Lucene search
K
CveMost viewed

368379 matches found

CVE
CVE
added 2024/05/16 8:47 p.m.1975 views

CVE-2021-33157

CVE-2021-33157 affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware, where insufficient control flow management could allow a privileged user to escalate privileges via local access. The base CVSSv3.1 score is 7.2 (HIGH) with LOCAL access, HIGH complexity, a...

7.2CVSS7AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/16 8:47 p.m.1972 views

CVE-2021-33145

CVE-2021-33145 refers to an uncaught exception in Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware that may allow a privileged local escalation. Red Hat and Intel advisories corroborate the same description, with affected products including Intel® Ethernet Contr...

7.2CVSS7AI score0.00196EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/16 8:47 p.m.1971 views

CVE-2021-33141

The CVE-2021-33141 issue affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware. The root cause is improper input validation in the firmware, which may allow an unauthenticated user to cause a denial of service via network access. The CVSS v3.1 base score is 8...

8.6CVSS6.9AI score0.00773EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2009/03/13 10:0 a.m.1971 views

CVE-2008-6471

SQL injection vulnerability in MountainGrafix easyLink 1.1.0 affects detail.php via the cat parameter in a show action, allowing remote attackers to execute arbitrary SQL commands. This is the explicit root cause described in CVE-2008-6471. The connected records corroborate the same description f...

7.5CVSS8.6AI score0.00999EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/02/06 5:32 p.m.1970 views

CVE-2025-23217

CVE-2025-23217 affects mitmweb (the web UI of mitmproxy). In versions 11.1.1 and earlier, a malicious client connected to mitmweb’s proxy server (default bind 0.0.0.0:8080) could reach mitmweb’s internal API (127.0.0.1:8081) through the proxy, enabling SSRF-style access that may lead to remote co...

8.2CVSS7.5AI score0.00761EPSS
Exploits0References3
CVE
CVE
added 2024/05/17 1:23 p.m.1970 views

CVE-2024-35796

The CVE-2024-35796 vulnerability concerns the Linux kernel net/ ll_temac code where platform_get_resource was replaced by devm_platform_ioremap_resource_byname and invoked with a 0-length name, leading to a path that ends up calling platform_get_resource_byname and dereferencing a NULL pointer in...

5.5CVSS6.8AI score0.00226EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2025/02/12 4:20 p.m.1969 views

CVE-2025-25184

CVE-2025-25184 affects Rack (Ruby) where CRLF injection in usernames can be logged by Rack::CommonLogger when credentials are supplied via Rack::Auth::Basic. The issue enables log entry manipulation by including CRLF and whitespace in the username, potentially breaking log formats or injecting fr...

7.1CVSS6.2AI score0.01095EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/05/03 12:5 p.m.1969 views

CVE-2021-39390

CVE-2021-39390 describes a Stored XSS in PartKeepr 1.4.0. The vulnerability arises in the edit module where multiple API endpoints accept a name parameter without proper sanitization/validation, allowing injection of JavaScript that can be executed in the client browser. Affected software: PartKe...

5.4CVSS5.2AI score0.0064EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/05/16 8:47 p.m.1968 views

CVE-2021-33161

The CVE-2021-33161 issue concerns improper input validation in Intel Ethernet Adapters and Intel Ethernet Controller I225 Manageability firmware, enabling a privileged user to escalate privileges via local access. Affected products include Intel Ethernet Controller I225 Manageability firmware (be...

7.2CVSS7AI score0.00209EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/04 12:8 a.m.1967 views

CVE-2021-43160

CVE-2021-43160 affects Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55. The vulnerability arises in the switchFastDhcp function under /cgi-bin/luci/api/diagnose, enabling remote code execution. The connected sources specify the affected product and the vulnerable component, ...

8.8CVSS8.8AI score0.01814EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/03/18 1:0 a.m.1967 views

CVE-2014-0098

CVE-2014-0098 affects the Apache HTTP Server (mod_log_config) prior to version 2.4.8. The vulnerability is caused by how log_cookie is handled during truncation, allowing remote attackers to trigger a denial-of-service (segmentation fault and daemon crash). Public advisories and vendor notes (e.g...

5CVSS8AI score0.25999EPSS
Exploits2References54Affected Software1
CVE
CVE
added 2022/09/01 7:54 p.m.1966 views

CVE-2022-1902

CVE-2022-1902 describes a vulnerability in Red Hat Advanced Cluster Security for Kubernetes where Notifier secrets were not properly sanitized in the GraphQL API. This allows authenticated ACS users to retrieve Notifiers via GraphQL, potentially escalating privileges. CVSSv3.1 base score 8.8 (HIG...

