Lucene search
K
CveMost viewed

368302 matches found

CVE
CVE
added 2021/07/14 5:54 p.m.1762 views

CVE-2021-34523

Microsoft Exchange Server on-premises is affected by ProxyShell chain implying CVE-2021-34523 as a local/elevation of privilege issue in the Exchange PowerShell backend. The exploit chain begins with pre-auth access via Autodiscover and MAPI to leak DN/SID, enabling impersonation and remote Power...

9.8CVSS9.6AI score0.99987EPSS
In wildExploits10References4Affected Software1
CVE
CVE
added 2024/12/25 10:6 a.m.1757 views

CVE-2024-52046

CVE-2024-52046 affects Apache MINA ObjectSerializationDecoder deserializing data via Java’s native protocol. Affected MINA core versions: 2.0.x, 2.1.x, 2.2.x; fixed in MINA core releases 2.0.27, 2.1.10 and 2.2.4. The issue only matters if IoBuffer#getObject() is invoked (e.g., when a ProtocolCode...

10CVSS7.4AI score0.23932EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/07/19 5:51 p.m.1754 views

CVE-2023-3519

CVE-2023-3519 is an unauthenticated remote code execution in Citrix NetScaler ADC/Gateway. Exploitation enables an attacker with network access to run arbitrary code, potentially deploy web shells and fully compromise affected systems. Public advisories and multiple connected documents describe a...

9.8CVSS10AI score0.99445EPSS
In wildExploits16References3Affected Software2
CVE
CVE
added 2022/03/18 5:0 a.m.1754 views

CVE-2021-45967

Pascom Cloud Phone System before 7.20.x is affected by a path traversal vulnerability caused by a configuration mismatch between NGINX and the backend Tomcat, exposing unintended endpoints. Multiple connected sources corroborate a pre-7.20.x issue with path traversal (and related exposure). Remed...

9.8CVSS9.3AI score0.208EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2015/08/24 12:0 a.m.1754 views

CVE-2015-6563

CVE-2015-6563 affects the OpenSSH sshd monitor component (monitor.c/monitor_wrap.c). The vulnerability allows a local attacker who has any SSH login access and can control the sshd uid to send a crafted MONITOR_REQ_PAM_INIT_CTX, enabling impersonation by leaking extraneous username data. Public a...

6.4CVSS5.4AI score0.00378EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2020/07/14 10:54 p.m.1752 views

CVE-2020-1350

CVE-2020-1350 (SIGRed) is a remote code execution vulnerability in Windows DNS Server caused by improper handling of requests, allowing an unauthenticated attacker to execute code with Local System privileges via DNS queries. Exploitation could be wormable, enabling propagation to other DNS serve...

10CVSS9.6AI score0.92178EPSS
In wildExploits21References3Affected Software4
CVE
CVE
added 2020/10/21 2:4 p.m.1749 views

CVE-2020-14882

CVE-2020-14882 affects Oracle WebLogic Server Console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. The vulnerability is a WebLogic Administration Console input-validation flaw that allows an unauthenticated, network-reachable attacker to perform remote code executio...

10CVSS9.7AI score0.99997EPSS
In wildExploits41References5Affected Software1
CVE
CVE
added 2019/12/11 12:0 a.m.1749 views

CVE-2019-18935

CVE-2019-18935 affects Progress Telerik UI for ASP.NET AJAX (RadAsyncUpload deserialization). The vulnerability allows remote code execution when encryption keys are known (e.g., via CVE-2017-11317/11357 or other means). Exploitation, if possible, can occur over network with low complexity and no...

9.8CVSS9.7AI score0.99737EPSS
In wildExploits16References11Affected Software1
CVE
CVE
added 2023/07/20 12:23 a.m.1747 views

CVE-2022-28736

CVE-2022-28736 describes a use-after-free in grub_cmd_chainloader() that is triggered when the chainloader command is executed more than once. The impact, as stated in the sources, includes exposure of sensitive data and potential arbitrary code execution with local access. Multiple advisories me...

7.8CVSS7.8AI score0.00289EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/01/14 7:33 p.m.1739 views

CVE-2024-53263

Git LFS (Git Large File Storage) is affected by CVE-2024-53263. The vulnerability arises when Git LFS requests credentials from Git for a remote host and passes portions of the host URL to git-credential(1) without sanitizing embedded line-ending control characters. An attacker could insert URL-e...

