Lucene search
K
CveMost viewed

368276 matches found

CVE
CVE
added 2022/01/06 5:55 a.m.1360 views

CVE-2022-22707

CVE-2022-22707 affects lighttpd 1.4.46–1.4.63 via the mod_extforward_Forwarded function, causing a stack-based buffer overflow (4-byte boundary) that can lead to remote denial of service. The issue is more likely on 32-bit systems and occurs in non-default Forwarded header handling. Connected adv...

5.9CVSS5.7AI score0.08969EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/03/17 12:0 a.m.1360 views

CVE-2017-0145

CVE-2017-0145 : The SMBv1 server in Windows (various editions listed in the initial document) is vulnerable to remote code execution via crafted SMB packets. The connected documents reiterate that this is a Windows SMB RCE issue affecting SMBv1, with exploit activity historically linked to Eterna...

9.3CVSS7.8AI score0.8985EPSS
In wildExploits18References11Affected Software1
CVE
CVE
added 2021/11/08 1:35 p.m.1359 views

CVE-2021-37850

CVE-2021-37850 affects ESET consumer and business products for macOS. A local user can stop the ESET daemon, disabling protection until a reboot. Documented impact is a DoS-like loss of protection rather than remote code execution. Affected components are the ESET macOS services/daemons, with roo...

5.5CVSS5.4AI score0.00219EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2021/06/15 9:40 p.m.1359 views

CVE-2021-30551

CVE-2021-30551 is a type confusion vulnerability in the V8 engine of Chromium-based browsers (e.g., Google Chrome/Chromium) prior to 91.0.4472.101. A remote attacker could potentially trigger heap corruption via a crafted HTML page. Multiple connected advisories confirm the issue and indicate aff...

8.8CVSS8.7AI score0.64701EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2017/10/04 8:0 p.m.1359 views

CVE-2017-12149

CVE-2017-12149 affects Red Hat/JBoss Application Server shipped with Red Hat Enterprise Application Platform 5.2. The vulnerability arises in the HTTP Invoker ReadOnlyAccessFilter during deserialization, which does not restrict the classes it deserializes, enabling an attacker to achieve remote c...

9.8CVSS9.7AI score0.90713EPSS
In wildExploits14References6Affected Software1
CVE
CVE
added 2017/02/13 12:0 a.m.1359 views

CVE-2016-6210

CVE-2016-6210 affects OpenSSH sshd prior to 7.3. When SHA-256/512 is used for user password hashing, sshd can reveal valid usernames by measuring timing differences during authentication for non-existent users, enabling remote, unauthenticated user enumeration. Impact is information disclosure; e...

5.9CVSS6.7AI score0.88944EPSS
Exploits12References12Affected Software1
CVE
CVE
added 2025/04/02 6:12 a.m.1358 views

CVE-2024-45699

CVE-2024-45699 affects Zabbix frontend: /zabbix.php?action=export.valuemaps is vulnerable to XSS via the backurl parameter due to reflecting user input without HTML escaping. Impact described as JavaScript execution in victim browser. Remediation is version-specific updates across distributions (...

7.5CVSS6.3AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/22 4:16 p.m.1358 views

CVE-2020-6514

CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...

6.5CVSS7.3AI score0.0779EPSS
Exploits6References27Affected Software1
CVE
CVE
added 2024/05/09 12:0 a.m.1357 views

CVE-2024-30171

CVE-2024-30171 : Affects the Bouncy Castle Java TLS API and JSSE Provider before 1.78. The issue is a timing-based leakage in RSA-based handshakes caused by exception processing. There is no exploit detail provided in the documents. Remediation: upgrade to a version containing the fix (BC 1.78 or...

5.9CVSS6.4AI score0.00901EPSS
Exploits0References4
CVE
CVE
added 2025/02/20 11:26 a.m.1355 views

CVE-2025-0868

DocsGPT (versions 0.8.1–0.12.0) contains a Remote Code Execution vulnerability caused by unsafe JSON parsing with eval() in the /api/remote endpoint. Unauthenticated, network-accessible attackers can inject arbitrary Python code, enabling full server compromise with high impact on confidentiality...

9.3CVSS8.5AI score0.15099EPSS
In wildExploits3References3
CVE
CVE
added 2023/10/03 5:25 p.m.1355 views

CVE-2023-4911

CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...

7.8CVSS8.2AI score0.81422EPSS
In wildExploits26References30Affected Software1
CVE
CVE
added 2019/11/25 2:22 p.m.1355 views

CVE-2019-13720

CVE-2019-13720 is a use-after-free in Chrome’s WebAudio (Chromium) prior to 78.0.3904.87 that could allow remote code execution via a crafted HTML page, with heap corruption as the underlying risk. Public documents identify the affected component as the WebAudio functionality in Chrome/Chromium a...