8.8CVSS8.5AI score0.01154EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/09/05 12:35 p.m.1964 views

CVE-2022-2083

CVE-2022-2083 affects the WordPress plugin “Simple Single Sign On”

7.5CVSS7.6AI score0.00584EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2024/05/16 8:47 p.m.1962 views

CVE-2021-33142

Summary: CVE-2021-33142 affects Intel® Ethernet Adapters and Intel® Ethernet Controller I225 Manageability firmware. The common issue is improper input validation in the firmware, which may allow a privileged user to cause a denial of service via local access. Connections across sources (Intel ad...

6CVSS6.5AI score0.00229EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/02 9:41 p.m.1960 views

CVE-2021-41003

CVE-2021-41003 affects Aruba AOS-CX API interface across Aruba CX 6200F, 6300, 6400, 8320, 8325, 8400, and CX 8360 series. Reported as multiple unauthenticated command‑injection vulnerabilities with affected AOS-CX versions: 10.06.xxxx (<=10.06.0170), 10.07.xxxx (<=10.07.0050), 10.08.xxxx (...

6.1CVSS7.1AI score0.00795EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/16 8:47 p.m.1955 views

CVE-2021-33158

CVE-2021-33158 affects Intel Ethernet Adapters and the Intel Ethernet Controller I225 Manageability firmware. Affected: Intel Ethernet Controller I225 Manageability firmware prior to NVM 1.87 and Intel Ethernet Adapters prior to version 29.0.1. Description from Intel advisory: improper neutraliza...

7.2CVSS7AI score0.00214EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/04 11:55 p.m.1955 views

CVE-2022-0609

CVE-2022-0609 is a Google Chrome vulnerability described as a use-after-free in the Animation component, leading to potential heap corruption and remote code execution via a crafted HTML page. Affected product: Google Chrome (Animation). Vulnerable condition: use-after-free in the Chrome animatio...

8.8CVSS9.1AI score0.23546EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2025/02/19 7:1 a.m.1950 views

CVE-2025-0633

CVE-2025-0633 is a heap-based buffer overflow in iniparser_dumpsection_ini() of iniparser, allowing read of out-of-bounds memory. Connected advisories (ALAS/ALAS2, Mageia, Debian, Fedora, Red Hat, Alpine, CIRCL) confirm iniparser as the affected package and cite a patched release; specifics vary ...

5.1CVSS6.4AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2019/02/09 2:0 p.m.1944 views

CVE-2019-7659

Genivia gSOAP 2.7.x and 2.8.x are affected by CVE-2019-7659 if a server application is built with -DWITH_COOKIES. The vulnerability exists in the C/C++ libraries libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ when built with that flag, enabling denial of service (application abort) and pos...

8.1CVSS8.3AI score0.01996EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/06/06 9:26 p.m.1943 views

CVE-2024-24198

The vulnerability CVE-2024-24198 affects SmartDNS due to a misaligned address in smartdns/src/util.c within commit 54b4dc. Reported CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates high impact to availability with no confidentiality or integrity impact. The available documents do not provid...

7.5CVSS7.6AI score0.00461EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/12/19 10:28 p.m.1940 views

CVE-2019-19141

The Plex Media Server CVE-2019-19141 vulnerability affects the Camera Upload feature through version 1.18.2.2029. It permits remote authenticated users to write files anywhere the Plex process user has permissions, enabling remote code execution. The described attack path includes directory trave...

8.8CVSS8.7AI score0.04353EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/22 12:7 p.m.1936 views

CVE-2021-36260

CVE-2021-36260 is a command-injection vulnerability in the web server of Hikvision products caused by insufficient input validation. Public details in the provided docs confirm an attacker can trigger remote code execution via crafted messages to the device (no authentication required in some PoC...

9.8CVSS9.4AI score0.99869EPSS
In wildExploits23References6Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.1925 views

CVE-2024-27028

CVE-2024-27028 is confirmed with concrete details in connected docs: the Linux kernel spi-mt65xx driver had a NULL pointer dereference in the interrupt handler during spi_transfer when tx_buf could be NULL. The fix adds a check for trans->tx_buf before use, mitigating potential crashes. Affect...

6.5CVSS6.5AI score0.01176EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2023/07/10 8:36 p.m.1920 views

CVE-2023-24486

Citrix Workspace app for Linux is affected by a session takeover vulnerability (CVE-2023-24486) due to improper access control. An authenticated local user could gain access to another user’s Citrix Virtual Apps and Desktops session on the same machine when launching published desktops/applicatio...

5.5CVSS5.5AI score0.00185EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/06/19 10:3 a.m.1920 views

CVE-2023-29542

Technical details for CVE-2023-29542 are not publicly disclosed in the provided documents. No affected products, root cause, or mitigation are specified here. Monitor for updates from the sources to obtain concrete information.

