Lucene search
K
CveMost viewed

368534 matches found

CVE
CVE
added 2019/10/11 6:16 p.m.1426 views

CVE-2019-2215

CVE-2019-2215 is a use-after-free in the Android binder driver (binder.c) that enables local privilege escalation from an app to the Linux kernel. The issue is local, with no user interaction required, and exploitation may lead to memory corruption, denial of service, or escalation per the cited ...

7.8CVSS7.5AI score0.72105EPSS
In wildExploits27References12Affected Software1
CVE
CVE
added 2018/01/04 1:0 p.m.1423 views

CVE-2017-5715

CVE-2017-5715 (Spectre Variant 2) describes speculative-execution side-channel issues used to disclose memory. Connected docs show concrete mitigations and impact across vendors: AMD notes that LFENCE/JMP mitigation (V2-2) may be insufficient on some CPUs; AMD recommends standard mitigations (ret...

5.6CVSS6.2AI score0.74041EPSS
Exploits9References94Affected Software211
CVE
CVE
added 2020/12/11 1:11 a.m.1420 views

CVE-2020-17530

CVE-2020-17530 describes a vulnerability in Apache Struts 2 where forced OGNL evaluation on raw user input in tag attributes can cause remote code execution. Affected products range from Struts 2.0.0 up to 2.5.25. The description states that evaluating untrusted input via the %{...} syntax enable...

9.8CVSS9.6AI score0.95922EPSS
In wildExploits11References12Affected Software1
CVE
CVE
added 2017/07/20 12:0 a.m.1419 views

CVE-2017-9765

The affected software is Genivia gSOAP (2.7.x and 2.8.x) with versions before 2.8.48. The underlying issue is an integer overflow in the soap_get function, allowing remote attackers to execute arbitrary code or cause a denial of service via a large XML document (Devil’s Ivy). Public disclosures a...

8.1CVSS8.4AI score0.21894EPSS
Exploits2References7Affected Software1
CVE
CVE
added 2021/04/02 6:1 p.m.1416 views

CVE-2021-1789

The CVE-2021-1789 entry refers to a type-confusion vulnerability in WebKitGTK and WebKit prior to 2.30.6 that could allow remote attackers to execute arbitrary code by processing malicious web content. Connected advisories (Arch Linux ASA-202103-24/ASA-202103-25 and ALAS/ALPINE entries) confirm t...

8.8CVSS8.6AI score0.14542EPSS
In wildExploits0References9Affected Software6
CVE
CVE
added 2024/02/24 2:56 p.m.1415 views

CVE-2024-26601

CVE-2024-26601 : Technical details are not publicly available in the provided connected documents. Initial description contains basic context but no affected products/versions, root cause, impact, or fix specifics. Monitor for updates from official advisories.

5.5CVSS6.8AI score0.00278EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2014/07/20 10:0 a.m.1415 views

CVE-2014-0118

CVE-2014-0118 affects the Apache HTTP Server mod_deflate: the deflate_in_filter in mod_deflate.c allows remote denial-of-service when request body decompression is enabled, by processing crafted data that expands to a large size. Affected versions are Apache httpd prior to 2.4.10. Impact is resou...

4.3CVSS6.3AI score0.37156EPSS
Exploits0References43Affected Software1
CVE
CVE
added 2022/06/14 9:50 a.m.1413 views

CVE-2021-35079

CVE-2021-35079 describes improper validation of permissions for a third-party app attempting to access the Telephony service API, leading to information disclosure on Qualcomm/Snapdragon platforms (Compute, Connectivity, IoT variants). The underlying issue is privilege/permission validation for t...

6.2CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/25 12:10 p.m.1413 views

CVE-2022-1040

CVE-2022-1040 is a remote code execution via an authentication bypass in Sophos Firewall. The vulnerability affects the User Portal and Webadmin and is exploitable against v18.5 MR3 and earlier . Public details in connected sources describe an authentication bypass that allows an attacker to gain...

