Lucene search
K
CveMost viewed

369536 matches found

CVE
CVE
added 2023/03/24 12:0 a.m.1167 views

CVE-2023-21036

The CVE-2023-21036 issue affects Google Pixel devices' Markup tool (BitmapExport.java) where a logic error prevents proper truncation of image data after edits, potentially leaving remnants of the original image in cropped/edited PNGs. Public sources (NVD/NVD entry, CVE lists) describe a local, p...

5.5CVSS5.3AI score0.00499EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2018/08/02 3:0 p.m.1167 views

CVE-2017-9120

CVE-2017-9120 affects PHP 7.x through 7.1.5, due to an Integer overflow in mysqli_real_escape_string that can trigger a denial of service (buffer overflow and application crash). The connected documents confirm this root cause and impact across multiple advisories and listings (e.g., CVE-2017-912...

9.8CVSS9.8AI score0.07562EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2024/02/25 8:16 a.m.1166 views

CVE-2023-52472

CVE-2023-52472 : Linux kernel vulnerability in crypto: rsa where a NULL dereference could occur if mpi_alloc() allocation fails. The fix adds a check for allocation failure to satisfy static analyzers; current small allocations are unlikely to fail, but the patch is implemented to prevent NULL de...

5.5CVSS6.1AI score0.00272EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/02/11 12:20 p.m.1166 views

CVE-2021-44521

CVE-2021-44521 affects Apache Cassandra when enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: false. The documented unsafe configuration can allow an attacker with cluster-level permissions to create user-defined functio...

9.1CVSS9.4AI score0.54889EPSS
Exploits7References4Affected Software1
CVE
CVE
added 2019/10/23 4:31 p.m.1166 views

CVE-2019-18348

CVE-2019-18348 affects Python’s urllib/urllib2 handling of URL parameters. The issue allows CRLF injection when an attacker controls a url parameter, notably in the host component of a URL, enabling injection of HTTP headers. Public details in connected advisories confirm the vulnerability and ci...

6.1CVSS6.3AI score0.03513EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2019/06/12 1:49 p.m.1166 views

CVE-2019-1064

CVE-2019-1064 is a Windows elevation-of-privilege flaw in the AppXSVC (Windows AppX Deployment Service) due to improper handling of hard links. The root cause allows a locally authenticated attacker to run processes in an elevated context, potentially installing programs or modifying data. Micros...

7.8CVSS7.7AI score0.06886EPSS
In wildExploits2References3Affected Software11
CVE
CVE
added 2018/04/11 1:0 p.m.1166 views

CVE-2018-1273

CVE-2018-1273 is a remote code execution vulnerability in Spring Data Commons (affecting versions prior to 1.13.10 and 2.0–2.0.5, plus older unsupported builds). An unauthenticated attacker could supply crafted request parameters against Spring Data REST HTTP resources or via Spring Data projecti...

9.8CVSS9.6AI score0.95649EPSS
In wildExploits9References4Affected Software1
CVE
CVE
added 2013/06/10 5:0 p.m.1166 views

CVE-2013-1862

CVE-2013-1862 affects Apache HTTP Server 2.2.x up to 2.2.24, where mod_rewrite writes log data without sanitizing non‑printable characters. This can allow a remote attacker to execute arbitrary commands by sending an HTTP request containing an escape sequence for a terminal emulator, with some so...

5.1CVSS6.9AI score0.24886EPSS
Exploits2References43Affected Software1
CVE
CVE
added 2023/05/17 8:36 a.m.1165 views

CVE-2023-2745

CVE-2023-2745 — WordPress Core

6.1CVSS5.4AI score0.79527EPSS
In wildExploits7References7Affected Software1
CVE
CVE
added 2020/06/05 2:40 p.m.1165 views

CVE-2020-9859

CVE-2020-9859 is an Apple kernel code execution vulnerability triggered by a memory consumption issue. Affected products include iOS 13.5.1/iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6. Root cause: memory handling flaw that could allow an application t...

7.8CVSS7.1AI score0.00829EPSS
In wildExploits0References2Affected Software5
CVE
CVE
added 2017/07/10 4:0 p.m.1165 views

CVE-2017-9791

CVE-2017-9791 corresponds to an Apache Struts 1 vulnerability involving the Struts 1 plugin, where improper input handling could allow remote code execution via a malicious field value in a raw message to ActionMessage. Connected sources (CISA KEV) describe this as Apache Struts 1 Improper Input ...

