enabled. The root cause involves health check endpoint allowlisting, where requests containing /healthz in the URL could bypass the dapr-api-token check and reach the Da...

7.5CVSS7AI score0.01129EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/07/20 12:0 a.m.2488 views

CVE-2023-37600

Office Suite Premium affected product: Version v10.9.1.42602. Vulnerability: reflected cross-site scripting (XSS) via the id parameter at /api?path=profile. Root cause: input reflected back to output without adequate sanitization (per the provided CVE record and secondary sources). Impact (as des...

6.1CVSS6AI score0.0046EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/07/13 7:42 a.m.2488 views

CVE-2023-1547

The CVE-2023-1547 entry concerns Elra Parkmatik (Parkmatik software) with an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands. It allows SQL injection through SOAP parameter tampering and can lead to command line execution, affecting versions before 0...

9.8CVSS7.4AI score0.00646EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/11 12:0 a.m.2488 views

CVE-2023-26861

CVE-2023-26861 affects PrestaShop vivawallet, version 1.7.10 and earlier, where a SQL injection in the vivawallet() module could allow a remote attacker to gain privileges. The issue is tied to the vivawallet() integration and is documented across multiple sources; no publicly available fix versi...

9.8CVSS9.8AI score0.00781EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/07/10 8:31 p.m.2488 views

CVE-2023-3606

TamronOS (IPTV) contains a remote OS command injection in the /api/ping endpoint, caused by manipulation of the host parameter. Affects TamronOS versions up to 20230703; exploitation can be remote and the vulnerability has been publicly disclosed (CVE-2023-3606). The CVE entry notes no fix detail...

8.8CVSS7.9AI score0.05871EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2023/07/10 12:41 p.m.2488 views

CVE-2023-3131

CVE-2023-3131 affects the MStore API WordPress plugin prior to version 3.9.7. The vulnerability arises because most AJAX actions are not protected by privilege checks or nonce validation, enabling unauthorized actions such as modifying settings. Public references describe practical proof-of-conce...

4.3CVSS4.6AI score0.00507EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/07/10 12:41 p.m.2488 views

CVE-2023-3209

CVE-2023-3209 affects the MStore API WordPress plugin prior to version 3.9.7, where many AJAX actions lack proper privilege checks and nonce validation, enabling unauthorized changes to settings (CSRF). Multiple sources corroborate an upstream issue that allows privilege escalation via crafted re...

3.5CVSS4.1AI score0.00234EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/09/07 12:22 p.m.2487 views

CVE-2023-39422

The CVE-2023-39422 issue affects the IRM Next Generation booking engine’s /irmdata/api/ endpoints. The root cause is that HMAC tokens used to authenticate requests are exposed in a client-side JavaScript file, which renders this extra safety mechanism ineffective. Descriptions across sources repe...

9.8CVSS7.3AI score0.00355EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/20 12:0 a.m.2487 views

CVE-2023-38617

Office Suite Premium v10.9.1.42602 is affected by a reflected cross-site scripting (XSS) vulnerability in the filter parameter of the API endpoint /api?path=files. The issue is documented across multiple sources, with no public exploit details provided in the attached documents. CVSS 3.1 base sco...

6.1CVSS6AI score0.0046EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/07/17 3:20 p.m.2487 views

CVE-2023-3581

CVE-2023-3581 affects Mattermost. The issue is that the product fails to properly validate the origin of a websocket connection, which can allow a Man-In-The-Middle (MITM) attacker to access the websocket APIs. Concrete details across connected sources consistently describe this as an origin-vali...

8.1CVSS7AI score0.00219EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/10 9:26 a.m.2487 views

CVE-2023-3271

CVE-2023-3271 concerns the SICK ICR890-4, where an improper access control flaw allows an unauthenticated remote attacker to gather system information and download data via unauthenticated REST API endpoints. The issue is documented across multiple feeds (NVD, Red Hat, PRION, CNNVD, and Sick PSIR...

8.2CVSS7.2AI score0.00672EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/07/03 5:54 p.m.2487 views

CVE-2023-36817

In CVE-2023-36817, the repository tktchurch/website (The King’s Temple Church website) version 0.1.0 exposed a Stripe API key in public code. The root cause is sensitive credentials accidentally committed to the codebase, enabling potential unauthorized financial transactions and access to custom...