8.8CVSS8.1AI score0.72977EPSS
In wildExploits4References6Affected Software1
CVE
CVE
added 2019/12/18 9:31 p.m.1353 views

CVE-2019-19788

Opera for Android up to version 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass. The issue arises when a service running inside a sandboxed iframe bypasses the browser’s sandbox attributes, enabling forced redirections from a third‑party context without user interaction. A...

5.5CVSS5.3AI score0.0029EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/15 5:5 p.m.1352 views

CVE-2022-0778

CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....

7.5CVSS7.8AI score0.70561EPSS
In wildExploits2References34Affected Software1
CVE
CVE
added 2017/05/12 2:0 p.m.1352 views

CVE-2017-0213

CVE-2017-0213 is a Windows privilege-escalation flaw in the COM Aggregate Marshaler that can be triggered by a specially crafted application to gain elevated privileges locally. Public documentation confirms affected OS ranges including Windows 7 SP1, Windows Server 2008 SP2/R2 SP1, Windows 8.1, ...

7.3CVSS5.9AI score0.84138EPSS
In wildExploits13References5Affected Software10
CVE
CVE
added 2022/06/15 9:51 p.m.1351 views

CVE-2022-29143

CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...

7.5CVSS7.9AI score0.01974EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/23 1:20 p.m.1351 views

CVE-2019-11708

CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...

10CVSS9.2AI score0.55874EPSS
In wildExploits10References6Affected Software2
CVE
CVE
added 2019/06/27 4:13 p.m.1351 views

CVE-2019-5786

CVE-2019-5786 corresponds to a heap use-after-free in Google Chrome’s Blink layer affecting the FileReader API, enabling a remote attacker to potentially cause out-of-bounds memory access via a crafted HTML page. The CVE is documented as a vulnerability in Blink prior to 72.0.3626.121, with the v...

6.5CVSS6.2AI score0.61537EPSS
In wildExploits10References3Affected Software1
CVE
CVE
added 2018/02/08 11:0 p.m.1351 views

CVE-2018-6789

CVE-2018-6789 is an Exim SMTP base64d buffer overflow vulnerability. The issue resides in the base64d function of Exim’s SMTP listener prior to version 4.90.1, where a handcrafted EHLO/message can cause a heap/buffer overflow and enable remote code execution. Multiple sources confirm the vulnerab...

9.8CVSS9.6AI score0.82238EPSS
In wildExploits19References14Affected Software1
CVE
CVE
added 2016/02/15 7:0 p.m.1351 views

CVE-2016-0746

CVE-2016-0746 is a use-after-free in nginx’s resolver when processing DNS CNAME responses. The issue affects nginx versions before 1.8.1 and 1.9.x before 1.9.10; exploitation could crash worker processes or yield other unspecified impacts. Remediation per connected docs: upgrade to non‑vulnerable...

9.8CVSS9.5AI score0.08625EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2022/05/03 5:3 p.m.1350 views

CVE-2021-46440

The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...

7.5CVSS7.3AI score0.02786EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2020/02/11 9:22 p.m.1350 views

CVE-2020-0674

Technical details for CVE-2020-0674 are not publicly provided in the supplied documents; no specific affected products/versions or remediation details are present. Monitor for updates from authoritative sources.

7.6CVSS7.9AI score0.86863EPSS
In wildExploits17References6Affected Software1
CVE
CVE
added 2017/05/11 1:0 a.m.1350 views

CVE-2017-8798

CVE-2017-8798 concerns an integer signedness error in the MiniUPnP library (MiniUPnPc) used by miniupnpc. AffectedVersions: v1.4.20101221 through v2.0. Root cause: a signedness/bounds issue in the getHTTPResponse/miniwget path that parses chunked-encoded HTTP responses. Impact: remote attacker co...

9.8CVSS9.5AI score0.24027EPSS
Exploits6References3Affected Software1
CVE
CVE
added 2021/11/10 12:47 a.m.1347 views

CVE-2021-42287

CVE-2021-42287 is an Active Directory Domain Services privilege-escalation vulnerability. Connected documents corroborate it as part of a vulnerability family targeting domain controllers (CVE-2021-42278/42287) and describe exploitation via impersonation from a standard domain user to a DA, inclu...

8.8CVSS8.2AI score0.74265EPSS
In wildExploits10References2Affected Software5
CVE
CVE
added 2017/07/03 7:0 p.m.1347 views

CVE-2017-9248

CVE-2017-9248 affects Progress Telerik UI for ASP.NET AJAX (and Sitefinity) prior to R2 2017 SP1 / 10.0.6412.0. The vulnerability lies in Telerik.Web.UI.dll handling of the Telerik.Web.UI.DialogParametersEncryptionKey and the MachineKey, enabling an attacker to defeat cryptographic protection and...

