Lucene search
K
CveMost viewed

368463 matches found

CVE
CVE
added 2024/12/27 2:11 p.m.2451 views

CVE-2024-56539

CVE-2024-56539 refers to a Linux kernel issue where mwifiex memcpy() would write across a field due to a one-element array, triggering a field-spanning write warning in mwifiex_config_scan(). The fix replaces the one-element array with a flexible-array member in struct mwifiex_ie_types_wildcard_s...

5.5CVSS6.5AI score0.00288EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/03/26 8:49 p.m.2449 views

CVE-2023-48777

Elementor Website Builder is affected by CVE-2023-48777: Unrestricted file upload to RCE via template import in versions 3.3.0–3.18.1. Exploitation requires Contributor-level access (Authenticated). The root cause involves handle_elementor_upload saving uploaded files to a temporary location befo...

9.9CVSS8.6AI score0.041EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2025/01/15 1:5 p.m.2447 views

CVE-2024-57888

Technical details for CVE-2024-57888 are not publicly available in the provided documents. Monitor vendor advisories and kernel commit references for remediation context and updates.

5.5CVSS6.5AI score0.00202EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/01/19 10:18 a.m.2446 views

CVE-2025-21647

The CVE-2025-21647 vulnerability affects the Linux kernel’s sched: sch_cake path, where an underflow in per-host bulk flow counters could cause out-of-bounds memory access. A fix adds bounds-checking around all accesses to per-host bulk flow counters via helper functions, moving flow mode checks ...

7.1CVSS7.3AI score0.00271EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/12/27 1:49 p.m.2446 views

CVE-2024-53214

CVE-2024-53214 concerns the Linux kernel VFIO/PCI logic for hiding PCIe extended capabilities. The issue occurred when hiding the first-in-list capability (unknown or hidden on purpose) by zeroing the capability ID/version while preserving Next, which is safe in general but failed if cap_id excee...

7.8CVSS6.9AI score0.0025EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2024/12/27 1:49 p.m.2445 views

CVE-2024-53172

CVE-2024-53172 (Linux kernel, UBI fastmap) : The issue arises in the fast attaching path where alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', triggering a kernel WARNING "kmem_cache_create_args". The root cause is duplicate slab cache names during fastmap at...

5.5CVSS6.6AI score0.00242EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2022/02/18 5:50 p.m.2445 views

CVE-2022-0138

CVE-2022-0138 describes a deserialization of untrusted data issue in Airspan/Mimosa MMP stack. Affected: MMP (all versions before v1.0.3), PTP C-series (versions before v2.8.6.1), and PTMP C-series and A5x (versions before v2.5.4.1). Root cause: a deserialization function that does not validate o...

7.5CVSS7.8AI score0.00971EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/09 3:9 p.m.2444 views

CVE-2022-0507

The CVE-2022-0507 entry concerns a SQL injection vulnerability in the Pandora API used by Pandora FMS. Multiple connected sources indicate the issue affects Pandora FMS versions up to OUM 759 (NG line), and that an attacker with authenticated IP can inject SQL. The root cause details are not full...

8.8CVSS6.9AI score0.01216EPSS
Exploits0References3Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2444 views

CVE-2021-35685

CVE-2021-35685 is a duplicate of CVE-2022-21371 and is treated as rejected/withdrawn by the CVE Numbering Authority per its description. Connected sources confirm an active vulnerability entry under CVE-2022-21371, which affects Oracle WebLogic Server (Web Container) and lists affected versions 1...

6.7AI score
Exploits5
CVE
CVE
added 2025/01/19 11:52 a.m.2443 views

CVE-2024-57915

CVE-2024-57915 is rejected by the CVENA and is not an active vulnerability entry.

6.5AI score
Exploits0
CVE
CVE
added 2024/12/28 9:46 a.m.2442 views

CVE-2024-56705

CVE-2024-56705 concerns the Linux kernel where ia_css_3a_statistics_allocate() fails to check the allocation result of the rgby_data memory, potentially triggering the assertion at ia_css_s3a_hmem_decode() if rgby_data allocation fails. The public technical details in connected sources indicate t...

5.5CVSS6.5AI score0.00262EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2025/02/22 9:43 a.m.2440 views

CVE-2025-21704

CVE-2025-21704 affects the Linux kernel USB CDC-ACM (cdc_acm) path. The root cause is improper handling of fragmented control transfers: if the first fragment is smaller than struct usb_cdc_notification, computing expected_size can underflow as fragments arrive, leading to memory corruption when ...

7.8CVSS7AI score0.00328EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2025/01/11 12:35 p.m.2439 views

CVE-2024-56788

CVE-2024-56788 concerns the Linux kernel’s net: ethernet oa_tc6 implementation. The vulnerability is a race between two skb pointers used for TX: ongoing_tx_skb (being processed) and waiting_tx_skb (queued). The SPI thread moves data from ongoing_tx_skb to the next TX, then may assign NULL to ong...