9.8CVSS9.4AI score0.98931EPSS
In wildExploits19References8Affected Software1
CVE
CVE
added 2024/02/25 8:16 a.m.1164 views

CVE-2023-52468

The CVE-2023-52468 entry describes a Linux kernel use-after-free in class_register. The issue arises because lock_class_key remains registered in lock_keys_hash after subsys_private is freed in an error path, so a task iterating the hash later may trigger a use-after-free. The fix unregisters the...

7.8CVSS7.3AI score0.00275EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/03/18 4:56 a.m.1164 views

CVE-2021-45968

Pascom CPS before 7.20 contains a known Local File Inclusion vulnerability (CVE-2021-45968) in Pascom Cloud Phone System, as documented by Nuclei templates. The issue can allow an attacker to access sensitive information or arbitrary files via LFI. Remediation: apply the latest vendor patches/upd...

7.5CVSS8.3AI score0.10666EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2021/06/08 10:46 p.m.1164 views

CVE-2021-33739

This CVE (CVE-2021-33739) concerns the Microsoft Desktop Window Manager (DWM) Core Library in Windows. Affected component: dwmcore.dll within Windows 10/Server environments. Root cause: a use-after-free-style issue tied to a Tracker Binding Manager object in the DWM core, leading to an elevation ...

8.4CVSS7.8AI score0.06555EPSS
In wildExploits2References2Affected Software6
CVE
CVE
added 2018/11/14 3:0 p.m.1164 views

CVE-2018-17463

CVE-2018-17463 is a remote code execution vulnerability in the V8 JavaScript engine used by Google Chrome/Chromium. The issue allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page, stemming from an incorrect side-effect annotation in V8. Public disc...

8.8CVSS8.8AI score0.83898EPSS
In wildExploits6References8Affected Software1
CVE
CVE
added 2016/08/09 9:0 p.m.1164 views

CVE-2016-3309

CVE-2016-3309 is a Windows kernel Win32k elevation-of-privilege vulnerability. A local attacker could gain SYSTEM privileges by exploiting a pool/handle-management issue in win32k, enabling code execution in kernel mode. Connected sources document an exploit (win32kfull!bFill pool overflow) and i...

7.8CVSS7.5AI score0.20625EPSS
In wildExploits8References5Affected Software9
CVE
CVE
added 2023/06/17 12:29 a.m.1162 views

CVE-2023-28295

CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...

7.8CVSS7.7AI score0.00742EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2019/12/10 9:40 p.m.1162 views

CVE-2019-1458

CVE-2019-1458 is a Windows Win32k elevation-of-privilege flaw affecting win32k.sys. The root cause is an uninitialized field in the server window dispatch table (gpsi->mpFnid_serverCBWndProc[FNID_SWITCH]), which leaves extraWnd data improperly sized. This allows an attacker to write arbitrary ...

7.8CVSS8.2AI score0.74438EPSS
In wildExploits10References4Affected Software8
CVE
CVE
added 2016/11/01 10:46 p.m.1161 views

CVE-2016-7855

Adobe Flash Player CVE-2016-7855 is a use-after-free vulnerability allowing remote code execution. It affects Flash Player on Windows, macOS, and Linux (versions prior to 23.0.0.205 for Windows/OS X and prior to 11.2.202.643 on Linux). Exploitation has been observed in the wild (October 2016). Af...

9.3CVSS9AI score0.25198EPSS
In wildExploits0References8Affected Software1
CVE
CVE
added 2020/04/08 12:42 p.m.1159 views

CVE-2020-5735

CVE-2020-5735 affects Amcrest cameras and NVRs via a stack-based buffer overflow over port 37777. The vulnerability allows an authenticated remote attacker to crash the device and potentially execute arbitrary code. Public references (NVD, Red Hat, CISA KEV) reiterate a stack-based overflow impac...

8.8CVSS9AI score0.35643EPSS
In wildExploits4References3Affected Software1
CVE
CVE
added 2012/06/13 1:0 a.m.1159 views

CVE-2012-1889

CVE-2012-1889 concerns memory corruption in Microsoft XML Core Services (MSXML) across 3.0–6.0 that can allow remote code execution via a crafted web page. The vulnerability stems from accessing uninitialized memory locations, with exploitation commonly involving MSXML components (e.g., getDefini...

