Lucene search
K
CveMost viewed

368678 matches found

CVE
CVE
added 2020/07/14 10:53 p.m.1145 views

CVE-2020-1040

CVE-2020-1040 : A remote code execution vulnerability exists in Hyper-V RemoteFX vGPU where input from a guest OS is not properly validated by the host server. This affects the RemoteFX vGPU feature of Hyper-V and can allow an attacker with authenticated access on the guest OS to execute code on ...

9CVSS9.2AI score0.06903EPSS
In wildExploits0References3Affected Software3
CVE
CVE
added 2014/07/28 7:0 p.m.1145 views

CVE-2014-3120

CVE-2014-3120 : Elasticsearch’s default configuration prior to certain builds enables dynamic scripting, allowing remote attackers to execute arbitrary MVEL expressions and Java code via the _search source parameter. Public references indicate this enables remote code execution and constitutes a ...

8.1CVSS7.5AI score0.88559EPSS
In wildExploits17References9Affected Software1
CVE
CVE
added 2025/03/17 7:21 p.m.1144 views

CVE-2025-0495

CVE-2025-0495 affects docker-buildx/moby-buildx (Buildx) where credentials set as attribute values in cache-to/cache-from can be captured by OpenTelemetry traces and BuildKit history. Exploitation status is not detailed in the provided sources. The vulnerability does not apply to secrets passed v...

4.1CVSS7AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 11:24 a.m.1144 views

CVE-2025-26522

The CVE-2025-26522 entry describes a flaw in the RupeeWeb trading platform where OTP validation is improperly implemented in certain API endpoints. The vulnerability can be exploited by a remote attacker who has valid credentials to manipulate API responses, potentially bypassing Two-Factor Authe...

7.5CVSS7AI score0.00393EPSS
Exploits0References1
CVE
CVE
added 2024/02/23 2:46 p.m.1144 views

CVE-2024-26596

The CVE-2024-26596 entry concerns the Linux kernel net: dsa subsystem. The issue arises when handling NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER events: code dereferences netdev_priv(dev) unconditionally, but not all net_devices have a priv of type struct dsa_user_priv. This can read memory bey...

5.5CVSS5.2AI score0.00244EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2021/02/08 9:12 p.m.1144 views

CVE-2021-22502

Micro Focus Operations Bridge Reporter 10.40 is vulnerable to unauthenticated remote code execution via a login command injection vulnerability. The Nuclei template and Metasploit module describe an unauthenticated path to run arbitrary commands on the OBR server, potentially enabling full system...

10CVSS9.6AI score0.9674EPSS
In wildExploits4References5Affected Software1
CVE
CVE
added 2019/07/29 2:13 p.m.1144 views

CVE-2019-1132

CVE-2019-1132 affects Windows Win32k; the vulnerability arises from improper handling of memory objects in the Win32k subsystem, enabling local privilege escalation. In 2019 it was among Win32k 0-days observed in the wild and is listed in CISA’s Known Exploited Vulnerabilities Catalog as a Micros...

7.8CVSS7.7AI score0.09788EPSS
In wildExploits2References2Affected Software2
CVE
CVE
added 2019/06/19 10:7 p.m.1144 views

CVE-2019-12900

CVE-2019-12900 affects bzip2 up to 1.0.6. The vulnerability is an out-of-bounds write in BZ2_decompress (decompress.c) when there are many selectors, potentially causing memory corruption. Public notices list multiple vendor advisories (e.g., Rocky Linux/AlmaLinux, Debian/Ubuntu, OpenSUSE, Amazon...

9.8CVSS9.6AI score0.08042EPSS
Exploits0References23Affected Software1
CVE
CVE
added 2019/03/08 9:0 p.m.1144 views

CVE-2019-9636

CVE-2019-9636 overview Python 2.7.x (up to 2.7.16) and Python 3.x (up to 3.7.2) are affected by improper handling of Unicode encoding during NFKC normalization, exposing information such as cookies and credentials cached for a hostname. The vulnerable components are urllib.parse.urlsplit and urll...

9.8CVSS9.4AI score0.08811EPSS
Exploits0References52Affected Software1
CVE
CVE
added 2017/05/23 3:56 a.m.1144 views

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

9.8CVSS9.9AI score0.0595EPSS
Exploits0References33Affected Software1
CVE
CVE
added 2018/01/04 1:0 p.m.1143 views

CVE-2017-5753

CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...

