Lucene search
K
CveMost viewed

368264 matches found

CVE
CVE
added 2024/04/04 5:55 p.m.2200 views

CVE-2024-25709

Mode C: Normal details available CVE-2024-25709 is a stored Cross-Site Scripting (XSS) vulnerability affecting Esri Portal for ArcGIS. The connected PTSecurity advisory specifies affected versions: Esri Portal for ArcGIS 10.8.1 through 10.8.1 – 1121. The issue allows a remote attacker to craft a ...

6.1CVSS5.9AI score0.00453EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/06 5:0 p.m.2200 views

CVE-2022-1783

CVE-2022-1783 affects GitLab CE/EE across multiple streams: 14.3–14.9.5, 14.10–14.10.4, and 15.0–15.0.1. The issue allows malicious group maintainers to add new project members via the REST API even when a group owner disables such additions. Affected components are GitLab’s group/project members...

4CVSS3.6AI score0.00947EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/01 8:10 p.m.2200 views

CVE-2022-30190

Technical details beyond the MSDT/Follina description are not provided in the connected documents. Public specifics (affected versions, exploit paths, patches) are not available here; monitor for updates.

9.3CVSS8.5AI score0.99374EPSS
In wildExploits62References4Affected Software16
CVE
CVE
added 2022/08/05 3:9 p.m.2194 views

CVE-2022-2531

CVE-2022-2531 affects GitLab EE, with vulnerable versions including 12.5–15.0.4, 15.1–15.1.3, and 15.2–15.2.0. The root cause is incorrect authentication on the Grafana API under specific conditions, allowing unauthenticated users to perform queries through a path traversal vulnerability. The doc...

5.3CVSS5.4AI score0.01092EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/08/07 5:6 p.m.2191 views

CVE-2022-37452

The CVE-2022-37452 issue affects Exim (MTA) prior to version 4.95, where a heap-based buffer overflow occurs in the alias list handled by host_name_lookup in host.c when sender_host_name is set. The vulnerability can lead to denial of service and, per sources, possibly arbitrary code execution; N...

9.8CVSS9.5AI score0.0292EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2022/05/31 10:20 p.m.2190 views

CVE-2022-1947

The CVE-2022-1947 entry concerns polonel/trudesk before version 1.2.3, where an incorrect operator in the code leads to a security flaw. Public sources in the connected documents confirm the affected software and the root cause as an operator misuse in the application. Impact details from the CVE...

9.1CVSS6.9AI score0.01176EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/08/15 8:37 a.m.2188 views

CVE-2022-2379

CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...

7.5CVSS7.3AI score0.02801EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2025/02/28 8:25 a.m.2185 views

CVE-2025-1413

CVE-2025-1413 affects DaVinci Resolve on macOS prior to 19.1.3. The root cause is incorrect file permissions (rwxrwxrwx) for the application, which can enable Dylib hijacking and privilege escalation for guest accounts, other users, and applications. The vulnerability is local, with high impact t...

8.4CVSS6.6AI score0.00195EPSS
Exploits0References3
CVE
CVE
added 2017/01/05 12:0 a.m.2180 views

CVE-2016-10012

CVE-2016-10012 affects OpenSSH up to version 7.4, tied to the shared memory manager used with pre-authentication compression. The issue stems from a bounds check not being enforced consistently across compilers in the m_zback/m_zlib data structures, enabling local privilege escalation via access ...

7.8CVSS6.2AI score0.01281EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2021/11/04 3:36 p.m.2179 views

CVE-2021-40124

Cisco AnyConnect Secure Mobility Client for Windows, Network Access Manager (NAM) module, contains a privilege-escalation vulnerability due to incorrect privilege assignment to scripts run before user logon. An authenticated, local attacker could exploit this to execute arbitrary code with SYSTEM...

7.8CVSS7.2AI score0.00235EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/03/18 1:59 p.m.2166 views

CVE-2021-28133

CVE-2021-28133 affects Zoom Client (notably 5.4.3 and 5.5.4) where, when sharing a specific application window via Share Screen, other participants can briefly see contents of non-shared windows that overlay the shared window and come into focus. The exposure is a user-interaction dependent infor...