9.8CVSS8.7AI score0.0094EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2024/03/22 12:55 p.m.1913 views

CVE-2024-29943

CVE-2024-29943 is a Firefox vulnerability: an attacker could perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. Affected product: Mozilla Firefox versions earlier than 124.0.1 (desktop; ESR has separate fixes). The root cause is an incor...

9.8CVSS5.5AI score0.22935EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2020/01/07 4:30 p.m.1912 views

CVE-2019-14834

CVE-2019-14834 affects dnsmasq prior to 2.81 and causes a memory leak that can be exploited remotely to trigger a denial of service via DHCP response creation. Public details across multiple advisories indicate the root cause is in memory management (e.g., create_helper function and related code ...

4.3CVSS4AI score0.02664EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/03/05 8:40 p.m.1907 views

CVE-2025-27516

CVE-2025-27516 : Jinja2 before 3.1.6 exposes a sandbox bypass via the |attr filter, allowing arbitrary Python code execution if an attacker controls template content. Affected: jinja2 versions prior to 3.1.6. Impact: execution of code in untrusted templates. Remediation: upgrade to 3.1.6 or newer...

8.8CVSS7.6AI score0.00465EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/05/11 10:0 a.m.1907 views

CVE-2012-1823

CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...

9.8CVSS9.9AI score0.99998EPSS
In wildExploits42References31Affected Software1
CVE
CVE
added 2023/02/14 7:33 p.m.1904 views

CVE-2023-21713

CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...

8.8CVSS9.3AI score0.01755EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/22 12:0 a.m.1904 views

CVE-2021-25636

CVE-2021-25636 affects The Document Foundation LibreOffice 7.2.x prior to 7.2.5. The issue arises from an Improper Certificate Validation in which a document can be crafted so that the signature verification process uses KeyValue data while reporting a mismatch with X509Data, undermining trust in...

7.5CVSS6.7AI score0.00965EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/04/26 6:21 p.m.1898 views

CVE-2019-2725

CVE-2019-2725 is an Oracle WebLogic Server vulnerability (Web Services subcomponent) that allows unauthenticated, network-based remote code execution via HTTP. Affected versions include Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0. The root cause is deserialization of untrusted objects in Web...

9.8CVSS9.5AI score0.99964EPSS
In wildExploits35References9Affected Software8
CVE
CVE
added 2011/02/22 6:0 p.m.1895 views

CVE-2011-1002

Avahi CVE-2011-1002 affects the avahi-daemon (avahi) before 0.6.29. A remote attacker can trigger a denial of service (infinite loop) by sending an empty mDNS UDP packet to port 5353 (IPv4 or IPv6). The issue arises from an incorrect fix related to CVE-2010-2244. Public advisories and distributio...

5CVSS7.8AI score0.29361EPSS
Exploits1References31Affected Software1
CVE
CVE
added 2025/04/11 4:27 a.m.1893 views

CVE-2025-1386

CVE-2025-1386 concerns the ch-go library from github.com/ClickHouse/ch-go. The issue is a vulnerability in which, under a specific condition where a query includes large, uncompressed external data, an attacker who controls that data can smuggle another query packet into the same connection strea...

5.9CVSS6.6AI score0.00342EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2012/09/05 8:0 p.m.1893 views

CVE-2011-4448

CVE-2011-4448 affects WikkaWiki 1.3.1 and 1.3.2. The vulnerability is an SQL injection in actions/usersettings/usersettings.php via the default_comment_display parameter in an update action, caused by insufficient sanitization. This allows remote attackers to inject arbitrary SQL commands and pot...

7.5CVSS8.3AI score0.01944EPSS
Exploits7References2Affected Software1
CVE
CVE
added 2025/02/18 5:36 p.m.1892 views

CVE-2025-26620

CVE-2025-26620 describes a race condition in Duende.AccessTokenManagement when multiple concurrent requests for client credentials tokens use varying TokenRequestParameters. The issue can cause concurrent requests to return tokens with incorrect protocol parameters (scope, resource indicator, etc...

6.3CVSS7.3AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2024/06/03 6:40 p.m.1889 views

CVE-2021-3899

CVE-2021-3899 involves a race condition in Apport's replaced-executable detection that, with specific local configuration, could allow a local attacker to run arbitrary code as root. This vulnerability is referenced in multiple advisories (Ubuntu USN-6894-1, RH Red Hat CVE notes, and Nessus/OSV e...

7.8CVSS7.2AI score0.00384EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/01/15 1:5 p.m.1886 views

CVE-2024-57883

Technical details about CVE-2024-57883 are not provided in the supplied documents. Monitor official kernel advisories and vendor security notices for affected products, scope, and fixes.

5.5CVSS6.3AI score0.00203EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2014/03/28 7:0 p.m.1885 views

CVE-2014-0050

This CVE affects Apache Commons FileUpload (MultipartStream.java) before version 1.3.1, as used in Apache Tomcat, JBoss Web, and other products. The root cause is a crafted Content-Type header that bypasses the loop exit conditions, allowing remote attackers to trigger an infinite loop and high C...

