Lucene search
K
CveMost viewed

367637 matches found

CVE
CVE
added 2017/05/02 2:0 p.m.1228 views

CVE-2017-5689

CVE-2017-5689 describes a privilege-escalation vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). An unprivileged network or local attacker could gain administrative or higher privileges to provision manageabil...

10CVSS6.8AI score0.92189EPSS
In wildExploits7References12Affected Software1
CVE
CVE
added 2019/07/23 1:20 p.m.1226 views

CVE-2019-11707

CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox/Thunderbird caused by issues in Array.pop when manipulating JavaScript objects, leading to an exploitable crash. It affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird

8.8CVSS8.6AI score0.37951EPSS
In wildExploits7References5Affected Software2
CVE
CVE
added 2025/03/10 4:44 p.m.1225 views

CVE-2025-24813

Summary of CVE-2025-24813 : A path equivalence issue in Apache Tomcat’s Default Servlet can allow remote code execution and/or information disclosure via uploaded files when writes are enabled and PUT support is misused. Affected are Tomcat 11.0.0-M1–11.0.2, 10.1.0-M1–10.1.34, and 9.0.0.M1–9.0.98...

10CVSS9.3AI score0.99945EPSS
In wildExploits46References10Affected Software1
CVE
CVE
added 2023/06/14 12:0 a.m.1225 views

CVE-2023-35116

CVE-2023-35116 : IBM/IBM X-Force bulletin confirms a vulnerability in FasterXML jackson-databind (affected up to 2.15.2) where a crafted object with cyclic dependencies could cause denial of service or other unspecified impact during serialization. The vendor notes this report as not a valid vuln...

4.7CVSS5.5AI score0.00352EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/02/11 9:22 p.m.1224 views

CVE-2020-0683

CVE-2020-0683 is a Windows Installer Elevation of Privilege vulnerability. The issue occurs when MSI packages process symbolic links, allowing a local attacker to bypass access restrictions and add or remove files. Technical details across connected sources confirm the affected component (Windows...

7.8CVSS8AI score0.07667EPSS
In wildExploits5References2Affected Software17
CVE
CVE
added 2022/02/27 8:0 a.m.1222 views

CVE-2021-21708

CVE-2021-21708 describes a use-after-free in PHP related to php_filter_float() failing for ints when using FILTER_VALIDATE_FLOAT with min/max limits, potentially causing crashes and memory corruption that could lead to RCE. Affected PHP versions include 7.4.x < 7.4.28, 8.0.x < 8.0.16, and 8...

9.8CVSS9AI score0.03002EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/03/16 2:10 p.m.1222 views

CVE-2021-21193

CVE-2021-21193 is a use-after-free in Blink of Chromium-based browsers (Chrome) prior to 89.0.4389.90 that can allow remote code execution via a crafted HTML page, with evidence of an exploit in the wild per Arch/Chromium advisories. Affected products include Google Chrome/Chromium (Blink/WebKit ...

8.8CVSS9AI score0.0987EPSS
In wildExploits1References6Affected Software1
CVE
CVE
added 2021/07/22 5:10 p.m.1221 views

CVE-2021-35464

CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...

10CVSS9.7AI score0.99999EPSS
In wildExploits8References5Affected Software2
CVE
CVE
added 2018/07/19 5:0 p.m.1221 views

CVE-2018-7602

Drupal core remote code execution vulnerability CVE-2018-7602 affects Drupal 7.x and 8.x subsystems. Root cause involves multi-subsystem exposure allowing arbitrary code execution via crafted requests; multiple advisories note high/critical risk and in-the-wild exploitation (SA-CORE-2018-002). re...

9.8CVSS9.8AI score0.99236EPSS
In wildExploits14References8Affected Software1
CVE
CVE
added 2024/02/23 2:46 p.m.1220 views

CVE-2024-26595

The CVE 2024-26595 affects the Linux kernel mlxsw spectrum ACL TCAM handling. Root cause: NULL pointer dereference in mlxsw_sp_acl_tcam_region_destroy() when region->group->tcam is accessed from an error path after a failed region attachment. Fix implemented: obtain the tcam pointer via mlx...

5.5CVSS6AI score0.0023EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/08/05 12:0 a.m.1220 views

CVE-2022-37434

CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...