8.5CVSS6.7AI score0.0104EPSS
Exploits0References4
CVE
CVE
added 2024/06/06 9:28 p.m.1734 views

CVE-2024-22524

CVE-2024-22524 concerns dnspod-sr 0dfbd37, with a buffer overflow vulnerability. Affected component: dnspod-sr (version 0dfbd37). Impact per sources: availability impact HIGH; CVSSv3.1 metrics indicate LOCAL attack vector, LOW privileges, LOW complexity, no user interaction. No exploit details ar...

5.5CVSS7.3AI score0.00187EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/26 10:49 p.m.1730 views

CVE-2024-36055

The CVE-2024-36055 issue affects Marvin Test HW.exe (Marvin Test Solutions) prior to version 5.0.5.0. The vulnerability allows unprivileged user‑mode processes to arbitrarily map physical memory with read/write access via MmMapIoSpace, triggered by IOCTLs such as 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c...

5.5CVSS6.5AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2022/01/13 3:50 p.m.1729 views

CVE-2022-23131

CVE-2022-23131 affects the Zabbix Frontend when SAML SSO is enabled (non-default). A malicious, unauthenticated actor can modify session data because user logins stored in the session are not verified, potentially escalating privileges to admin and taking over the frontend. The vulnerability requ...

9.8CVSS9.8AI score0.95683EPSS
In wildExploits9References2Affected Software1
CVE
CVE
added 2021/12/14 4:55 p.m.1729 views

CVE-2021-45046

Technical details for CVE-2021-45046 are not publicly provided in the supplied documents. Monitor for updates from official advisories; sources here reference fixes for other Log4j CVEs but do not specify 45046 specifics.

9CVSS9.7AI score0.99977EPSS
In wildExploits39References22Affected Software1
CVE
CVE
added 2021/11/10 12:47 a.m.1727 views

CVE-2021-42278

CVE-2021-42278 is an Active Directory Domain Services privilege-escalation vulnerability in Microsoft Windows. The connected documents describe exploits/frameworks (e.g., Pachine, sam-the-admin, noPac) that impersonate a Domain Administrator from a standard domain user using Kerberos delegation t...

7.5CVSS8.2AI score0.70207EPSS
In wildExploits9References2Affected Software7
CVE
CVE
added 2012/04/10 9:0 p.m.1727 views

CVE-2012-0158

CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...

9.3CVSS7.8AI score0.99966EPSS
In wildExploits12References13Affected Software2
CVE
CVE
added 2024/04/17 5:27 p.m.1725 views

CVE-2024-3914

CVE-2024-3914 is a use-after-free in V8 within Google Chrome/Chromium before 124.0.6367.60, allowing potential heap corruption via a crafted HTML page. Public references show this vulnerability being fixed in Chromium/Chrome updates (e.g., ChromeOS/Chrome updates around 124.0.6367.x). The connect...

8.8CVSS6.4AI score0.01006EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2020/06/26 2:57 p.m.1724 views

CVE-2020-15341

CVE-2020-15341 affects Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The vulnerability is an unauthenticated access issue in the update_all_realm_license API, enabling potential unauthorized operations. Public sources in the connected documents confirm an unauthenticated endpoint as the ro...

7.5CVSS7.6AI score0.01059EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/06/19 9:58 a.m.1721 views

CVE-2023-29532

CVE-2023-29532 describes a local, Windows-only vulnerability where an attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service to a malicious SMB server. The update can be replaced after the signature check but before use because the service...

5.5CVSS6AI score0.00185EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2021/03/02 11:55 p.m.1720 views

CVE-2021-26857

CVE-2021-26857 is an on‑premises Microsoft Exchange Server remote code execution vulnerability in the Unified Messaging deserialization path. The issue involves insecure deserialization of header data (ContactInfo) within voicemail processing, where an attacker could craft a Base64-encoded header...