5.6CVSS6.1AI score0.93838EPSS
Exploits9References66Affected Software211
CVE
CVE
added 2012/01/08 3:0 p.m.1143 views

CVE-2012-0391

CVE-2012-0391 affects Apache Struts 2 before 2.2.3.1, where the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types, enabling remote code execution via a crafted parameter. Multiple sources (CVE entry, CISA KEV, GHSA advis...

9.8CVSS8.5AI score0.75071EPSS
In wildExploits11References8Affected Software1
CVE
CVE
added 2020/12/08 8:17 p.m.1142 views

CVE-2020-27950

CVE-2020-27950 is a memory initialization issue in Apple’s XNU kernel that could allow a malicious app to disclose kernel memory. The CVE is fixed in multiple Apple updates: macOS Big Sur 11.0.1, iOS 14.2/iPadOS 14.2, watchOS 7.1, watchOS 6.2.9, and Security Updates for macOS Catalina 10.15.7 (Su...

7.1CVSS5.3AI score0.1652EPSS
In wildExploits2References11Affected Software4
CVE
CVE
added 2017/06/15 1:0 a.m.1142 views

CVE-2017-8543

CVE-2017-8543 is a Windows remote code execution vulnerability in the Windows Search service. The root cause is how Windows Search handles objects in memory, allowing an attacker to take control of the affected system. Exploitation can occur by sending specially crafted messages to the Windows Se...

10CVSS6.2AI score0.7376EPSS
In wildExploits0References4Affected Software10
CVE
CVE
added 2013/04/17 3:0 p.m.1142 views

CVE-2013-2423

CVE-2013-2423 is an unspecified remote vulnerability in the Java Runtime Environment (JRE) component affecting Oracle Java SE 7 (Update 17 and earlier) and OpenJDK 7. The root cause, as per connected advisories, involves hotspot-related code and unknown vectors allowing reflection/type-confusion ...

4.3CVSS8AI score0.85333EPSS
In wildExploits6References17Affected Software1
CVE
CVE
added 2022/08/25 5:40 a.m.1141 views

CVE-2022-36804

CVE-2022-36804 affects Atlassian Bitbucket Server and Data Center. Multiple API endpoints in Bitbucket Server/Data Center allow remote attackers with read permissions on a public or private repository to execute arbitrary code via a crafted HTTP request. Affected versions span Bitbucket Server/Da...

8.8CVSS8.9AI score0.99174EPSS
In wildExploits24References4Affected Software1
CVE
CVE
added 2021/10/08 12:0 a.m.1141 views

CVE-2021-37975

CVE-2021-37975 is a Use-After-Free in the V8 engine of Google Chrome prior to 94.0.4606.71, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Affected software: Google Chrome (V8). Impact: remote code execution potential with high severity (CVSS v3.1 base ...

8.8CVSS8.2AI score0.34887EPSS
In wildExploits0References8Affected Software1
CVE
CVE
added 2021/08/24 6:49 p.m.1141 views

CVE-2021-30869

CVE-2021-30869 is a type confusion vulnerability in Apple’s XNU kernel that may allow a malicious application to execute arbitrary code with kernel privileges. The issue affects iOS/iPadOS and macOS (XNU IPC-related code) and was observed in-the-wild in conjunction with WebKit-related flaws; expl...

9.3CVSS7.7AI score0.0415EPSS
In wildExploits0References5Affected Software4
CVE
CVE
added 2020/12/29 9:55 p.m.1141 views

CVE-2020-10148

CVE-2020-10148 is a vulnerability in the SolarWinds Orion API where an authentication bypass can allow a remote attacker to execute API commands, potentially compromising the Orion instance. Affected are SolarWinds Orion Platform versions 2019.4 HF5, 2020.2 with no hotfix, and 2020.2 HF1. The vul...

9.8CVSS9.8AI score0.9198EPSS
In wildExploits3References4Affected Software1
CVE
CVE
added 2024/04/16 3:14 p.m.1140 views

CVE-2024-3854

CVE-2024-3854 is a memory-safety issue in the Firefox/Thunderbird code path where the JIT optimizer mishandles certain switch statements, generating out-of-bounds reads. Affected are Firefox <125, Firefox ESR <115.10, and Thunderbird

8.8CVSS5.9AI score0.00727EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2023/10/10 5:8 p.m.1140 views

CVE-2023-36785

Technical details about CVE-2023-36785 are not publicly provided in the supplied documents; monitor for updates from official advisories and vendor feeds.