9.8CVSS9.9AI score0.1593EPSS
Exploits1References27Affected Software1
CVE
CVE
added 2021/09/14 12:0 a.m.1220 views

CVE-2021-41072

CVE-2021-41072 affects squashfs-tools (unsquash-2.c and related code paths). A crafted Squashfs filesystem containing a symbolic link and subsequent content can cause unsquashfs to create/write through the link outside the destination directory, i.e., Directory Traversal. Impact is potential writ...

8.1CVSS7.9AI score0.02136EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2021/11/10 12:46 a.m.1219 views

CVE-2021-41379

CVE-2021-41379 is a Windows Installer Elevation of Privilege vulnerability affecting Windows Installer across Windows 10/11 and Windows Server. Public details in connected sources describe the issue as a Windows Installer privilege-escalation flaw, with references to InstallerFileTakeOver as the ...

7.8CVSS7AI score0.20255EPSS
In wildExploits0References3Affected Software18
CVE
CVE
added 2020/06/17 10:27 a.m.1219 views

CVE-2020-11899

CVE-2020-11899 refers to the Treck TCP/IP stack before 6.0.1.66, which contains an IPv6 out-of-bounds read vulnerability in its IPv6 handling. Related connected sources confirm the affected component is the Treck IP Stack used in embedded systems; the CVE describes an IPv6 OOB read with low to mo...

5.4CVSS7.2AI score0.1842EPSS
In wildExploits1References12Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1219 views

CVE-2018-0171

CVE-2018-0171 is a Cisco Smart Install remote code execution vulnerability in Cisco IOS/IOS XE where improper validation of packet data allows an unauthenticated, remote attacker to trigger a device reload (DoS) or execute arbitrary code by sending a crafted Smart Install message to TCP port 4786...

10CVSS9.8AI score0.9951EPSS
In wildExploits2References7Affected Software1
CVE
CVE
added 2015/04/14 8:0 p.m.1218 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wildExploits1References4Affected Software6
CVE
CVE
added 2024/02/23 2:46 p.m.1217 views

CVE-2023-52462

CVE-2023-52462 concerns the Linux kernel BPF spill-pointer bug. Technical details in connected docs indicate the vulnerability arises when a register is spilled onto the stack as 1/2/4-byte registers, leading to incorrect checking of spilled slots via slot_type and the need to consult slot_type[7...

5.5CVSS6.2AI score0.00226EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2021/04/09 5:50 p.m.1217 views

CVE-2021-20021

CVE-2021-20021 affects SonicWall Email Security. The vulnerability enables an unauthenticated attacker to create an administrative account via a crafted HTTP request to the ES appliance, by exploiting an improperly secured admin API endpoint. This leads to privilege escalation with administrator ...

9.8CVSS9.1AI score0.83425EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/02/16 5:0 p.m.1217 views

CVE-2021-21315

CVE-2021-21315 affects the npm package System Information (systeminformation) prior to version 5.3.1. The vulnerability is a command injection in functions that process service/latency queries (e.g., si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad()) which can be exploited via...

7.8CVSS7.5AI score0.9024EPSS
In wildExploits4References6Affected Software1
CVE
CVE
added 2021/05/06 4:16 a.m.1216 views

CVE-2020-28021

Exim 4 prior to 4.94.2 contains an improper neutralization of line delimiters vulnerability. An authenticated remote SMTP client can inject newline characters via AUTH= in MAIL FROM, potentially enabling remote code execution as root. Remediation: upgrade to Exim 4.94.2 or later.

9CVSS7.7AI score0.0406EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/10 8:33 p.m.1215 views

CVE-2022-26925

CVE-2022-26925 is a Windows Local Security Authority (LSA) spoofing vulnerability. The issue allows an unauthenticated attacker to coerce a domain controller to authenticate to the attacker using NTLM by calling a method on the LSARPC interface, enabling potential credential exposure in an NTLM-r...

8.1CVSS7.5AI score0.09823EPSS
In wildExploits0References3Affected Software17
CVE
CVE
added 2021/09/17 12:0 a.m.1215 views

CVE-2021-3807

CVE-2021-3807 affects ansi-regex, enabling Regular Expression Denial of Service (ReDoS) with high impact (CVSS v3.1 base 7.5). Connected docs confirm DoS in Jira Data Center/Server and Jira Service Management, with fixed versions including Jira DC/Server 10.3.16+ and 11.2.1+. Remediation is to up...