4.3CVSS4.4AI score0.16289EPSS
Exploits2References7Affected Software1
CVE
CVE
added 2018/05/09 7:0 p.m.2164 views

CVE-2018-8174

CVE-2018-8174 is a Windows VBScript Engine out-of-bounds write vulnerability enabling remote code execution. Public documentation confirms an RCE when the VBScript engine handles in-memory objects, affecting Windows 7, Server 2008/2012/2016, Windows 8.1, Windows 10 and server variants. Public wri...

7.6CVSS8.1AI score0.87814EPSS
In wildExploits9References5Affected Software10
CVE
CVE
added 2022/06/20 4:0 a.m.2162 views

CVE-2022-2023

CVE-2022-2023 concerns polonel/trudesk before 1.2.4 due to incorrect use of privileged APIs. Affected: polonel/trudesk, prior to 1.2.4. Root cause: improper handling of privileged APIs within the GitHub repo. Impact (as per sources): high severity with network attack vector and partial confidenti...

10CVSS9.7AI score0.02975EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/06/13 12:42 p.m.2160 views

CVE-2022-1772

CVE-2022-1772 affects the WordPress Google Places Reviews plugin before 2.0.0. It is a stored cross-site scripting (XSS) vulnerability caused by not properly escaping the Google API key setting, which is exposed in the admin panel. In multisite WordPress deployments, a malicious administrator cou...

4.8CVSS4.9AI score0.0071EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/06/08 10:0 a.m.2155 views

CVE-2022-30556

The CVE-2022-30556 issue affects Apache HTTP Server (2.4.53 and earlier) where the wsread path may return a pointer past the end of the buffer, enabling information disclosure via websockets. Public references in connected sources corroborate: (1) industry advisories note an information disclosur...

7.5CVSS8.8AI score0.04687EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2020/12/08 9:11 p.m.2153 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
Exploits0References14Affected Software8
CVE
CVE
added 2019/06/11 9:35 p.m.2153 views

CVE-2019-0197

The CVE-2019-0197 entry concerns Apache HTTP Server 2.4.34–2.4.38. When HTTP/2 is enabled for an http: host or H2Upgrade is enabled for h2 on an https: host, an Upgrade request from http/1.1 to http/2 that is not the first request on a connection could cause misconfiguration and crash. Servers th...

4.9CVSS5.5AI score0.08441EPSS
Exploits0References30Affected Software1
CVE
CVE
added 2025/02/28 12:34 p.m.2149 views

CVE-2025-22274

CVE-2025-22274 affects CyberArk Endpoint Privilege Manager (SaaS) 24.7.1. Affected component: the HTML content entered in the Application definition page can lead to HTML injection in the page output. Root cause described in sources as an HTML injection via the content field; other versions are u...

2CVSS6.6AI score0.00434EPSS
Exploits0References3
CVE
CVE
added 2022/08/05 3:11 p.m.2147 views

CVE-2022-2307

CVE-2022-2307 affects GitLab CE/EE: a lack of cascading deletes in GitLab versions 13.0–15.0.4, 15.1.0–15.1.3, and 15.2.0–15.2.0 allows a Group Owner to retain a usable Group Access Token after the Group is deleted, though the APIs available to that token are limited. The vulnerability impact and...

3.8CVSS4AI score0.00458EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/24 10:22 p.m.2142 views

CVE-2025-27144

CVE-2025-27144 targets Go JOSE 4.x prior to 4.0.5, where parsing compact JWS/JWE input with strings.Split(token, ".") can cause memory exhaustion and DoS. The fixed version is 4.0.5; workaround is pre-validating payloads to avoid excessive dots. Connected advisories expand impact to container too...

8.7CVSS7.2AI score0.00369EPSS
Exploits0References3
CVE
CVE
added 2022/03/03 12:0 a.m.2141 views

CVE-2022-22947

CVE-2022-22947 affects Spring Cloud Gateway when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker can craft a request to the Actuator interface and cause arbitrary remote code execution on the host due to a code-injection vulnerability in the gateway routing/Act...