7.8CVSS8.1AI score0.01056EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/09/07 8:20 a.m.1140 views

CVE-2021-36782

CVE-2021-36782 concerns SUSE Rancher where sensitive fields, such as passwords, API keys and service account tokens, were stored in plaintext on Kubernetes objects (e.g., cluster.management.cattle.io) and exposed to authenticated users with cluster/project roles via the Kubernetes API. Affected R...

9.9CVSS9.1AI score0.0293EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2020/03/10 7:56 p.m.1140 views

CVE-2020-0041

CVE-2020-0041 affects the Android kernel binder subsystem: in binder_transaction there is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with no user interaction. The vulnerability is documented across multiple advisories (upstream kernel/UTSA entr...

7.8CVSS7.6AI score0.03246EPSS
In wildExploits6References2Affected Software1
CVE
CVE
added 2019/09/23 7:14 p.m.1140 views

CVE-2019-1367

CVE-2019-1367 is a remote code-execution vulnerability in Microsoft Internet Explorer’s scripting engine memory handling. Affects Internet Explorer; described as memory corruption when the scripting engine handles objects in memory. The CVE is linked to ongoing mitigation activity: Microsoft rele...

7.6CVSS7.8AI score0.52729EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2013/02/14 1:0 a.m.1140 views

CVE-2013-0640

CVE-2013-0640 is a memory corruption remote code execution vulnerability in Adobe Reader and Acrobat. It affects Adobe Reader/Acrobat 9.x prior to 9.5.4, 10.x prior to 10.1.6, and 11.x prior to 11.0.02, exploitable via a crafted PDF and observed in the wild in February 2013. The impact includes r...

9.3CVSS7.7AI score0.86979EPSS
In wildExploits4References12Affected Software2
CVE
CVE
added 2022/05/10 8:33 p.m.1138 views

CVE-2022-26923

CVE-2022-26923 affects Microsoft Active Directory Domain Services with AD CS involvement. The vulnerability stems from certificates issued by AD CS where an attacker who manages computer accounts can modify the dNSHostName attribute to impersonate a Domain Controller in a certificate, enabling pr...

9CVSS9.2AI score0.83277EPSS
In wildExploits8References3Affected Software14
CVE
CVE
added 2021/09/15 11:23 a.m.1138 views

CVE-2021-36955

CVE-2021-36955 is a Windows privilege-escalation flaw in the Common Log File System (CLFS) driver. The vulnerability stems from the CLFS driver (clfs.sys) and enables local privilege escalation to SYSTEM when exploited. Connected guidance and threat intel cite this CVE alongside Windows CLFS-rela...

7.8CVSS8AI score0.03054EPSS
In wildExploits0References2Affected Software17
CVE
CVE
added 2021/12/08 9:55 a.m.1136 views

CVE-2021-20038

CVE-2021-20038 affects SonicWall SMA100 series appliances (SMA200/210/400/410/500v) with firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier. It is a stack-based buffer overflow in the SMA100 Apache httpd server’s mod_cgi environment variables that allows remote, unauthenticated code...

9.8CVSS9.6AI score0.99912EPSS
In wildExploits7References4Affected Software1
CVE
CVE
added 2021/05/13 2:55 a.m.1136 views

CVE-2021-28799

CVE-2021-28799 is an improper authorization vulnerability affecting QNAP HBS 3 on various QTS/QuTS versions. The flaw allows remote attackers to log in to affected devices. Affected: HBS 3 on QTS 4.5.2 (prior to v16.0.0415); QTS 4.3.6 (prior to v3.0.210412); QTS 4.3.4 (prior to v3.0.210411); QTS ...

10CVSS9.4AI score0.78395EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/05/06 12:41 p.m.1136 views

CVE-2021-1497

Cisco HyperFlex HX Data Platform (Cisco HyperFlex HX) contains CVE-2021-1497: multiple vulnerabilities in the web-based management interface that allow an unauthenticated remote attacker to perform command injection against the device. Affected product/version per public advisories: Cisco HyperFl...