9.8CVSS9.2AI score0.75098EPSS
In wildExploits5References5Affected Software2
CVE
CVE
added 2013/02/26 4:0 p.m.1345 views

CVE-2012-3499

CVE-2012-3499 affects Apache HTTP Server 2.2.x (pre-2.2.24-dev) and 2.4.x (pre-2.4.4). The issue comprises multiple XSS flaws in modules including mod_imagemap, mod_info, mod_ldap, mod_proxy_ftp, and mod_status. An attacker can inject arbitrary web script/HTML via crafted Host header or URI-relat...

4.3CVSS6AI score0.22913EPSS
Exploits2References39Affected Software1
CVE
CVE
added 2022/04/11 7:37 p.m.1344 views

CVE-2022-22954

CVE-2022-22954 is a server-side template injection (SSTI) leading to remote code execution in VMware Workspace ONE Access and VMware Identity Manager. The vulnerability allows an attacker with network access to trigger SSTI in Freemarker templates, potentially compromising the underlying system. ...

10CVSS9.8AI score0.99997EPSS
In wildExploits24References3Affected Software3
CVE
CVE
added 2024/05/27 8:4 p.m.1343 views

CVE-2024-29415

CVE-2024-29415 affects the npm package ip (Node.js) up to version 2.0.1, enabling SSRF due to an incomplete fix of CVE-2023-42282. The root cause is the incorrect categorization of certain IPs as globally routable by isPublic. Exploitation details and affected versions beyond 2.0.1 are not provid...

8.1CVSS6.6AI score0.08279EPSS
Exploits0References4
CVE
CVE
added 2022/09/08 12:30 p.m.1343 views

CVE-2022-20863

Cisco Webex App (formerly Webex Teams) contains a vulnerability in its messaging interface that could allow an unauthenticated, remote attacker to manipulate displayed links or content by exploiting improper handling of character rendering. The issue arises when messages are processed in the inte...

5.3CVSS5AI score0.00767EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/01/08 5:48 p.m.1343 views

CVE-2020-16012

CVE-2020-16012 is a timing side-channel vulnerability involving cross-origin data leakage via drawImage in graphics code. Connected advisories confirm multiple Mozilla products are affected (notably Firefox/Thunderbird) and that the issue arises from variable-time processing of cross-origin image...

4.3CVSS5.5AI score0.0247EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2020/04/30 5:0 p.m.1343 views

CVE-2020-11652

CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...

6.5CVSS7.8AI score0.86063EPSS
In wildExploits17References13Affected Software1
CVE
CVE
added 2022/05/26 5:44 p.m.1342 views

CVE-2022-22675

CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....

9.3CVSS8.2AI score0.12642EPSS
In wildExploits0References6Affected Software5
CVE
CVE
added 2021/08/03 6:25 p.m.1342 views

CVE-2021-30563

CVE-2021-30563 is a Type Confusion in the V8 engine used by Google Chrome (and Chromium-based browsers) prior to version 91.0.4472.164. The vulnerability arises from V8 type confusion which could allow a remote attacker to trigger heap corruption via a crafted HTML page. Public disclosures indica...

8.8CVSS8.6AI score0.08928EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2021/03/26 8:48 p.m.1340 views

CVE-2020-7463

CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...

5.5CVSS5.8AI score0.00399EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2020/04/01 6:27 p.m.1339 views

CVE-2020-10199

CVE-2020-10199 is a remote code execution vulnerability in Sonatype Nexus Repository Manager (NXRM) caused by a Java EL injection vulnerability. Affected versions are NXRM prior to 3.21.2 (with references noting exploitable in 3.21.1 and earlier). The underlying issue is a Java EL injection in Ne...

9CVSS8.6AI score0.99064EPSS
In wildExploits10References5Affected Software1
CVE
CVE
added 2008/03/10 11:0 p.m.1339 views

CVE-2008-1279

Summary: CVE-2008-1279 affects Acronis True Image Group Server 1.5.19.191 and earlier (included in Acronis True Image Enterprise Server 9.5.0.8072 and other True Image packages). The issue is an out-of-bounds read triggered by a packet with an invalid length field, leading to remote denial of ser...

5CVSS6.6AI score0.01653EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/05/06 12:50 a.m.1337 views

CVE-2021-25746

CVE-2021-25746 affects the ingress-nginx controller. A user who can create or update Ingress objects can read the controller’s credentials by manipulating .metadata.annotations in an Ingress (networking.k8s.io or extensions API group). In the default configuration, those credentials grant access ...