9.1CVSS8.5AI score0.00483EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/04 3:29 p.m.2486 views

CVE-2024-54132

Summary: CVE-2024-54132 affects GitHub CLI (gh). When a user downloads a GitHub Actions workflow artifact named .. using gh run download, the artifact name and the --dir value determine the extraction path, causing files within the artifact to be extracted one directory higher than intended. This...

6.3CVSS6.5AI score0.00633EPSS
Exploits0References2
CVE
CVE
added 2024/05/01 1:4 p.m.2486 views

CVE-2023-52653

CVE-2023-52653 : Linux kernel SUNRPC fix for a memory leak in gss_import_v2_context. The ctx->mech_used.data allocated via kmemdup was not freed on error, nor by gss_import_v2_context or its caller. The patch adjusts the final call of gss_import_v2_context to gss_krb5_import_ctx_v2 to prevent ...

5.5CVSS7.2AI score0.00275EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/03/15 3:38 p.m.2486 views

CVE-2021-38938

CVE-2021-38938 affects IBM Host Access Transformation Services (HATS) versions 9.6–9.6.1.4 and 9.7–9.7.0.3. The underlying issue is storing user credentials in plaintext, allowing a local user to read them. Reported by IBM/X-Force; CVSS base scores indicate confidentiality impactHigh with local a...

6.2CVSS5.3AI score0.00166EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/07 12:19 p.m.2486 views

CVE-2023-39421

CVE-2023-39421 involves the RDPWin.dll component used by the IRM Next Generation booking engine, which contains hardcoded API keys for third‑party services (Twilio, Vonage). The root cause is hardcoded credentials in RDPWin.dll, enabling unrestricted interaction with these services. NVD assigns a...

7.7CVSS7.6AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/08/09 6:35 a.m.2486 views

CVE-2023-37862

The CVE-2023-37862 entry concerns PHOENIX CONTACT WP 6xxx series web panels (versions prior to 4.0.10) with insufficient authorization in the HTTP API upload functions. An unauthenticated remote attacker can access the upload endpoints, which can lead to SSL certificate errors and may cause a par...

8.2CVSS8.1AI score0.00374EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/30 6:15 p.m.2485 views

CVE-2025-24500

The CVE-2025-24500 entry concerns Broadcom Symantec Privileged Access Management (PAM). Multiple connected sources confirm an unauthenticated attacker can access information in the PAM database. No concrete affected versions or root-cause details are provided in the documents; some sources (PT-20...

8.7CVSS6.3AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2024/12/27 2:50 p.m.2485 views

CVE-2024-56589

CVE-2024-56589 affects the Linux kernel’s scsi/hisi_sas path, where on no-forced preemption kernels an expander connected to 12 SAS SSDs could trigger a watchdog soft lockup due to interrupt handling on a single CPU. The provided details confirm the vulnerability’s root cause as a missing cond_re...

5.5CVSS6.7AI score0.00231EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/09/03 8:0 p.m.2485 views

CVE-2023-4740

CVE-2023-4740 affects IBOS OA 4.5.5, with a SQL injection in the Delete Draft Handler at the endpoint described as the unknown part of ?r=email/api/delDraft&archiveId=0. Multiple connected sources (NVD/NVD-derived, Red Hat, CVE lists, and PT Security) confirm remote exploitation potential and pub...

8.8CVSS7.7AI score0.00753EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/08/17 5:6 p.m.2485 views

CVE-2023-40165

The CVE-2023-40165 entry concerns RubyGems.org, the Ruby community gem hosting service. The vulnerability arose from insufficient input validation that allowed replacement of uploaded gems whose platform, version, or gem name matched “/-\d/,” enabling a malicious upload to temporarily override a ...

7.5CVSS7.3AI score0.00395EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/17 6:14 a.m.2485 views

CVE-2023-2759

TapHome core platform before version 2023.2 contains a hidden API vulnerability that lets an authenticated, low-privilege user change other users’ passwords, potentially giving full device access. This is documented across CVE-2023-2759 entries (NVD/Red Hat) and aligns with the vendor’s disclosur...

8.8CVSS8.7AI score0.00459EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/27 1:50 p.m.2484 views

CVE-2024-53229

Summary (CVE-2024-53229) : In the Linux kernel, the RDMArxe path had a fix for qp flush warnings in req. When a QP is in an error state, WQEs in the queue must be marked as error; otherwise a kernel warning can occur (for example in rxe_completer). The provided data confirms this CVE is tracked i...