10CVSS9.7AI score0.98253EPSS
In wildExploits54References6Affected Software1
CVE
CVE
added 2022/03/14 10:15 a.m.2139 views

CVE-2022-22719

Summary (CVE-2022-22719) Affects Apache HTTP Server (httpd) 2.4.52 and earlier. The issue arises in the httpd mod_lua component where an uninitialized value in r:parsebody can cause a read to a random memory area, potentially leading to a crash and availability impact. Connected advisories confir...

7.5CVSS8.7AI score0.69803EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2022/10/17 12:0 a.m.2138 views

CVE-2022-2992

CVE-2022-2992 is a GitLab GitHub Import API deserialization flaw that enables authenticated users to trigger remote code execution. Affected products are GitLab CE/EE with versions 11.10–11.10.x? (per the wording) and all releases prior to 15.1.6, 15.2 up to 15.2.4, and 15.3 up to 15.3.2. The roo...

9.9CVSS9.4AI score0.86194EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2022/07/17 10:36 a.m.2136 views

CVE-2022-2133

The CVE-2022-2133 entry concerns the WordPress OAuth Single Sign On – SSO (OAuth Client) plugin. Affected versions are prior to 6.22.6, where the plugin does not validate that OAuth access token requests are legitimate. This failure enables an attacker to log into a site using only knowledge of a...

5.3CVSS5.2AI score0.00988EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2025/02/28 12:32 p.m.2135 views

CVE-2025-22270

CVE-2025-22270 affects CyberArk Endpoint Privilege Manager (EPM) SaaS 24.7.1. An attacker with admin access to the Role Management UI can inject code by adding a new role in the name field. The risk is mitigated by an additional error that bypasses CSP, which prevents JavaScript execution but all...

7.3CVSS6.8AI score0.00589EPSS
Exploits0References3
CVE
CVE
added 2025/01/28 3:19 p.m.2134 views

CVE-2025-23045

CVE-2025-23045 affects Computer Vision Annotation Tool (CVAT). An attacker with an account on an affected CVAT instance can execute arbitrary code in the Nuclio function container via serverless tracker functions (TransT and SiamMask); deployments with custom tracker functions may also be affecte...

9.8CVSS7AI score0.00483EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/06/08 10:46 p.m.2132 views

CVE-2021-1675

CVE-2021-1675 is the Windows Print Spooler vulnerability known as “PrintNightmare.” Public documents describe a remote code execution path via the Print Spooler service, exploitable by an authenticated attacker through RPC/Printer driver operations (e.g., RpcAddPrinterDriverEx) to execute code wi...

9.3CVSS8.8AI score0.86132EPSS
In wildExploits63References6Affected Software15
CVE
CVE
added 2024/06/06 9:24 p.m.2128 views

CVE-2024-24195

CVE-2024-24195 affects robdns via a misaligned address introduced in commit d76d2e6 at /src/zonefile-insertion.c. The issue is tracked with a CVSSv3.1 base score of 7.5 (HIGH), with NETWORK attack vector, LOW attack complexity, no privileges required, and a HIGH impact on availability (I=N, A=H; ...

7.5CVSS7.6AI score0.004EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/23 1:43 a.m.2128 views

CVE-2018-25045

Django REST framework (django-rest-framework) before 3.9.1 is vulnerable to cross-site scripting (XSS) because the default Browsable API templates disable autoescaping. This causes unescaped content to be rendered in the Browsable API UI, enabling potential script injection when user-supplied dat...

6.1CVSS5.8AI score0.00597EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/11/10 9:0 p.m.2128 views

CVE-2016-5195

CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...

7.2CVSS7.8AI score0.83524EPSS
In wildExploits81References128Affected Software1
CVE
CVE
added 2024/03/15 12:0 a.m.2126 views

CVE-2024-27351

The CVE-2024-27351 issue affects Django’s Truncator.words() (with html=True) and the truncatewords_html filter. The vulnerability arises from a DoS vector in crafted HTML strings and is linked to an incomplete fix for CVE-2019-14232/CVE-2023-43665. Affected versions per sources include Django 3.2...