9.3CVSS7.7AI score0.83638EPSS
In wildExploits12References6Affected Software1
CVE
CVE
added 2024/02/25 8:16 a.m.1157 views

CVE-2023-52465

CVE-2023-52465 concerns the Linux kernel where the power: supply component fixed a null pointer dereference in smb2_probe. The root cause involved devm_kasprintf and devm_kzalloc potentially returning NULL on allocation failure. The vulnerability is documented with a local attack vector and a hig...

5.5CVSS6AI score0.00288EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/06/02 12:0 a.m.1157 views

CVE-2023-29540

CVE-2023-29540 is a vulnerability in Mozilla Firefox affecting Firefox for Android and Focus for Android prior to version 112. It arises from a redirect embedded in sourceMappingUrls that could navigate to external protocol links inside sandboxed iframes without allow-top-navigation-to-custom-pro...

6.1CVSS6.2AI score0.00315EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2021/07/14 5:53 p.m.1157 views

CVE-2021-33771

CVE-2021-33771 is a Windows Kernel Elevation of Privilege vulnerability affecting Windows kernels; multiple sources classify it as a local, low-complexity EoP with high impact. Several connected documents reference active exploitation in the wild or near-wild activity, including reports of target...

7.8CVSS8.3AI score0.06255EPSS
In wildExploits0References2Affected Software15
CVE
CVE
added 2019/01/30 10:0 p.m.1157 views

CVE-2018-17189

CVE-2018-17189 : In Apache HTTP Server 2.4.37 and earlier, mod_http2 can cause a DoS by handling slowloris-style request bodies, unnecessarily occupying a server thread for the h2 stream on HTTP/2 connections. Affected product: Apache HTTP Server with mod_http2. Impact: denial of service via thre...

5.3CVSS6.1AI score0.19404EPSS
Exploits0References30Affected Software1
CVE
CVE
added 2019/07/29 2:13 p.m.1156 views

CVE-2019-1130

CVE-2019-1130 is a Windows privilege-escalation vulnerability in the AppX Deployment Service (AppXSVC) caused by improper handling of hard links. The CVE notes an elevation of privilege from a local user, with a CVSSv3.1 base score of 7.8 (LOCAL attack, LOW complexity, Privileges Required: LOW; U...

7.8CVSS7.7AI score0.02284EPSS
In wildExploits0References2Affected Software14
CVE
CVE
added 2016/06/01 8:0 p.m.1155 views

CVE-2016-3088

CVE-2016-3088 affects Apache ActiveMQ 5.x prior to 5.14.0. The Fileserver web application vulnerable to remote code execution via an HTTP PUT followed by an HTTP MOVE request allows an attacker to upload and execute arbitrary files on the server. Connected PoC repositories describe Python-based a...

9.8CVSS9.7AI score0.98518EPSS
In wildExploits19References10Affected Software1
CVE
CVE
added 2023/04/20 12:0 a.m.1153 views

CVE-2023-27350

CVE-2023-27350 affects PaperCut MF/NG and allows unauthenticated remote code execution by exploiting improper access control in SetupCompleted, enabling code execution as SYSTEM. Public PoCs and exploits exist (e.g., GitHub and Exploit-DB entries) targeting PaperCut MF/NG 8.0+ and various 22.x bu...

9.8CVSS9.1AI score0.99999EPSS
In wildExploits24References8Affected Software2
CVE
CVE
added 2022/03/29 8:45 p.m.1153 views

CVE-2022-26871

Trend Micro Apex Central (on-prem and service) contains an unauthenticated arbitrary file upload vulnerability (CVE-2022-26871) that can lead to remote code execution. Public sources consistently describe a vulnerability in Apex Central’s file-upload handling (improper checks for file contents) t...

9.8CVSS9.8AI score0.19633EPSS
In wildExploits0References6Affected Software2
CVE
CVE
added 2021/02/24 4:42 p.m.1153 views

CVE-2021-21973

CVE-2021-21973 is a VMware vSphere Client (HTML5) SSRF vulnerability in which URL validation for a vCenter Server plugin is improper, allowing an attacker with network access to port 443 to trigger information disclosure via a crafted POST to the vulnerable endpoint. Affected products/versions in...