9.8CVSS9.7AI score0.99796EPSS
In wildExploits9References4Affected Software1
CVE
CVE
added 2024/02/22 12:0 a.m.1412 views

CVE-2024-26484

Kirby CMS 4.1.0 has a stored XSS in the Edit Content Layout module, exploitable via crafted payload in the Link field. Root cause: lack of proper filtering/escaping in the Link field. Impact described in sources as potentially arbitrary web script execution; however, vendor notes the issue did no...

6.1CVSS5.5AI score0.00429EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/23 2:46 p.m.1411 views

CVE-2024-26598

CVE-2024-26598 is a Linux kernel vulnerability affecting KVM on arm64 with vgic-its. The issue is a use-after-free risk in the LPI translation cache: vgic_its_check_cache() drops a lock that serializes refcount changes without first elevating the vgic_irq refcount. If a translation cache hit race...

7.8CVSS7.6AI score0.0024EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2014/05/14 10:0 a.m.1407 views

CVE-2014-1812

CVE-2014-1812 affects the Group Policy Preferences password handling in Windows (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012), where passwords distributed via SYSVOL could be decrypted by an authenticated remote attacker, enabling privilege escalation. The issue is caused by ...

9CVSS8.6AI score0.65117EPSS
In wildExploits3References3Affected Software6
CVE
CVE
added 2022/07/22 2:55 p.m.1406 views

CVE-2021-36200

CVE-2021-36200 affects Johnson Controls Metasys ADS/ADX/OAS with MUI, specifically versions 10 and 11. The vulnerability is missing authentication for a critical function, allowing an unauthenticated user to access the Metasys web API and enumerate users. CVSS v3 base score is 5.3 (AV:N/AC:L/PR:N...

5.3CVSS5.3AI score0.00582EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2024/02/20 12:0 a.m.1405 views

CVE-2024-22824

CVE-2024-22824 affects Timo v2.0.3. The issue enables remote code execution via the filetype restrictions in UploadController.java, with CVSS 3.1 base score 9.8 (CRITICAL, NETWORK, HIGH impact on confidentiality, integrity, and availability). Red Hat and PRION/NVD/CNNVD entries corroborate the co...

9.8CVSS7.8AI score0.01059EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/06/09 5:57 p.m.1404 views

CVE-2024-47081

CVE-2024-47081 affects the requests HTTP library (python-requests). Affected releases prior to 2.32.4 may leak .netrc credentials to third parties via maliciously crafted URLs due to a URL parsing issue. Remediation: upgrade to requests 2.32.4 or later. As a workaround for older versions, disable...

5.3CVSS6.9AI score0.00846EPSS
Exploits1References10
CVE
CVE
added 2021/05/04 1:46 p.m.1403 views

CVE-2020-27518

CVE-2020-27518 concerns Windscribe VPN for Mac and Windows, versions

7.8CVSS7.8AI score0.00458EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/01/19 10:18 a.m.1396 views

CVE-2025-21654

CVE-2025-21654 : Linux kernel overlayfs file handle encoding vulnerability. The issue arises when encoding a file handle for an overlayfs inode that has had its dentry aliases discarded (drop_caches); a WARN_ON() could be triggered in userspace via inotify_show_fdinfo(). The fix defers alias reso...

5.5CVSS6.6AI score0.00197EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/08/21 6:30 p.m.1393 views

CVE-2019-1948

Cisco Webex Meetings Mobile (iOS) is affected by CVE-2019-1948. The vulnerability stems from insufficient SSL certificate validation, allowing an unauthenticated, remote attacker to perform a man-in-the-middle attack and gain read access to sensitive data by presenting a crafted SSL certificate. ...

5.9CVSS5.5AI score0.0087EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/22 11:35 p.m.1389 views

CVE-2022-1096

CVE-2022-1096 — Chrome/Chromium-type confusion in V8 ; a type confusion in V8 prior to Chrome 99.0.4844.84 could allow a remote attacker to cause heap corruption on a crafted HTML page. Affected products are Chromium-based browsers (e.g., Google Chrome, Microsoft Edge). Root cause: type confusion...

8.8CVSS8.6AI score0.24237EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2021/02/03 8:35 p.m.1389 views

CVE-2021-20016

CVE-2021-20016 is a SQL Injection vulnerability in SonicWall SSLVPN SMA100 (build 10.x). The description confirms remote unauthenticated access to usernames/passwords and session data. Connected sources reiterate SonicWall SSLVPN/SMA100 and CVE mention but provide no additional technical specific...