5.5CVSS6.3AI score0.00233EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/07/05 12:0 a.m.2484 views

CVE-2023-36622

The affected product is Loxone Miniserver Go Gen.2 (prior to 14.1.5.9). The vulnerability is a command-injection flaw in the websocket configuration endpoint, where remote authenticated administrators can inject arbitrary OS commands via the timezone parameter. This impacts confidentiality, integ...

7.2CVSS6.8AI score0.01023EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/18 5:57 p.m.2483 views

CVE-2023-28019

CVE-2023-28019 concerns the Bigfix WebUI API App. The issue is described as insufficient validation in the WebUI API, affecting versions prior to 14, enabling an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. The root cause is unparameterized queries/insufficient ...

8.8CVSS6.4AI score0.00386EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/07 12:24 p.m.2481 views

CVE-2023-39423

CVE-2023-39423 affects RDPData.dll, where the /irmdata/api/common endpoint processes session IDs and other features. The underlying issue is improper neutralization of SQL commands, enabling a UNION-based SQL injection that can leak the sessions table and obtain currently valid sessions, allowing...

9.1CVSS8.9AI score0.00468EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/06 12:30 p.m.2480 views

CVE-2023-37241

CVE-2023-37241 is an input verification vulnerability in the WMS API. Exploitation could cause the affected device to restart. The available connected sources confirm the issue and its impact but do not provide concrete exploit details, affected versions, or a validated fix/update. No remediation...

7.5CVSS7.4AI score0.00379EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2024/12/28 9:46 a.m.2479 views

CVE-2024-56707

The connected Astra Linux and MS/ENISA/Nessus entries confirm CVE-2024-56707 affects the Linux kernel octeontx2-pf driver and states the root cause as missing error pointer checks after otx2_mbox_get_rsp in otx2_dmac_flt.c. A fix adds error pointer validation after the call. The remediation is th...

5.5CVSS6.5AI score0.00236EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/04/01 10:17 p.m.2478 views

CVE-2022-22965

CVE-2022-22965 (Spring4Shell) affects Spring Framework’s Spring MVC and Spring WebFlux when data binding is enabled in apps running on JDK 9+, with exploitation requiring Tomcat as WAR deployment. The issue is not exploited in Spring Boot executable jars. Vulnerable configurations are associated ...

9.8CVSS8.7AI score0.99677EPSS
In wildExploits100References10Affected Software1
CVE
CVE
added 2023/07/14 12:0 a.m.2477 views

CVE-2023-32760

CVE-2023-32760 affects Archer Platform prior to version 6.13, with fixes in 6.12.0.6 and 6.13.0. An authenticated attacker could access sensitive information via API calls related to data feeds and data publication. The vulnerability’s impact and exact exploited components are described in the li...

7.7CVSS6.1AI score0.00412EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/06 6:31 p.m.2476 views

CVE-2023-3529

Rotem Dynamics Rotem CRM up to 20230729 contains an information-exposure issue in the OTP URI Interface, specifically the /LandingPages/api/otp/send?id=[ID]&method=sms endpoint. The vulnerability allows remote initiation and arises from a discrepancy in the handling of this API, with no public ex...

7.5CVSS6.2AI score0.00436EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/10 5:35 p.m.2475 views

CVE-2025-25188

CVE-2025-25188 affects Hickory DNS (Rust-based DNS client/server/resolver). The vulnerability lies in DNSSEC validation: the routines may treat entire RRsets of DNSKEY records as trusted after establishing trust with a single DNSKEY, causing all keys in a zone to be trusted to authenticate other ...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2023/07/06 2:47 p.m.2475 views

CVE-2023-35948

Novu Open Redirect vulnerability (CVE-2023-35948) affects the open-source Novu repository prior to 0.16.0 in the Sign In with GitHub flow. An open redirect could allow an attacker to coerce a victim into opening a malicious URL, potentially enabling the attacker to access the victim’s account on ...

6.1CVSS5.9AI score0.00344EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/27 2:51 p.m.2473 views

CVE-2024-56630

The CVE-2024-56630 issue affects the Linux kernel’s ocfs2 subsystem: when ocfs2_get_init_inode() fails, inodes could be leaked due to not iput()'ing after new_inode() succeeds and dquot_initialize() fails. The syzbot trace mentions busy inodes after unmount for commit 9c89fe0af826 and that the er...

5.5CVSS6.6AI score0.0025EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/12/27 1:38 p.m.2473 views

CVE-2024-53164

CVE-2024-53164 affects the Linux kernel net_sched subsystem. The root cause was an incorrect ordering of qlen updates (sch->q.qlen) around qdisc_tree_reduce_backlog(), which could fail to notify parent qdiscs when a child becomes empty. The fix ensures the qlen adjustment happens before the ca...