7.6CVSS7AI score0.01373EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/03/17 8:28 p.m.1336 views

CVE-2022-26501

CVE-2022-26501 affects Veeam Backup & Replication 10.x and 11.x, where the Veeam Distribution Service exposes an Incorrect Access Control flaw that allows unauthenticated access to internal API functions (potential remote code execution). Mitigations documented: update to 10.0.1.4854 (10a) and 11...

10CVSS9.4AI score0.04279EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2019/02/22 11:0 p.m.1336 views

CVE-2019-9021

CVE-2019-9021 affects PHP releases prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. It describes a heap-based buffer over-read in PHAR reading functions of the PHAR extension (phar_detect_phar_fname_ext in ext/phar/phar.c) that can cause reading memory past t...

9.8CVSS8.5AI score0.10059EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2025/01/15 1:5 p.m.1333 views

CVE-2024-57884

Technical details about CVE-2024-57884 are not publicly provided in the supplied documents. Monitor for updates.

5.5CVSS6.3AI score0.00207EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2023/02/08 7:1 p.m.1333 views

CVE-2023-0286

CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...

7.4CVSS7.7AI score0.59501EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2020/01/15 4:34 p.m.1333 views

CVE-2020-2555

CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...

9.8CVSS9.1AI score0.97116EPSS
In wildExploits26References9Affected Software9
CVE
CVE
added 2021/05/03 11:10 a.m.1331 views

CVE-2021-25631

CVE-2021-25631 affects LibreOffice 7-1 (before 7.1.2) and 7-0 (before 7.0.5). The issue allows bypassing the denylist by manipulating a link so it no longer matches the denylist but triggers ShellExecute to launch an executable type, enabling arbitrary code execution under Windows. Affected produ...

9.3CVSS8.6AI score0.0417EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/04/26 4:56 p.m.1331 views

CVE-2021-21224

CVE-2021-21224 is a type confusion in Google Chrome’s V8 engine (pre-90.0.4430.85) that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Multiple connected advisories confirm the same issue and note exploitation in the wild; remediation per Arch Linux...

8.8CVSS8.9AI score0.57736EPSS
In wildExploits1References8Affected Software1
CVE
CVE
added 2022/05/04 12:8 a.m.1330 views

CVE-2021-43159

CVE-2021-43159 affects Ruijie Networks RG-EW Series Routers (up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55). The vulnerability arises via the setSessionTime function in /cgi-bin/luci/api/common, enabling Remote Code Execution (RCE). CVSS metrics show a high-severity issue (CVSS v3.1 base score 8.8; n...

8.8CVSS8.8AI score0.01947EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/06/04 8:33 p.m.1330 views

CVE-2018-13382

CVE-2018-13382 is an Improper Authorization vulnerability in Fortinet FortiOS (versions 6.0.0–6.0.4, 5.6.0–5.6.8, 5.4.1–5.4.10) and FortiProxy (2.0.0; 1.2.0–1.2.8; 1.1.0–1.1.6; 1.0.0–1.0.7) exposed via the SSL VPN web portal. An unauthenticated attacker can modify the password of an SSL VPN porta...

9.1CVSS7.6AI score0.81691EPSS
In wildExploits2References3Affected Software2
CVE
CVE
added 2014/09/25 1:0 a.m.1330 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wildExploits17References161Affected Software1
CVE
CVE
added 2020/03/04 6:35 p.m.1329 views

CVE-2020-3182

Cisco Webex Meetings Client for MacOS is affected by an information-disclosure vulnerability in the mDNS configuration. An unauthenticated adjacent attacker can exploit this by issuing an mDNS query for a specific service to obtain device information from affected Webex clients. The issue is docu...

4.3CVSS4.6AI score0.00508EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/04/09 8:18 p.m.1328 views

CVE-2019-0841

CVE-2019-0841 is a Windows privilege-escalation vulnerability in the AppXSVC service caused by improper handling of hard links. The issue enables local elevation of privilege (from a low-privilege context to SYSTEM) and has public exploitation references (Exploits listed on Exploit-DB; CIRCL sigh...

7.8CVSS6.8AI score0.414EPSS
In wildExploits19References9Affected Software6
CVE
CVE
added 2021/07/22 7:5 a.m.1327 views

CVE-2021-36934

CVE-2021-36934 (Windows SAM Local Privilege Escalation, alias HiveNightmare/SeriousSAM) is a local-privilege-escalation flaw caused by overly permissive ACLs on system files in %windir%\system32\config (notably SAM and SYSTEM). If a Volume Shadow Copy exists, a non-privileged user can read these ...

7.8CVSS9.1AI score0.67252EPSS
In wildExploits11References4Affected Software5
Total number of security vulnerabilities5000