7.8CVSS9.3AI score0.94008EPSS
In wildExploits5References2Affected Software1
CVE
CVE
added 2022/06/03 9:51 p.m.1710 views

CVE-2022-26134

CVE-2022-26134 is an unauthenticated OGNL injection in Atlassian Confluence Server and Data Center that enables remote code execution. Affected: Confluence Server/Data Center versions from 1.3.0 up to 7.4.16, 7.13.x up to 7.13.6, 7.14.x up to 7.14.2, 7.15.x up to 7.15.1, 7.16.x up to 7.16.3, 7.17...

9.8CVSS9.9AI score0.99999EPSS
In wildExploits75References7Affected Software2
CVE
CVE
added 2020/03/20 6:16 p.m.1706 views

CVE-2020-7961

The CVE-2020-7961 issue affects Liferay Portal’s JSONWS deserialization of untrusted data, enabling unauthenticated remote code execution. Vulnerable software is Liferay Portal prior to 7.2.1 CE GA2, where the root cause is unsafe deserialization in JSONWebServiceActionParameters processed via JS...

9.8CVSS9.7AI score0.99783EPSS
In wildExploits10References6Affected Software1
CVE
CVE
added 2019/09/30 7:5 p.m.1706 views

CVE-2019-17051

Evernote for macOS (prior to 7.13 GA) is affected by CVE-2019-17051. The root cause is the com.apple.quarantine attribute not being applied to downloaded attachments, enabling a one-click code execution scenario via a crafted Terminal file when a user drags and drops it into Evernote Open With Te...

7.8CVSS7.6AI score0.016EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/07/27 9:0 p.m.1706 views

CVE-2016-2161

CVE-2016-2161 affects Apache HTTP Server 2.4.0–2.4.23 in the mod_auth_digest pathway. Malicious input to mod_auth_digest could cause the server to crash, and subsequent valid requests could still trigger crashes. The connected advisory pages confirm Apache’s fix to 2.4.25 (and related advisories)...

7.5CVSS7.5AI score0.20952EPSS
Exploits0References27Affected Software1
CVE
CVE
added 2024/02/20 12:52 p.m.1704 views

CVE-2024-26581

CVE-2024-26581 affects the Linux kernel netfilter nft_set_rbtree end-interval GC logic, where rbtree lazy GC on insert could skip an end-interval element just added in the same transaction, potentially enabling privilege/escalation impact for local attackers. Affected: Linux kernel versions with ...

7.8CVSS7AI score0.02224EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2010/07/22 10:0 a.m.1695 views

CVE-2010-2568

CVE-2010-2568 affects the Windows shell icon display for shortcut files, enabling arbitrary code execution when a crafted .LNK or .PIF is processed by Windows Explorer. Affected systems include Windows XP SP3, Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7, with...

9.3CVSS7.7AI score0.91324EPSS
In wildExploits13References15Affected Software5
CVE
CVE
added 2022/06/08 10:0 a.m.1693 views

CVE-2022-28614

CVE-2022-28614 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability stems from ap_rwrite() potentially reading unintended memory when reflecting very large input via ap_rwrite() or ap_rputs(), notably with mod_luas r:puts(). Modules compiled against older headers that use ap_rputs may...

5.3CVSS7.5AI score0.04428EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2018/08/02 7:0 a.m.1691 views

CVE-2018-14847

CVE-2018-14847 is a WinBox directory-traversal vulnerability in MikroTik RouterOS that allowed unauthenticated remote file reads and, with authenticated access, file writes. Public PoCs/exploits (By the Way, WinboxExploit, MAC/RouterOS PoCs) demonstrate remote reading of the admin password and, i...

9.1CVSS8.9AI score0.96087EPSS
In wildExploits23References9Affected Software1
CVE
CVE
added 2023/06/23 12:0 a.m.1687 views

CVE-2023-32409

CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...

8.6CVSS7.7AI score0.1653EPSS
In wildExploits0References7Affected Software6
CVE
CVE
added 2008/09/29 5:0 p.m.1687 views

CVE-2008-4301

CVE-2008-4301 concerns a vulnerability in the ActiveX control in iisext.dll used by Microsoft Internet Information Services (IIS). The affected component is an ActiveX control; the reported issue allows remote attackers to set a password via a string argument to the SetPassword method. The core p...