7.8CVSS8.7AI score0.03304EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/07/24 10:28 p.m.1215 views

CVE-2020-12812

CVE-2020-12812 is an improper authentication flaw in Fortinet FortiOS SSL VPN that allows a user to log in without FortiToken MFA if the username’s case is changed. Affected FortiOS versions include 6.4.0, 6.2.0–6.2.3, 6.0.9 and earlier. Fortinet advisories FG-IR-19-283 and related Nessus entries...

9.8CVSS9.5AI score0.49344EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2024/02/25 2:3 p.m.1214 views

CVE-2021-46904

CVE-2021-46904 affects the Linux kernel net: hso subsystem. The issue was a null pointer dereference during tty device unregistration caused by multiple ttys claiming the same minor number. The root cause was that get_free_serial_index() returned an available minor but did not assign it immediate...

5.5CVSS6.2AI score0.00256EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2021/10/08 12:0 a.m.1214 views

CVE-2021-30632

CVE-2021-30632 is a remote, out-of-bounds write vulnerability in Google Chrome’s V8 engine (Chromium) prior to 93.0.4577.82, allowing potential heap corruption via a crafted HTML page. Publicly documented fixes indicate the issue affected the V8 component and was addressed in Chrome/Chromium 93.0...

8.8CVSS8.2AI score0.64546EPSS
In wildExploits3References6Affected Software1
CVE
CVE
added 2021/06/10 7:10 a.m.1214 views

CVE-2020-13950

CVE-2020-13950 affects Apache HTTP Server (httpd) mod_proxy_http, with versions 2.4.41–2.4.46 vulnerable to a NULL pointer dereference triggered by specially crafted requests using both Content-Length and Transfer-Encoding headers, causing Denial of Service. Connected documents confirm impact as ...

7.5CVSS8.4AI score0.49089EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2021/06/08 10:46 p.m.1214 views

CVE-2021-31956

CVE-2021-31956 is a Windows NTFS local privilege-escalation vulnerability that Microsoft and security researchers have shown can be exploited via manipulation of the Windows kernel’s WNF/NTFS interaction and pool-heap exploitation techniques to obtain SYSTEM-level access. Public materials describ...

9.3CVSS8.5AI score0.20268EPSS
In wildExploits4References2Affected Software16
CVE
CVE
added 2021/05/10 12:0 a.m.1213 views

CVE-2021-28663

CVE-2021-28663 is an Arm Mali GPU kernel-driver use-after-free memory corruption vulnerability that can enable privilege escalation or information disclosure. Affected GPUs span Bifrost (r0p0–r28p0 before r29p0), Valhall (r19p0–r28p0 before r29p0), and Midgard (r4p0–r30p0). The issue arises from ...

9CVSS8.3AI score0.12084EPSS
In wildExploits2References4Affected Software3
CVE
CVE
added 2021/03/11 3:7 p.m.1213 views

CVE-2021-26411

CVE-2021-26411 (Internet Explorer Memory Corruption) is a memory-corruption vulnerability in IE that was exploited in the wild as a zero‑day. Project Zero’s analysis attributes two primary bug patterns to IE exploitation: a use-after-free caused by a user-controlled callback between object operat...

8.8CVSS8.2AI score0.81103EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/01/29 3:53 p.m.1213 views

CVE-2020-7247

CVE-2020-7247 affects OpenSMTPD 6.6 (OpenBSD 6.6 and others). The smtp_mailaddr() check in smtp_session.c can pass malformed local-parts with an empty domain, due to an incorrect return value on input validation, enabling remote root code execution via a crafted SMTP session (MAIL FROM) on the de...

10CVSS9.5AI score0.98972EPSS
In wildExploits27References15Affected Software1
CVE
CVE
added 2025/05/20 3:21 p.m.1212 views

CVE-2025-37899

The CVE-2025-37899 issue affects the Linux kernel’s ksmbd session logoff path, where sess->user can still be in use by another thread, enabling a use-after-free in smb2_sess_setup handling. The vulnerability is rated with CVSSv3.1: Local attack, Low privileges required, no user interaction, wi...