5.3CVSS6.7AI score0.88012EPSS
In wildExploits8References2Affected Software2
CVE
CVE
added 2019/07/16 5:16 p.m.1153 views

CVE-2019-12991

CVE-2019-12991 affects Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance: authenticated command injection in 10.2.x before 10.2.3 and 10.0.x before 10.0.8. Connected advisories confirm a remote command execution vector via the appliance’s management/UI stack and public exploits exist (e.g., ...

9CVSS8.6AI score0.73875EPSS
In wildExploits5References5Affected Software2
CVE
CVE
added 2017/07/17 9:0 p.m.1153 views

CVE-2017-6736

CVE-2017-6736 concerns Cisco IOS/IOS XE SNMP subsystem vulnerabilities caused by a buffer overflow. An authenticated remote attacker could remotely execute code or cause a reload by sending crafted SNMP packets over IPv4/IPv6. The issue affects SNMP versions 1/2c/3; for SNMPv2c you may need the r...

9CVSS9.1AI score0.70559EPSS
In wildExploits8References7Affected Software2
CVE
CVE
added 2024/05/13 12:0 a.m.1152 views

CVE-2024-34459

The CVE-2024-34459 issue affects libxml2’s xmllint when using --htmlout, where a formatting error in error messages can trigger a buffer over-read in xmlHTMLPrintFileContext. The vulnerability concerns xmllint and the libxml2 parser before versions 2.11.8 and 2.12.x before 2.12.7. A PoC exists pe...

7.5CVSS6.5AI score0.02298EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2022/03/18 5:59 p.m.1152 views

CVE-2022-22587

CVE-2022-22587 is an Apple IOMobileFrameBuffer memory corruption vulnerability that could allow code execution with kernel privileges. The issue is cited as fixed in iOS 15.3, iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2. Apple’s advisory notes a report that it may have been activel...

10CVSS8.3AI score0.11638EPSS
In wildExploits0References4Affected Software3
CVE
CVE
added 2021/02/16 8:7 p.m.1152 views

CVE-2021-27102

CVE-2021-27102 is an OS command injection in Accellion FTA via a local web service call affecting 9_12_411 and earlier. Exploitation observed in incidents; fix available in FTA_9_12_416 and later. Remediation: patch to 9_12_416+ or migrate to a supported platform; isolate affected systems and app...

7.8CVSS8.7AI score0.03654EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2020/10/28 12:47 p.m.1152 views

CVE-2020-8260

Pulse Connect Secure (PCS) vulnerable

7.2CVSS8.2AI score0.9648EPSS
In wildExploits4References3Affected Software1
CVE
CVE
added 2025/12/03 3:40 p.m.1151 views

CVE-2025-55182

CVE-2025-55182 is a pre-auth remote code execution vulnerability in React Server Components (versions 19.0.0, 19.1.0, 19.1.1, 19.2.0) affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The issue arises from unsafe deserialization of payloads in HTTP reque...

10CVSS7.8AI score0.99562EPSS
In wildExploits374References6Affected Software1
CVE
CVE
added 2020/08/17 7:13 p.m.1151 views

CVE-2020-1464

CVE-2020-1464 is a Windows spoofing vulnerability where improper validation of code-signing signatures allows bypassing security features and loading improperly signed files. It affects Windows and was actively exploited in the wild, per reports linked to the August 2020 Patch Tuesday. The core i...

7.8CVSS7.1AI score0.41131EPSS
In wildExploits1References5Affected Software18
CVE
CVE
added 2020/04/24 3:56 p.m.1151 views

CVE-2020-6820

CVE-2020-6820 describes a race condition in handling a ReadableStream that can cause a use-after-free, affecting Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR

8.1CVSS7.3AI score0.06305EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2020/02/07 10:49 p.m.1151 views

CVE-2019-19356

CVE-2019-19356 affects Netis WF2419 routers. A authenticated attacker can achieve remote code execution as root via the router Web management page, based on vulnerable firmware versions V1.2.31805 and V2.2.36123. The root cause is lack of input sanitization in the web interface, enabling exploita...