7.5CVSS7.1AI score0.83175EPSS
Exploits8References69Affected Software1
CVE
CVE
added 2019/09/28 1:33 a.m.1882 views

CVE-2019-16935

The CVE-2019-16935 issue concerns the documentation XML-RPC server in Python (Lib/DocXMLRPCServer.py for Python 2.x and Lib/xmlrpc/server.py for Python 3.x). The root cause is that server_title, when set_server_title is called with untrusted input, can deliver arbitrary JavaScript to clients via ...

6.1CVSS6.8AI score0.04653EPSS
Exploits1References23Affected Software1
CVE
CVE
added 2022/08/24 3:16 p.m.1881 views

CVE-2022-2569

This CVE (CVE-2022-2569) affects ARC Informatique PcVue (OAuth Web Service configuration) components: PcVue 12 (before 12.0.27) and PcVue 15 (before 15.2.3). The vulnerability stems from cleartext storage of sensitive information, potentially allowing an authenticated user to access session data ...

5.5CVSS5.2AI score0.0013EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/20 12:0 a.m.1881 views

CVE-2021-3426

CVE-2021-3426 corresponds to a vulnerability in Python’s pydoc where the getfile feature could be abused to read arbitrary files. The linked sources confirm the issue affects Python versions prior to specific releases (e.g., Python before 3.8.9, 3.9.3, and 3.10.0a7 per the CVE description) and no...

5.7CVSS5.6AI score0.01863EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2021/02/17 4:55 p.m.1879 views

CVE-2021-1372

Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...

5.5CVSS5.3AI score0.0041EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2025/03/21 2:52 p.m.1877 views

CVE-2021-25635

CVE-2021-25635 is a certificate-validation vulnerability in LibreOffice described as a Content Manipulation with Certificate Validation Attack. An attacker could enable self-signed ODF documents, then modify the signature algorithm to an invalid/unknown one; LibreOffice could display the signatur...

5.5CVSS7.3AI score0.00135EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/01 12:53 p.m.1877 views

CVE-2024-27037

CVE-2024-27037 (Linux kernel) affects the zynq clock controller path. The kmalloc() failure in zynq_clk_setup() can yield NULL, risking a NULL pointer dereference when using snprintf() to write to that address. A patch replaces the kmalloc()-based allocation with a stack-allocated variable, preve...

5.5CVSS6.6AI score0.00273EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2024/02/21 2:59 p.m.1875 views

CVE-2024-26584

CVE-2024-26584 is a Linux kernel TLS backlogging vulnerability where setting CRYPTO_TFM_REQ_MAY_BACKLOG on crypto_api requests can cause crypto_aead_encrypt/decrypt to return -EBUSY in valid cases. If the cryptd AES-NI queue is full, requests are enqueued to backlog and may be processed, triggeri...

5.5CVSS6.8AI score0.00246EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/05/04 12:8 a.m.1875 views

CVE-2021-43161

CVE-2021-43161 affects Ruijie RG-EW Series Routers (Ruijie Networks) running ReyeeOS up to 1.55.1915 / EW_3.0(1)B11P55. The vulnerability is triggered via the doSwitchApi function in /cgi-bin/luci/api/switch, enabling Remote Code Execution. Several sources describe it as an RCE due to the path an...

8.8CVSS8.8AI score0.01814EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/27 3:2 p.m.1874 views

CVE-2024-56633

The CVE-2024-56633 issue in the Linux kernel relates to tcp_bpf_sendmsg and the sk_mem_uncharge accounting in __SK_REDIRECT. The current approach pre-uncharges tosend bytes (msg->sg.size or apply_bytes), which can lead to under/over charging if actual sent bytes differ or if ret < 0. The ci...

7.8CVSS6.2AI score0.00273EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2021/05/11 7:11 p.m.1874 views

CVE-2021-31207

CVE-2021-31207 is one of the ProxyShell chain affecting on-premises Microsoft Exchange Server, enabling post-auth arbitrary-file-write that can lead to remote code execution. Exploitation chains documented in FireEye and related advisories describe initial steps using Autodiscover and MAPI to lea...

6.6CVSS8.2AI score0.99782EPSS
In wildExploits11References4Affected Software1
CVE
CVE
added 2022/03/18 5:0 a.m.1868 views

CVE-2021-45966

Pascom Cloud Phone System prior to 7.20.x contains a remote code execution flaw in the management REST API: /services/apply in exd.pl does not properly filter shell metacharacters, enabling an attacker to run arbitrary code. Affected component is the /services/apply endpoint of the exd.pl script;...

10CVSS9.7AI score0.05618EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000