9.8CVSS9.6AI score0.40038EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2025/04/06 8:2 p.m.1387 views

CVE-2025-31492

Summary (concrete): CVE-2025-31492 affects the mod_auth_openidc Apache module (OpenID Connect Relying Party). Before version 2.4.16.11, a bug allowed disclosure of protected content to unauthenticated users when OIDCProviderAuthRequestMethod is POST, a valid account exists, and there is no applic...

8.2CVSS6.7AI score0.00542EPSS
Exploits0References3
CVE
CVE
added 2025/01/11 12:25 p.m.1387 views

CVE-2024-53680

CVE-2024-53680: Linux kernel ipvs: fix for undefined behavior from an uninitialized on-stack 64-byte buffer in ip_vs_protocol_init() that stores protocol names and feeds it to strnlen() under Fortify, risking a boot-time panic or module load oops when ipvs is built-in. The issue stems from leavin...

5.5CVSS6.8AI score0.00224EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2023/06/13 4:24 p.m.1387 views

CVE-2023-28303

CVE-2023-28303 affects Windows Snipping Tool and Snip & Sketch (Windows 10/11). The issue is an information-disclosure vulnerability where parts of a cropped image that were intended to be removed are not fully deleted and can be restored when saved. Root cause: incomplete removal of cropped imag...

3.3CVSS3.6AI score0.0202EPSS
Exploits2References1Affected Software2
CVE
CVE
added 2020/07/14 10:54 p.m.1387 views

CVE-2020-1147

CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...

7.8CVSS8.1AI score0.94243EPSS
In wildExploits10References6Affected Software1
CVE
CVE
added 2017/09/13 1:0 a.m.1386 views

CVE-2017-8759

CVE-2017-8759 affects Microsoft .NET Framework versions 2.0, 3.5/3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7. The root cause is a flaw in parsing WSDL/Soap Moniker content in the .NET Framework, which can be triggered by processing untrusted input (e.g., specially crafted Office/RTF documents). Succe...

9.3CVSS7.5AI score0.88698EPSS
In wildExploits14References8Affected Software1
CVE
CVE
added 2024/06/06 8:45 p.m.1383 views

CVE-2024-22074

CVE-2024-22074 affects Dynamsoft Service versions ranging from 1.0.516–1.3.0115 up through 1.8.2013, and 1.4.0618–1.4.1230, 1.5.0625–1.5.3116, 1.6.0428–1.6.1112, 1.7.0330–1.7.2531, and 1.8.1025–1.8.2013, with an underlying Incorrect Access Control vulnerability. The impact is rated CRITICAL (CVSS...

9.8CVSS7.1AI score0.00447EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/25 12:3 p.m.1383 views

CVE-2021-36460

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the user’s password locally on the device and uses that hash to authenticate in all backend API communications (login, registration, password changes). An attacker who obtains the hash can take over the user’s account, nullifying the benefit of pass...

7.8CVSS7.5AI score0.00388EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2019/11/26 3:33 a.m.1383 views

CVE-2019-19272

CVE-2019-19272 affects ProFTPD before 1.3.6. The issue is a NULL pointer dereference in tls_verify_crl during TLS mutual-auth validation, causing a crash (availability impact). The root cause is direct dereference of a NULL pointer in certificate validation. Affected versions are ProFTPD prior to...

7.5CVSS7.5AI score0.00947EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/23 2:46 p.m.1381 views

CVE-2023-52460

The CVE affects the Linux kernel’s DRM/AMD display path. The issue is a NULL pointer dereference in the AMD display driver during hibernate when the source context might not have a clk_mgr, leading to incorrect use of clk_mgr to query DML2 support. The vulnerability has been resolved by the patch...

5.5CVSS5.3AI score0.00191EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/12/23 12:0 a.m.1378 views

CVE-2024-40896

CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...

9.1CVSS6.5AI score0.01192EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2020/11/03 2:21 a.m.1377 views

CVE-2020-16009

CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...