8.5CVSS7.8AI score0.27962EPSS
In wildExploits6References4Affected Software1
CVE
CVE
added 2021/12/15 6:5 p.m.1150 views

CVE-2021-1048

CVE-2021-1048 is a use-after-free in Android's upstream Linux kernel ep_loop_check_proc (eventpoll.c) that can cause memory corruption and local privilege escalation without user interaction. The issue existed in the Android kernel but upstream Linux patched it; Android device patch timing varied...

7.8CVSS7.6AI score0.01047EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/03/10 7:56 p.m.1150 views

CVE-2020-0041

CVE-2020-0041 affects the Android kernel binder subsystem: in binder_transaction there is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with no user interaction. The vulnerability is documented across multiple advisories (upstream kernel/UTSA entr...

7.8CVSS7.6AI score0.03246EPSS
In wildExploits6References2Affected Software1
CVE
CVE
added 2014/07/28 7:0 p.m.1150 views

CVE-2014-3120

CVE-2014-3120 : Elasticsearch’s default configuration prior to certain builds enables dynamic scripting, allowing remote attackers to execute arbitrary MVEL expressions and Java code via the _search source parameter. Public references indicate this enables remote code execution and constitutes a ...

8.1CVSS7.5AI score0.88559EPSS
In wildExploits17References9Affected Software1
CVE
CVE
added 2013/02/26 4:0 p.m.1150 views

CVE-2012-4558

CVE-2012-4558 is an XSS vulnerability in Apache HTTP Server's balancer_handler (mod_proxy_balancer). Remote attackers can inject arbitrary web script/HTML via a crafted string in the manager interface for Apache 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4. Impact is arbitrary script execution ...

4.3CVSS6AI score0.22913EPSS
Exploits2References36Affected Software1
CVE
CVE
added 2024/04/16 3:14 p.m.1149 views

CVE-2024-3302

CVE-2024-3302 describes an unbounded processing of HTTP/2 CONTINUATION frames, enabling an Out of Memory condition in the browser. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird

3.7CVSS5.6AI score0.00759EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2019/03/08 9:0 p.m.1149 views

CVE-2019-9636

CVE-2019-9636 overview Python 2.7.x (up to 2.7.16) and Python 3.x (up to 3.7.2) are affected by improper handling of Unicode encoding during NFKC normalization, exposing information such as cookies and credentials cached for a hostname. The vulnerable components are urllib.parse.urlsplit and urll...

9.8CVSS9.4AI score0.08811EPSS
Exploits0References52Affected Software1
CVE
CVE
added 2023/06/23 12:0 a.m.1148 views

CVE-2023-32367

CVE-2023-32367: Apple documents an entitlement-related issue where an app may access user-sensitive data. The vulnerability is mitigated in iOS 16.5 and iPadOS 16.5, and macOS Ventura 13.4 (Patch/UPDATE_REQUIRED). No exploitation details are provided in the connected documents; remediation is to ...

5.5CVSS4.9AI score0.00238EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2021/09/08 2:29 p.m.1148 views

CVE-2021-30713

CVE-2021-30713 affects macOS Big Sur 11.4 and concerns the TCC (Transparency, Consent, and Control) subsystem. The vulnerability is described as a permissions issue that could allow a malicious application to bypass Privacy preferences, with the fix implemented in Big Sur 11.4. Related sources co...

7.8CVSS6.8AI score0.0658EPSS
In wildExploits0References4Affected Software2
CVE
CVE
added 2021/02/08 9:12 p.m.1148 views

CVE-2021-22502

Micro Focus Operations Bridge Reporter 10.40 is vulnerable to unauthenticated remote code execution via a login command injection vulnerability. The Nuclei template and Metasploit module describe an unauthenticated path to run arbitrary commands on the OBR server, potentially enabling full system...

10CVSS9.6AI score0.9674EPSS
In wildExploits4References5Affected Software1
CVE
CVE
added 2020/12/09 11:36 p.m.1148 views

CVE-2020-17144

CVE-2020-17144 is a deserialization vulnerability in Microsoft Exchange Server 2010 (MRM.AutoTag.Model) that can enable remote code execution. Public details from Attackerkb indicate exploitation requires authentication (e.g., via OWA EWS) and can execute OS commands with SYSTEM-level privileges;...

8.8CVSS8.8AI score0.36514EPSS
In wildExploits4References3Affected Software1
Total number of security vulnerabilities5000