10CVSS6.6AI score0.16924EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/05/12 1:5 p.m.1680 views

CVE-2022-30525

CVE-2022-30525 is an OS command injection in Zyxel firewall CGI (Zero Touch Provisioning) that allows remote, unauthenticated code execution via /ztp/cgi-bin/handler (nobody user). Affected: USG FLEX series (5.00–5.21 Patch 1), USG FLEX 50W/USG20(W)-VPN (5.10–5.21 Patch 1), ATP series (5.10–5.21 ...

10CVSS9AI score0.99938EPSS
In wildExploits27References6Affected Software1
CVE
CVE
added 2024/02/23 2:46 p.m.1678 views

CVE-2023-52456

CVE-2023-52456 affects the Linux kernel, specifically the imx serial driver used for RS-485 when the TX state machine can deadlock if the TTY is closed mid-transmission. In that scenario, imx_uart_shutdown disables the interface and the Transmission Complete interrupt, causing imx_uart_stop_tx to...

5.5CVSS6.3AI score0.00175EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2022/06/08 10:0 a.m.1676 views

CVE-2022-29404

CVE-2022-29404 affects Apache HTTP Server 2.4.53 and earlier. The vulnerability lies in the mod_lua code path: a malicious request to a Lua script calling r:parsebody(0) can cause a denial of service due to no default input size limit. Impact is DoS (availability) with network exposure; no data c...

7.5CVSS8.5AI score0.05678EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2020/10/02 2:14 p.m.1676 views

CVE-2020-7069

CVE-2020-7069 affects PHP AES-CCM encryption: when using openssl_encrypt() with a 12-byte IV, only the first 7 bytes are used in versions 7.2.x < 7.2.34, 7.3.x < 7.3.23, and 7.4.x

6.5CVSS6.2AI score0.02055EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2018/05/09 7:0 p.m.1674 views

CVE-2018-8120

CVE-2018-8120 is a Windows Win32k privilege-escalation vulnerability where the Win32k.sys component fails to properly handle objects in memory, enabling local kernel-mode code execution. Affected products include Windows 7, Windows Server 2008/2008 R2, and related Win32k components. The root caus...

7.2CVSS7.4AI score0.73721EPSS
In wildExploits18References5Affected Software2
CVE
CVE
added 2013/04/04 5:0 p.m.1668 views

CVE-2013-1903

CVE-2013-1903 affects PostgreSQL 8.3.x before 8.3.23, 8.4.x before 8.4.17, 9.0.x before 9.0.13, 9.1.x before 9.1.9, and 9.2.x before 9.2.4. Two issues are noted: (1) EnterpriseDB installers for Linux/Mac OS X create a /tmp directory and file with predictable names (CVE-2013-1902). (2) The Postgre...

10CVSS9.3AI score0.02206EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/02/24 4:42 p.m.1667 views

CVE-2021-21972

CVE-2021-21972 is an unauthenticated remote code execution in VMware vCenter Server via the vROPS vropsplugin UI, triggered by uploading a crafted archive to /ui/vropspluginui/rest/services/uploadova. Affected: vCenter Server 6.5/6.7/7.0 (including Cloud Foundation 4.x/3.x). Impact is arbitrary f...

10CVSS9.8AI score0.9957EPSS
In wildExploits47References5Affected Software2
CVE
CVE
added 2024/06/06 9:29 p.m.1665 views

CVE-2024-22525

CVE-2024-22525 concerns the dnspod-sr package at version 0dfbd37, which contains a SEGV (segmentation fault). The CVSS data indicates a LOCAL attack vector with LOW privileges required and NO user interaction, resulting in a HIGH availability impact. Multiple connected sources corroborate that th...

5.5CVSS7.2AI score0.00236EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/15 12:0 a.m.1665 views

CVE-2023-28450

CVE-2023-28450 affects dnsmasq prior to version 2.90. The issue is that the default EDNS.0 UDP packet size was set to 4096 instead of the recommended 1232 (DNS Flag Day 2020). Consequences and exact exploit details are not provided in the initial/connected documents beyond the EDNS size misconfig...

7.5CVSS7.4AI score0.01334EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/06/19 10:52 a.m.1660 views

CVE-2023-2359

CVE-2023-2359 affects the Slider Revolution WordPress plugin up to version 6.6.12. The vulnerability arises from not validating image files on import, enabling an arbitrary file upload that may lead to Remote Code Execution in certain server configurations. Affected component: Slider Revolution p...