7.8CVSS6.5AI score0.00354EPSS
In wildExploits2References7Affected Software1
CVE
CVE
added 2022/03/16 2:4 p.m.1211 views

CVE-2021-39793

Summary of CVE-2021-39793 : A vulnerability in the Mali GPU kernel driver (kbase_jd_user_buf_pin_pages in mali_kbase_mem.c) causes an out-of-bounds write due to a logic error. This can enable local privilege escalation with no required user interaction. Affected: Android devices using Mali GPU ke...

7.8CVSS7.7AI score0.00726EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2023/06/23 12:0 a.m.1209 views

CVE-2023-32419

CVE-2023-32419 describes a bounds-checks issue in Apple iOS/iPadOS that could allow a remote attacker to execute arbitrary code. It is fixed in iOS 16.5 and iPadOS 16.5. No exploitation details are provided beyond that; updating to the patched OS versions is the recommended remediation.

9.8CVSS8.5AI score0.01116EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/02/25 8:16 a.m.1208 views

CVE-2023-52471

CVE-2023-52471 affects the Linux kernel component ice, involving NULL pointer dereferences in ice_ptp.c and a NULL pointer return risk in devm_kasprintf(). The issue is addressed by a kernel fix (see stable kernel references); exploitation details are not provided in the documents. Remediation is...

5.5CVSS7AI score0.00232EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/13 12:0 a.m.1208 views

CVE-2022-22960

CVE-2022-22960 is a VMware privilege-escalation vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation caused by improper permissions in support scripts. A local attacker can escalate to root on affected systems. Technical details indicate affected products include VMwar...

7.8CVSS8.7AI score0.37171EPSS
In wildExploits8References5Affected Software5
CVE
CVE
added 2020/03/17 6:41 p.m.1208 views

CVE-2020-3950

Mode C: CVE-2020-3950 affects VMware Fusion (11.x up to 11.5.1/11.5.2), VMware Remote Console for Mac (11.x up to 11.0.1), and Horizon Client for Mac (5.x up to 5.4.0). Root cause: improper use of setuid binaries enabling local privilege escalation from a normal user to root on systems running th...

7.8CVSS7.8AI score0.07254EPSS
In wildExploits10References4Affected Software3
CVE
CVE
added 2010/04/28 10:0 p.m.1207 views

CVE-2010-0738

CVE-2010-0738 affects JBoss AS/JBoss EAP 4.2.x before 4.2.0.CP09 and 4.3.x before 4.3.0.CP08. The JMX-Console performs access control only for GET/POST, allowing remote attackers to send requests via a different method to reach the GET handler. Impact described as an authentication/authorization ...

5.3CVSS9.2AI score0.79415EPSS
In wildExploits28References14Affected Software1
CVE
CVE
added 2022/03/18 5:59 p.m.1206 views

CVE-2022-22620

CVE-2022-22620 is a WebKit use-after-free vulnerability affecting Apple WebKit/ Safari stack (e.g., WebKit in macOS/iOS/iPadOS, and WebKitGTK/WebKitGTK-based ports). Exploitation involves processing malicious web content, potentially enabling arbitrary code execution. Apple’s fixes are in Safari ...

8.8CVSS8.8AI score0.16342EPSS
In wildExploits0References5Affected Software4
CVE
CVE
added 2019/12/05 4:17 p.m.1206 views

CVE-2019-7192

CVE-2019-7192 affects QNAP Photo Station on QTS. The vulnerability is an improper access control that enables remote attackers to gain unauthorized system access (pre-auth RCE). Public write‑ups and advisories discuss unvalidated access to Photo Station components, with several CVEs in the same f...

9.8CVSS9.4AI score0.88213EPSS
In wildExploits9References3Affected Software1
CVE
CVE
added 2025/02/05 5:31 p.m.1205 views

CVE-2025-23419

CVE-2025-23419 affects nginx where multiple server blocks share an IP/port and an attacker can reuse TLS session tickets or the SSL session cache to bypass client certificate authentication on the default server. The issue stems from how session resumption is handled when the default server perfo...

5.3CVSS4.8AI score0.02557EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2020/05/21 10:52 p.m.1205 views

CVE-2020-1054

CVE-2020-1054 is a Win32k kernel-mode elevation of privilege vulnerability in Windows where the Windows kernel-driver mishandles memory objects. The CVE entry is distinct from CVE-2020-1143. Public references in the provided set show an exploit for CVE-2020-1054 (Out-of-bounds write in Microsoft ...