5.3CVSS7.4AI score0.01854EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2019/07/25 7:7 p.m.2123 views

CVE-2019-13917

Exim (MTA) versions 4.85–4.92 are affected by CVE-2019-13917, which allows remote code execution as root in certain configurations that enable the ${sort } expansion (e.g., manipulated $local_part or $domain). The issue is fixed in version 4.92.1. In affected setups, a remote attacker could explo...

10CVSS9.6AI score0.08622EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2019/09/27 8:7 p.m.2122 views

CVE-2019-16928

Exim CVE-2019-16928 is a heap-based buffer overflow in string_vformat (string.c) triggered by a long EHLO command in Exim 4.92–4.92.2, enabling remote code execution. Several sources confirm the vulnerable path via smtp_in.c and related string formatting code (e.g., string_vformat, string_fmt_app...

9.8CVSS9.9AI score0.42482EPSS
In wildExploits3References15Affected Software1
CVE
CVE
added 2014/07/20 10:0 a.m.2122 views

CVE-2014-0226

Apache HTTP Server CVE-2014-0226 is a race-condition vulnerability in the mod_status component that can cause a heap-based buffer overflow, denial of service, and potentially credential disclosure or code execution. Affects httpd before 2.4.10; the issue arises from improper scoreboard handling i...

6.8CVSS7AI score0.85744EPSS
In wildExploits4References53Affected Software1
CVE
CVE
added 2025/02/28 8:1 p.m.2119 views

CVE-2025-0769

PixelYourSite – Your smart PIXEL (TAG) and API Manager plugin (WordPress) version 10.1.1.1 is affected by CVE-2025-0769 due to unvalidated user input being used directly in an unserialize call inside myapp/modules/facebook/facebook-server-sync-task.php. The vulnerability is described as an unauth...

6.3CVSS7.1AI score0.00356EPSS
Exploits0References2
CVE
CVE
added 2019/03/25 6:37 p.m.2119 views

CVE-2019-3396

CVE-2019-3396 – Atlassian Confluence Widget Connector SSTI RCE : A server-side template injection flaw in the Widget Connector macro allows remote attackers to perform path traversal and achieve remote code execution on Confluence Server/Data Center. Fixes are in Confluence versions: 6.6.12 (6.6....

10CVSS9.8AI score0.99913EPSS
In wildExploits20References6Affected Software1
CVE
CVE
added 2020/11/03 12:0 a.m.2118 views

CVE-2020-15999

CVE-2020-15999 corresponds to a heap-based buffer overflow in FreeType that can be triggered by crafted font/PNG data, potentially via a malicious HTML page, affecting freetype usage in Google Chrome before 86.0.4240.111. Public advisories describe the issue as a heap overflow in Load_SBit_Png an...

9.6CVSS7.1AI score0.5063EPSS
In wildExploits2References12Affected Software1
CVE
CVE
added 2022/05/09 4:50 p.m.2117 views

CVE-2019-25060

The CVE-2019-25060 entry concerns the WPGraphQL WordPress plugin prior to version 0.3.5, where an improper access-control flaw allows a remote attacker to forge a GraphQL query that retrieves the account roles of every user on the site. This affects the confidentiality of user role information; n...

5.3CVSS5.1AI score0.01728EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2015/11/18 3:0 p.m.2111 views

CVE-2015-4852

CVE-2015-4852 describes a remote code execution in Oracle WebLogic Server via deserialization of untrusted data in the WLS Security component. A crafted serialized Java object (via Apache Commons Collections) in T3 protocol traffic to TCP port 7001 can execute arbitrary commands. Affected version...

9.8CVSS8.4AI score0.96032EPSS
In wildExploits17References16Affected Software1
CVE
CVE
added 2019/07/15 6:56 p.m.2110 views

CVE-2019-1068

CVE-2019-1068 is a remote code execution vulnerability in Microsoft SQL Server triggered by incorrect handling of internal functions. The CVE is publicly documented with CVSS2/3 scores (6.5/8.8) and is linked to Microsoft security updates KB4505222/KB4505224 (and related KBs) addressing SQL Serve...