4.7CVSS7AI score0.00126EPSS
Exploits0References2Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2436 views

CVE-2021-30369

CVE-2021-30369 entry is rejected/not used per initial description.

9.6AI score
Exploits0
CVE
CVE
added 2022/05/10 10:5 a.m.2433 views

CVE-2022-1397

CVE-2022-1397 affects Easy!Appointments (GitHub: alextselegidis/easyappointments). The vulnerability is an API privilege escalation arising from inadequate authorization checks: the API validates existence of a user but not their permissions, allowing a low-privileged user (e.g., provider) to cre...

9CVSS8.7AI score0.01063EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/03/23 2:20 p.m.2431 views

CVE-2022-0859

CVE-2022-0859 affects McAfee Enterprise ePolicy Orchestrator (ePO) versions prior to 5.10 Update 13. The vulnerability allows a local attacker who is on the server hosting ePO (administrators) and who knows the SQL password to point the ePO server to an arbitrary SQL server during the restoration...

6.7CVSS6.6AI score0.00202EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/12/27 1:49 p.m.2420 views

CVE-2024-53183

CVE-2024-53183 concerns a Linux kernel vulnerability: in uml/net handling, the code previously used drvdata during device release, but drvdata may not exist at release time. The fix is to retrieve the uml_net instance with container_of() instead of drvdata, preventing a crash when removing a netw...

5.5CVSS6.5AI score0.00242EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2025/01/15 1:5 p.m.2417 views

CVE-2024-57893

CVE-2024-57893 : Linux kernel ALSA: seq: oss — race in SysEx message processing can cause out-of-bounds access. Connected docs confirm the issue and state a mutex-based serialization fix was introduced to protect SysEx packets in the OSS sequencer, effectively addressing the race between 6-byte S...

6.3CVSS6.7AI score0.00158EPSS
Exploits0References5Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2416 views

CVE-2021-35684

CVE-2021-35684 is a duplicate of CVE-2022-21306. The connected CVE-2022-21306 describes a vulnerability in Oracle WebLogic Server (Fusion Middleware Core) affecting 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. It allows unauthenticated remote exploitation via standard ports (T3), potentiall...

6.7AI score
Exploits0
CVE
CVE
added 2025/01/21 12:18 p.m.2415 views

CVE-2025-21662

CVE-2025-21662: In the Linux kernel, net/mlx5: Fix variable not being completed when function returns. The issue could cause a hang of the issuing task if cmd_alloc_index() fails and cmd_work_handler() does not complete ent->slotted before returning. Affected component is mlx5_core/mlx5e, with...

5.5CVSS6.8AI score0.00199EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/07/20 3:24 p.m.2415 views

CVE-2022-2107

CVE-2022-2107: MiCODUS MV720 GPS tracker API server uses a hard-coded master password, enabling unauthenticated login and direct SMS-command control of trackers (impersonating owners, accessing/modifying data, and potentially steering vehicles). Device IDs are sequential, aiding targeting. Public...

9.8CVSS9.7AI score0.01172EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/11/29 6:15 p.m.2413 views

CVE-2024-52003

CVE-2024-52003 – Traefik : Traefik versions 2.11.14 and 3.2.1 fix a vulnerability where an attacker can inject the untrusted X-Forwarded-Prefix header. The issue, as described, arises from the header handling by the HTTP reverse proxy/load balancer, enabling an external source to influence reques...

6.3CVSS6.5AI score0.00389EPSS
Exploits0References4Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2412 views

CVE-2019-3309

CVE-2019-3309 is rejected/not used per the Initial Description; this entry does not represent an active vulnerability.

6.6AI score
Exploits0
CVE
CVE
added 2024/12/27 1:49 p.m.2410 views

CVE-2024-53198

CVE-2024-53198 : In the Linux kernel, the xenbus_dev_probe() path could leak resources if drv->probe() allocated resources but the error path returned without releasing them. The fix introduces a fail_remove block (before fail_put) to ensure proper resource release when (err) is true, mirrorin...

5.5CVSS6.5AI score0.00228EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2025/02/13 3:5 p.m.2409 views

CVE-2025-21701

CVE-2025-21701 : In the Linux kernel, a race existed between device unregistration and ethnl operations (ethnl_set_channels, ethtool checks) that could occur when a network device is being unregistered while its channels are modified. The issue arose because unregister_netdevice_many_notify could...