8.8CVSS8.6AI score0.48574EPSS
In wildExploits3References10Affected Software4
CVE
CVE
added 2023/07/11 6:14 p.m.1375 views

CVE-2023-36884

CVE-2023-36884 is a Windows/Office RCE via Windows Search (.search-ms) triggered by specially crafted OOXML documents; active exploitation was noted (Storm-0978 campaign) and Microsoft released a patch/Defense in Depth mitigations in August 2023 to break the exploitation chain. Public PoCs/exploi...

7.5CVSS9.1AI score0.99083EPSS
In wildExploits3References3Affected Software12
CVE
CVE
added 2024/02/24 2:56 p.m.1374 views

CVE-2024-26603

CVE-2024-26603 – Linux kernel vulnerability in x86/fpu handling: prior to the fix, faulting XRSTOR could loop if fx_sw->xstate_size (user-controlled) was smaller than required by fx_sw->xfeatures and parts of the sigrame were unmapped. The patch stops relying on userspace for the initial xs...

5.5CVSS7.1AI score0.00278EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2021/07/09 12:0 a.m.1374 views

CVE-2021-30116

Kaseya VSA on-premises prior to 9.5.7 is affected by CVE-2021-30116. An unauthenticated download page (dl.asp) exposes KaseyaD.ini, which contains Agent_Guid and AgentPassword. An attacker can use these credentials to log in to the download page and obtain a sessionId cookie, bypassing authentica...

10CVSS9.2AI score0.85619EPSS
In wildExploits1References5Affected Software2
CVE
CVE
added 2017/01/05 12:0 a.m.1374 views

CVE-2016-10010

CVE-2016-10010 : When OpenSSH sshd runs with privilege separation disabled, forwarded Unix-domain sockets are created by root instead of the authenticated user, potentially allowing a local attacker to gain root privileges. This is a local-privilege-escalation issue tied to the serverloop/privsep...

7CVSS6.1AI score0.0424EPSS
Exploits2References13Affected Software1
CVE
CVE
added 2017/06/15 1:0 a.m.1372 views

CVE-2017-8464

CVE-2017-8464 affects Windows shells that render .lnk icons. A crafted LNK file can trigger arbitrary code execution due to improper icon handling in Windows Explorer and related parsers. Affected products include Windows client and server releases spanning Windows 7 through Windows 10 and Window...

9.3CVSS7.2AI score0.90026EPSS
In wildExploits20References6Affected Software9
CVE
CVE
added 2025/03/04 3:41 p.m.1371 views

CVE-2024-11957

Kingsoft WPS Office on Windows is affected by CVE-2024-11957 due to improper verification of the digital signature in ksojscore.dll, with affected versions 12.1.0.18276 and earlier. This allows loading of arbitrary Windows libraries. The patch released in 12.2.0.16909 to address CVE-2024-7262 was...

9.3CVSS7.7AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2022/03/06 6:23 a.m.1371 views

CVE-2021-46704

CVE-2021-46704 – GenieACS : In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument in lib/ui/api.ts and lib/ping.ts. The root cause is insufficient input validation combined with a missing authorization check. This can...

9.8CVSS9.6AI score0.21901EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2022/02/16 4:38 p.m.1371 views

CVE-2022-24086

CVE-2022-24086 affects Adobe Commerce and Magento Open Source via an improper input validation vulnerability during checkout, allowing arbitrary code execution without user interaction. Affected: Adobe Commerce 2.4.3-p1 and earlier, 2.3.7-p2 and earlier. Evidence from multiple advisories confirms...

10CVSS9.7AI score0.99199EPSS
In wildExploits5References2Affected Software2
CVE
CVE
added 2017/02/09 5:0 p.m.1371 views

CVE-2017-3813

CVE-2017-3813 | Cisco AnyConnect Secure Mobility Client for Windows contains a Start Before Logon (SBL) privilege-escalation vulnerability. The issue arises from insufficient access controls in the SBL module, allowing an unauthenticated, local attacker to start Internet Explorer with SYSTEM priv...