8.8CVSS8.9AI score0.0254EPSS
In wildExploits2References2Affected Software1
CVE
CVE
added 2020/01/28 6:35 p.m.1659 views

CVE-2020-8315

CVE-2020-8315 is an insecure dependency load issue observed on CPython 3.6–3.8 when launched on Windows 7. An attacker could cause the interpreter to load and use the attacker’s copy of api-ms-win-core-path-l1-1-0.dll instead of the system’s copy, potentially enabling local impact. The vulnerabil...

5.5CVSS5.5AI score0.01345EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/28 12:0 a.m.1658 views

CVE-2022-2294

CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...

8.8CVSS8.3AI score0.70461EPSS
In wildExploits0References9Affected Software1
CVE
CVE
added 2022/06/15 6:1 p.m.1658 views

CVE-2022-32550

Technical details about CVE-2022-32550 (affected product, root cause, version, fixes) are not publicly available in the provided documents; monitor for updates.

5.8CVSS5AI score0.00495EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2020/05/11 1:51 p.m.1656 views

CVE-2020-12783

CVE-2020-12783 affects Exim (up to version 4.93) via an out-of-bounds read in the SPA authenticator, potentially bypassing SPA/NTLM authentication in auths/spa.c and auths/auth-spa.c. Connected advisories confirm vendor-specific fixes: Debian DSA 4687-1 and DLA-2213-1 upgrade exim4; Fedora update...

7.5CVSS7.5AI score0.04467EPSS
Exploits2References9Affected Software1
CVE
CVE
added 2019/12/06 3:54 p.m.1655 views

CVE-2019-5544

CVE-2019-5544 refers to a heap-based buffer overflow in OpenSLP used by VMware ESXi and Horizon DaaS, triggered by processing URLs in service requests to port 427. The root cause is improper bounds checking in the OpenSLP slpd service (ProcessSrvRqst), enabling remote code execution via a crafted...

9.8CVSS9.2AI score0.96823EPSS
In wildExploits1References9Affected Software2
CVE
CVE
added 2018/09/25 9:0 p.m.1654 views

CVE-2018-11763

CVE-2018-11763 affects Apache HTTP Server 2.4.17–2.4.34 and targets the HTTP/2 implementation. The issue arises when a client sends continuous, large SETTINGS frames, allowing a single connection to occupy a server thread and CPU time without triggering a connection timeout. Impact is limited to ...

5.9CVSS5.6AI score0.51002EPSS
Exploits0References26Affected Software1
CVE
CVE
added 2021/04/23 5:39 p.m.1652 views

CVE-2021-22205

CVE-2021-22205 affects GitLab CE/EE from version 11.9 onward. The root cause is improper validation of image files handed to a file parser, which can lead to remote code execution on the affected GitLab server. Public advisories summarize that exploitation delivers remote code execution through c...

10CVSS9.6AI score0.99731EPSS
In wildExploits30References6Affected Software1
CVE
CVE
added 2025/01/19 10:18 a.m.1649 views

CVE-2025-21645

CVE-2025-21645 affects the Linux kernel in platform/x86/amd/pmc where IRQ1 wakeup is disabled independent of whether i8042 enabled it. The underlying issue caused by dev_pm_ops mismatches between amd_pmc_suspend_handler() and i8042_pm_suspend() could lead to unbalanced IRQ wake disable and WARNs ...

5.5CVSS7AI score0.0024EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/06/26 2:54 p.m.1649 views

CVE-2020-15344

CVE-2020-15344 affects Zyxel CloudCNM SecuManager versions 3.1.0 and 3.1.1. The issue is an unauthenticated API endpoint, zy_get_user_id_and_key, which can be reached without authentication. Impact is defined in sources as a potential information exposure (user id and key). No exploit details are...

5.3CVSS5.4AI score0.00568EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/06/26 2:53 p.m.1648 views

CVE-2020-15345

CVE-2020-15345 affects Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1, due to an unauthenticated zy_get_instances_for_update API endpoint. The vulnerability arises from an exposed API that can be accessed without authentication, enabling potential unauthorized access, with CVSSv3.1 base score 5.3 (Ne...

5.3CVSS5.4AI score0.00568EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000