7.4CVSS7AI score0.00158EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/01/17 7:7 p.m.2406 views

CVE-2006-20001

CVE-2006-20001 affects Apache HTTP Server 2.4.54 and earlier. The issue is triggered by a crafted If: header that can read memory or write a single zero byte in heap memory beyond the header value, potentially crashing the process. Industry advisories confirm the vulnerability in Apache httpd and...

7.5CVSS8.5AI score0.03546EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/01/11 12:35 p.m.2404 views

CVE-2024-53690

CVE-2024-53690 (Linux kernel) describes a nilfs2 inode handling flaw where a deleted inode could be mis-reused, leading to inode duplication and i_nlink underflow during rmdir. The fix involves guarding against deleted inodes by verifying i_nlink in nilfs_iget() and reclaiming the inode when its ...

5.5CVSS6.6AI score0.00254EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2022/07/15 7:5 p.m.2403 views

CVE-2021-34987

This CVE (CVE-2021-34987) concerns Parallels Desktop 16.5.1 (49187) where the HDAudio virtual device contains a buffer overflow due to improper validation of user-supplied data length before copying to a fixed-length buffer. The vulnerability enables local privilege escalation and arbitrary code ...

8.2CVSS8.3AI score0.00308EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/03 1:40 p.m.2401 views

CVE-2022-0916

CVE-2022-0916 affects Logitech Options. The issue is that the OAuth 2.0 state parameter was not properly validated, enabling potential CSRF during authentication/authorization. Documents show vulnerability details and CVSS metrics but do not provide a concrete patch/version or remediation guidanc...

8.8CVSS8.8AI score0.0042EPSS
Exploits0References1Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2399 views

CVE-2022-46283

This CVE-2022-46283 entry is rejected/not used as stated in the Description.

8.6AI score
Exploits0
CVE
CVE
added 2025/02/15 12:0 a.m.2398 views

CVE-2025-26793

CVE-2025-26793 affects Hirsch Enterphone MESH Web GUI. The default credentials (username: freedom, password: viscount) are not forced to be changed during initial configuration, and changing them is cumbersome. Attackers may use the Internet-facing endpoint mesh.webadmin.MESHAdminServlet to gain ...

10CVSS7.4AI score0.02303EPSS
In wildExploits0References3
CVE
CVE
added 2024/12/27 2:23 p.m.2398 views

CVE-2024-56566

The CVE-2024-56566 issue affects the Linux kernel mm/slub code. If alloc_consistency_checks fails during slab allocation, objects in that slab can be marked as used and the slab removed from the partial list, but later freeing an object could trigger remove_full() on a slab that is neither in the...

5.5CVSS6.5AI score0.00212EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/12/24 11:28 a.m.2398 views

CVE-2024-53153

CVE-2024-53153 in the Linux kernel describes a crash condition for Qualcomm PCIe endpoints when PERST# is asserted and the host disables refclk. The issue arises because endpoint cleanup functions (e.g., dw_pcie_ep_cleanup() and pci_epc_deinit_notify()) previously ran during PERST# assert, while ...

5.5CVSS6.9AI score0.0028EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/04/19 8:26 p.m.2398 views

CVE-2022-1186

The WordPress plugin Be POPIA Compliant (vulnerable up to 1.1.5) exposes site visitors’ emails and usernames to unauthenticated users via an API route. Root cause cited in multiple sources is insufficient access controls on the API route (no restrictions on sensitive data exposure). No exploit de...

5.3CVSS5.1AI score0.01083EPSS
Exploits0References2Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2397 views

CVE-2020-0436

CVE-2020-0436 entry is rejected/withdrawn and does not represent an active vulnerability.

7.2AI score
Exploits0
CVE
CVE
added 2024/12/27 2:51 p.m.2394 views

CVE-2024-56616

CVE-2024-56616 (Linux kernel) affects drm_dp_mst sideband handling. The MST sideband message body length check was fixed to require at least 1 byte (accounting for the message CRC). Without this, a header with a valid header CRC but body length 0 could trigger memory corruption in drm_dp_sideband...

7.8CVSS6.7AI score0.00211EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/12/27 1:50 p.m.2393 views

CVE-2024-53219

CVE-2024-53219 affects the Linux kernel virtiofs direct IO path when inserting a large module (e.g., 10 MB) with virtio-fs cache disabled. The root cause is a kernel memory allocation/IO path: kernel_read_file reads the module into a 10 MB vmalloc buffer, fuse_direct_io passes a 10 MB block as a ...

5.5CVSS6.3AI score0.00217EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/18 3:32 a.m.2392 views

CVE-2023-52367

CVE-2023-52367 describes an improper access control vulnerability in the media library module, observed in Huawei HarmonyOS and EMUI. The root cause is access-control failure, with CVSS 3.1 indicating a local exploit could enable high-impact outcomes to integrity and availability, and no privileg...