7.8CVSS7.5AI score0.01711EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2017/07/11 9:0 p.m.1368 views

CVE-2017-8570

CVE-2017-8570 concerns Microsoft Office and is described as a remote code execution vulnerability caused by how Office handles objects in memory (notably monikers/embedded objects in documents). Multiple connected sources corroborate the vulnerability class as an Office memory object handling iss...

9.3CVSS8AI score0.89889EPSS
In wildExploits14References6Affected Software1
CVE
CVE
added 2025/03/20 10:9 a.m.1367 views

CVE-2024-9052

Summary: CVE-2024-9052 relates to a deserialization flaw in the vLLM project’s distributed training API. The issue enables remote code execution via unsafe deserialization of object bytes using pickle.loads() without sanitization, specifically within the vllm.distributed.GroupCoordinator.recv_obj...

9.7AI score
Exploits0
CVE
CVE
added 2022/07/26 9:30 p.m.1367 views

CVE-2022-1364

CVE-2022-1364 is a type confusion in Google Chrome's V8 Turbofan engine, affecting Chrome/Chromium prior to version 100.0.4896.127. The root cause is a V8 Turbofan type confusion that could allow a remote attacker to trigger heap corruption via a crafted HTML page, leading to potential high-sever...

8.8CVSS8.6AI score0.1372EPSS
In wildExploits2References4Affected Software1
CVE
CVE
added 2019/10/11 7:28 p.m.1365 views

CVE-2018-21027

CVE-2018-21027 affects Boa up to version 0.94.14rc21. The issue is an out-of-memory (OOM) condition triggered by mishandled malloc, allowing remote attackers to exhaust memory. The connected documents confirm the affected software and root cause but do not provide exploit specifics, affected plat...

9.8CVSS9.3AI score0.0235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/19 12:0 a.m.1362 views

CVE-2022-21540

CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...

5.3CVSS5AI score0.0296EPSS
Exploits0References11Affected Software3
CVE
CVE
added 2022/01/06 5:55 a.m.1362 views

CVE-2022-22707

CVE-2022-22707 affects lighttpd 1.4.46–1.4.63 via the mod_extforward_Forwarded function, causing a stack-based buffer overflow (4-byte boundary) that can lead to remote denial of service. The issue is more likely on 32-bit systems and occurs in non-default Forwarded header handling. Connected adv...

5.9CVSS5.7AI score0.08969EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/11/11 6:48 a.m.1362 views

CVE-2020-17087

CVE-2020-17087 is a Windows Kernel Local Privilege Escalation vulnerability tied to a heap-based overflow in cng.sys. Connected exploit sources describe a local-vector attack requiring initial code execution, then abusing an IOCTL to .\\.GLOBALROOT\Device\Cng with a crafted size parameter that ca...

7.8CVSS8.3AI score0.05387EPSS
In wildExploits1References2Affected Software15
CVE
CVE
added 2020/01/14 11:11 p.m.1362 views

CVE-2020-0601

The CVE-2020-0601 issue affects Windows CryptoAPI (Crypt32.dll) and its ECC certificate validation, enabling a spoofing attack where a forged code-signing certificate could make malware appear trusted. Affected platforms include Windows 10 and Windows Server 2016/2019, with the vulnerability tied...

8.1CVSS7.6AI score0.89436EPSS
In wildExploits14References4Affected Software12
CVE
CVE
added 2017/03/17 12:0 a.m.1362 views

CVE-2017-0145

CVE-2017-0145 : The SMBv1 server in Windows (various editions listed in the initial document) is vulnerable to remote code execution via crafted SMB packets. The connected documents reiterate that this is a Windows SMB RCE issue affecting SMBv1, with exploit activity historically linked to Eterna...

9.3CVSS7.8AI score0.8985EPSS
In wildExploits18References11Affected Software1
CVE
CVE
added 2019/04/08 7:25 p.m.1361 views

CVE-2019-0215

CVE-2019-0215 affects Apache HTTP Server 2.4.37–2.4.38. A bug in mod_ssl for per-location client certificate verification with TLSv1.3 allowed bypass of configured access controls. Impact is access restriction bypass; no explicit exploitation details provided here. Remediation: upgrade to 2.4.39 ...

7.5CVSS6AI score0.10508EPSS
Exploits0References29Affected Software1
Total number of security vulnerabilities5000