7.8CVSS7.8AI score0.52778EPSS
In wildExploits5References3Affected Software17
CVE
CVE
added 2024/05/08 10:15 p.m.1204 views

CVE-2024-27793

Summary (CVE-2024-27793) : Apple iTunes for Windows is affected by a vulnerability where parsing a file could cause an unexpected app termination or arbitrary code execution. The issue is addressed by Apple in iTunes 12.13.2 for Windows (HT214099; Apple security content). The root cause is relate...

7.8CVSS7AI score0.00683EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/08/12 6:11 p.m.1204 views

CVE-2021-34484

CVE-2021-34484 is a Windows User Profile Service local privilege escalation caused by a race condition in CreateDirectoryJunction() that allowed a logged-on user to influence profile handling and load a malicious DLL with SYSTEM privileges. The vulnerability was initially patched but later bypass...

7.8CVSS8.6AI score0.14393EPSS
In wildExploits2References2Affected Software16
CVE
CVE
added 2021/09/02 4:7 p.m.1202 views

CVE-2021-28550

CVE-2021-28550 is an Adobe Acrobat/Reader Use-After-Free vulnerability that allows arbitrary code execution in the context of the current user when a user opens a crafted PDF. Affected products include Acrobat Reader DC (versions 2021.001.20150 and earlier), 2020.001.30020 and earlier, and 2017.0...

9.6CVSS8.3AI score0.52005EPSS
In wildExploits0References2Affected Software2
CVE
CVE
added 2014/12/11 2:0 a.m.1202 views

CVE-2014-8500

CVE-2014-8500 affects ISC BIND 9.0.x–9.8.x, 9.9.0–9.9.6, and 9.10.0–9.10.1, where delegation chaining is not limited, enabling remote attackers to cause memory exhaustion or a named crash via a large or infinite number of referrals. Impact: denial of service; all recursive resolvers are affected,...

7.8CVSS8.2AI score0.65683EPSS
Exploits0References27Affected Software1
CVE
CVE
added 2022/11/25 12:0 a.m.1200 views

CVE-2022-4135

CVE-2022-4135 affects Google Chrome/Chromium GPU code. It is a heap buffer overflow in the GPU path prior to Chrome 107.0.5304.121 that could allow a remote attacker (with renderer access) to escape the sandbox via a crafted HTML page. Chrome confirms exploitation in the wild; a stable-channel pa...

9.6CVSS9.3AI score0.31864EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2025/01/17 8:18 p.m.1199 views

CVE-2025-23202

The CVE-2025-23202 entry concerns the Bible Module for ROBLOX. The vulnerable components are the FetchVerse and FetchPassage functions, which lack input validation, enabling injection attacks that could manipulate API request URLs and potentially lead to unauthorized access or data tampering. The...

10CVSS7.2AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2022/03/04 5:36 p.m.1199 views

CVE-2022-26318

This CVE (CVE-2022-26318) affects WatchGuard XTM/Firebox appliances running Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2, enabling unauthenticated remote code execution via the admin interface. Technical details in connected docs show in-the-wild...

9.8CVSS9.6AI score0.78303EPSS
In wildExploits6References2Affected Software1
CVE
CVE
added 2022/03/02 6:45 p.m.1198 views

CVE-2021-38268

CVE-2021-38268 affects Liferay Portal 7.0.0–7.3.6 and Liferay DXP 7.0–7.3 with the Dynamic Data Mapping module. The issue: default permissions for site members are set incorrectly, allowing remote authenticated users with the site member role to add and duplicate forms via the UI or the API. Affe...

6.5CVSS6.2AI score0.0104EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2021/06/08 10:46 p.m.1198 views

CVE-2021-33742

CVE-2021-33742 is a memory-corruption remote code execution vulnerability in Microsoft Windows MSHTML/Internet Explorer. The IE/MSHTML bugchain included a use-after-free (user-controlled callback between two actions) and a buffer overflow in MSHTML, enabling arbitrary code execution. In-the-wild ...

8.8CVSS8.8AI score0.59139EPSS
In wildExploits0References2Affected Software14
Total number of security vulnerabilities5000