8.8CVSS8.9AI score0.44665EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/09/09 4:25 p.m.2104 views

CVE-2025-47437

CVE-2025-47437 is a confirmed SSRF in the WordPress LiteSpeed Cache plugin (

6.4CVSS7.2AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2021/04/22 5:50 p.m.2104 views

CVE-2021-27278

CVE-2021-27278 concerns Parallels Desktop (v16.1.1-49141) affecting the Toolgate component. The vulnerability arises from improper validation of a user-supplied path used in file operations, enabling local attackers who have the ability to run high-privileged code on a guest to escalate privilege...

8.2CVSS8.1AI score0.00542EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/05 4:0 p.m.2103 views

CVE-2024-12231

CodeZips Project Management System 1.0 contains an SQL injection vulnerability in /index.php, triggered by manipulating the email parameter. Root cause is improper input handling, enabling remote exploitation with high impact on confidentiality, integrity, and availability. Public exploit informa...

9.8CVSS7.5AI score0.00663EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/07/10 8:51 p.m.2099 views

CVE-2023-24487

CVE-2023-24487 describes an Arbitrary file read in Citrix ADC and Citrix Gateway. The vulnerability originates from access to NSIP/SNIP via the management interface and affects: Citrix ADC/Gateway 12.1 before 12.1-65.35, 12.1-FIPS before 12.1-55.296, 13.0 before 13.0-90.11, and 13.1 before 13.1-4...

7.5CVSS6.8AI score0.01073EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/08/05 10:45 a.m.2098 views

CVE-2022-2664

This CVE concerns the Private Cloud Management Platform. The vulnerability affects the POST Request Handler, specifically the function at /management/api/rcx_management/global_config_query, where an improper authentication issue is reported. The description states that manipulation of this endpoi...

9.8CVSS8.6AI score0.00579EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/24 1:35 p.m.2090 views

CVE-2024-35593

CVE-2024-35593 affects Raingad IM v4.1.4 with an arbitrary file upload vulnerability in the File preview feature that can lead to arbitrary code execution through a crafted PDF. Concrete details in connected sources confirm the affected product/version and the underlying issue is an arbitrary fil...

5.5CVSS8.1AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2021/08/12 6:12 p.m.2082 views

CVE-2021-36942

CVE-2021-36942 corresponds to Windows LSA Spoofing vulnerability (LSARPC) that can coerce a domain controller to authenticate to an attacker host via NTLM. In August 2021 Microsoft Patch Tuesday released fixes (KB5005413) and mitigations; multiple sources note patching as a priority. CISA’s KEV c...

7.5CVSS7.2AI score0.66023EPSS
In wildExploits4References3Affected Software6
CVE
CVE
added 2022/08/04 8:41 a.m.2081 views

CVE-2022-2647

CVE-2022-2647 affects jeecg-boot and enables unrestricted file upload via the /api/ path. The root cause appears to be insufficient input/file-type validation in the code path handling file arguments (e.g., Veracode cites lack of checks in FileTypeFilter.java). Public exploitation is noted in the...

9.8CVSS8.7AI score0.00664EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/03 7:5 p.m.2079 views

CVE-2021-32803

CVE-2021-32803 concerns the npm package tar (node-tar) with an arbitrary File Creation/Overwrite vulnerability due to insufficient symlink protection when extracting tar files. The issue arises from a directory cache and mkdir-skip logic that can be bypassed when a directory and a symlink share t...

8.2CVSS7.6AI score0.07795EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2016/09/01 12:0 a.m.2076 views

CVE-2016-2183

The CVE-2016-2183 (Sweet32) issue stems from the DES/3DES ciphers used in TLS/SSL, allowing a birthday attack to recover plaintext from long, encrypted sessions. Public advisories and vendor notes show OpenSSL-based stacks (and products relying on it) were affected, with mitigations including de-...

7.5CVSS6.5AI score0.95707EPSS
In wildExploits7References137Affected Software4
Total number of security vulnerabilities5000