5.5CVSS6.5AI score0.00249EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2025/02/14 4:58 p.m.2471 views

CVE-2025-26506

CVE-2025-26506 affects HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed printers. When processing a PostScript print job, these devices may be vulnerable to Remote Code Execution and Elevation of Privilege due to the underlying handling of PostScript data. The issue is documented ...

9.8CVSS7.7AI score0.01023EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/09 4:50 p.m.2469 views

CVE-2022-0836

The CVE-2022-0836 entry concerns the WordPress plugin SEMA API, affected versions prior to 4.02. The issue is an SQL injection caused by improper sanitisation/escaping of parameters used in SQL statements via an AJAX action, exploitable by unauthenticated users. Several connected sources (Red Hat...

9.8CVSS9.7AI score0.01741EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2017/03/28 3:0 p.m.2467 views

CVE-2014-6440

VLC media player, affected up to versions before 2.1.5, is affected by CVE-2014-6440 due to a heap overflow in the transcode module that could allow remote code execution or a denial of service. Public references in OpenVAS/Gentoo advisories confirm a heap-based overflow/remote code execution vec...

9.8CVSS8.9AI score0.04985EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2022/03/23 2:20 p.m.2464 views

CVE-2022-0858

McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 contains a cross‑site scripting (XSS) vulnerability that could allow a remote attacker to obtain an administrator’s session by persuading the user to click a crafted link, with limited ability to alter information in the affecte...

4.7CVSS4.7AI score0.00781EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/27 3:2 p.m.2461 views

CVE-2024-56644

CVE-2024-56644 : In the Linux kernel, the IPv6 stack vulnerability causes a leaked destination (dst) in the exception table when an expired IPv6 route’s dst is processed by ip6_negative_advice() after MTU change and TCP timeout. Root cause: an extra dst_hold() increments the reference counter, wh...

5.5CVSS6.4AI score0.00231EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/05/13 11:0 p.m.2458 views

CVE-2024-27816

The CVE-2024-27816 entry affects tvOS 17.5 (Apple TV) via the AppleMobileFileIntegrity component. A logic issue was addressed with improved checks, with the impact that an attacker may be able to access user data. Apple’s security content indicates this fix is part of tvOS 17.5, and related Apple...

5.5CVSS7.1AI score0.00985EPSS
Exploits0References16Affected Software5
CVE
CVE
added 2022/05/11 2:30 p.m.2457 views

CVE-2022-1352

GitLab EE/CE is affected by CVE-2022-1352 due to an insecure direct object reference. Versions affected: 11.0 and newer up to but excluding 14.8.6 (i.e., 11.0–14.8.5), 14.9 until before 14.9.4 (i.e., 14.9.0–14.9.3), and 14.10 until before 14.10.1 (i.e., 14.10.0). The vulnerability allows an endpo...

5.3CVSS5.4AI score0.01242EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/01/11 12:39 p.m.2456 views

CVE-2024-57800

CVE-2024-57800 affects the Linux kernel in ALSA memalloc handling. When DMA API debugging is enabled, it may warn about a device driver failing to check a DMA address map, e.g. device address 0x00000000ffff0000, due to explicit address checks instead of using dma_mapping_error(). The documented f...

5.5CVSS7AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/23 4:58 p.m.2456 views

CVE-2024-5143

The CVE-2024-5143 entry describes a vulnerability in HP LaserJet Pro printers where a user with device administrative privileges can modify SMTP server settings without re‑entering credentials. This can redirect send‑to‑email traffic to an attacker‑controlled SMTP server and potentially expose th...

6.8CVSS6.8AI score0.00402EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/17 5:27 p.m.2455 views

CVE-2024-2961

CVE-2024-2961 affects the GNU C Library (glibc) versions 2.39 and older. The iconv() implementation may overflow the output buffer by up to 4 bytes when converting strings to ISO-2022-CN-EXT, potentially crashing the application or overwriting adjacent memory. Publicly documented in glibc advisor...

7.3CVSS8.4AI score0.8833EPSS
In wildExploits16References20Affected Software3
CVE
CVE
added 2024/12/27 2:23 p.m.2451 views

CVE-2024-56571

CVE-2024-56571 entry is rejected/not used; not an active vulnerability.

6.3AI score
Exploits0
Total number of security vulnerabilities5000