7.7CVSS6.7AI score0.00119EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/06/24 3:0 p.m.2392 views

CVE-2022-1517

Illumina Local Run Manager (LRM) software, affected versions 1.3–3.1, contains CVE-2022-1517 (execution with unnecessary privileges). An unauthenticated attacker could upload and execute code remotely at the OS level, potentially tampering with settings, software, data, or APIs and interacting ov...

10CVSS9.8AI score0.01633EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/07 5:43 p.m.2391 views

CVE-2022-1708

CVE-2022-1708 affects CRI-O and causes memory or disk exhaustion on the node when handling large output from ExecSync. The vulnerability arises from CRI-O reading the entire command output after execution, which can exhaust node resources and impact availability. Connected advisories indicate aff...

7.8CVSS7.3AI score0.02827EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/08 12:0 a.m.2390 views

CVE-2025-67887

CVE-2025-67887 afecta 1C-Bitrix with the Translate Module up to 25.100.500. The root cause is unvalidated archive contents during extraction/upload, allowing an attacker with SOURCE/WRITE to upload a PHP file and a crafted .htaccess, then execute code on the server. Impact is remote code executio...

9.8CVSS6AI score0.01549EPSS
Exploits4References6
CVE
CVE
added 2022/07/01 4:6 p.m.2390 views

CVE-2022-1999

CVE-2022-1999 affects GitLab CE/EE, all versions before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1. under certain conditions, an unprivileged user could change a labels description via the REST API. The issue is documented across multiple feeds (NVD, OSV, Nessus plugins) with consistent ...

5.3CVSS5.2AI score0.00606EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/10 7:35 p.m.2390 views

CVE-2022-1505

The RSVPMaker WordPress plugin has an unauthenticated SQL Injection in rsvpmaker-api-endpoints.php (and related ~rsvpmaker-email.php) due to insufficient escaping/parameterization. Affects versions up to 9.2.6 per CVE-2022-1505; impact is disclosure of database data. Connected sources reiterate t...

9.8CVSS7.5AI score0.01779EPSS
Exploits0References3Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.2390 views

CVE-2024-8377

This CVE ID is rejected/not used and does not represent an active vulnerability entry.

7AI score
Exploits0
CVE
CVE
added 2019/09/06 10:15 a.m.2389 views

CVE-2019-15846

Exim CVE-2019-15846 affects Exim 4.92.x prior to 4.92.2, where a trailing backslash in SMTP processing enables remote code execution as root. Published advisories (e.g., ALAS-2019-1277/1310) confirm the issue and urge upgrading to Exim 4.92.2 or newer. Remediation: upgrade Exim to 4.92.2+ or appl...

10CVSS9.6AI score0.35736EPSS
In wildExploits3References23Affected Software1
CVE
CVE
added 2018/01/10 1:0 a.m.2387 views

CVE-2018-0802

CVE-2018-0802 is a Microsoft Office memory corruption/remote code execution vulnerability in the Equation Editor, triggered by crafted OLE/embedded objects in Office documents. Affected products include Office 2007, 2010, 2013, and 2016; the issue arises from the way Office handles in-memory obje...

9.3CVSS8.5AI score0.93289EPSS
In wildExploits7References8Affected Software3
CVE
CVE
added 2024/12/27 1:49 p.m.2382 views

CVE-2024-53190

The CVE 2024-53190 entry describes a Linux kernel issue in the Realtek RTLWiFi driver, where the efuse read path (read_efuse/read_efuse_byte during rtl8192cu probe) could loop up to 10k times on failure, causing extended system hang. The mitigated behavior is to drastically reduce retry attempts ...

5.5CVSS6.8AI score0.00236EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2018/11/07 5:0 a.m.2382 views

CVE-2018-19052

The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...

7.5CVSS7.3AI score0.1408EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/07/14 5:54 p.m.2380 views

CVE-2021-34473

CVE-2021-34473 is part of the ProxyShell chain affecting on-premises Microsoft Exchange Server. The vulnerability arises from pre-auth path confusion that bypasses ACLs, enabling pre-auth remote code execution when combined with CVE-2021-34523 and CVE-2021-31207 in the same exploit chain. Exploit...

10CVSS9.8AI score0.99999EPSS
In wildExploits16References4Affected Software1
CVE
CVE
added 2022/10/17 12:0 a.m.2377 views

CVE-2022-2884

CVE-2022-2884 affects GitLab CE/EE with authenticated remote code execution via the Import from GitHub API endpoint. Affected versions span from 11.3.4 up to 15.1.5, and also include 15.2.x (up to 15.2.3) and 15.3.x (up to 15.3.1), according to the vulnerability description. Public exploit activi...

9.9CVSS9.4AI score0.75718EPSS
Exploits4References4Affected Software1
Total number of security vulnerabilities5000