10CVSS9.9AI score0.99928EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2021/02/19 6:57 p.m.1136 views

CVE-2021-27351

CVE-2021-27351 affects Telegram, specifically the Terminate Session feature, failing to invalidate a recently active session. Affected versions are Telegram for Android up to 7.2.1 and Telegram for Windows/UNIX up to 2.4.7. The issue is described as a failure to terminate active sessions, with no...

5.3CVSS5.1AI score0.00843EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/04/09 8:15 p.m.1136 views

CVE-2019-0752

CVE-2019-0752 is a remote code execution in Microsoft Internet Explorer caused by how the scripting engine handles memory objects, leading to memory corruption in IE10/IE11. Multiple connected sources confirm exploit presence (ZDI-19-359, Exploit-DB), and CISA lists it as a known exploited vulner...

7.6CVSS7.7AI score0.81551EPSS
In wildExploits6References4Affected Software1
CVE
CVE
added 2025/12/03 3:40 p.m.1135 views

CVE-2025-55182

CVE-2025-55182 is a pre-auth remote code execution vulnerability in React Server Components (versions 19.0.0, 19.1.0, 19.1.1, 19.2.0) affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The issue arises from unsafe deserialization of payloads in HTTP reque...

10CVSS7.8AI score0.99562EPSS
In wildExploits372References6Affected Software1
CVE
CVE
added 2023/12/10 5:56 p.m.1134 views

CVE-2023-5869

CVE-2023-5869 (PostgreSQL) : A flaw in PostgreSQL enables authenticated database users to execute arbitrary code via missing overflow checks during SQL array value modification, caused by an integer overflow when modifying arrays. The described impact includes arbitrary write/read of memory and p...

8.8CVSS9.2AI score0.04322EPSS
Exploits0References35Affected Software1
CVE
CVE
added 2023/10/18 3:52 a.m.1134 views

CVE-2023-38545

CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....

9.8CVSS9.4AI score0.78483EPSS
Exploits6References21Affected Software1
CVE
CVE
added 2019/09/11 9:24 p.m.1134 views

CVE-2019-1253

CVE-2019-1253 describes a local privilege-escalation in Microsoft Windows AppX Deployment Server caused by improper handling of junctions. The vulnerability allows an attacker who already has code execution on the target system to elevate privileges (local attack, low integrity/login requirements...

7.8CVSS8.2AI score0.11616EPSS
In wildExploits5References3Affected Software8
CVE
CVE
added 2019/06/12 1:49 p.m.1134 views

CVE-2019-1069

CVE-2019-1069 is a Windows Task Scheduler Privilege Escalation vulnerability in which the Task Scheduler Service inadequately validates certain file operations. The issue enables local privilege escalation when an attacker with unprivileged code execution on a victim system exploits the flaw. Mic...

7.8CVSS7.9AI score0.06117EPSS
In wildExploits1References5Affected Software11
CVE
CVE
added 2019/03/21 4:45 p.m.1134 views

CVE-2019-7238

CVE-2019-7238 affects Sonatype Nexus Repository Manager 3.x and is due to Incorrect Access Control that can enable remote code execution. Affected: Nexus Repository Manager before 3.15.0 (unauthenticated/or external access could trigger RCE). Documented exploitation exists in public artifacts (e....

9.8CVSS9.1AI score0.76526EPSS
In wildExploits4References2Affected Software1
CVE
CVE
added 2016/11/10 6:16 a.m.1134 views

CVE-2016-7255

CVE-2016-7255 is a Windows kernel privilege-escalation issue affecting win32k.sys. The CVE arises from a local attacker crafting an exploit against a Win32k component, enabling elevation to SYSTEM via the NtSetWindowLongPtr path in win32k.sys (MS16-135). Public exploitation materials in Exploit D...

7.8CVSS7.6AI score0.80968EPSS
In wildExploits24References12Affected Software10
CVE
CVE
added 2024/02/25 2:3 p.m.1133 views

CVE-2022-48626

CVE-2022-48626 affects the Linux kernel moxart MMC host driver. A use-after-free occurs when the mmc host structure is accessed after being freed in moxart_remove(). The fix saves the device’s base register and uses it instead of dereferencing the freed pointer. Connected sources confirm this is ...

7.8CVSS7.4AI score0.0031EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2022/02/10 5:6 p.m.1133 views

CVE-2022-20703

CVE-2022-20703 applies to Cisco Small Business RV160, RV260, RV340 and RV345 Series Routers. The issue is a trust/verification weakness in the software image loading process that can allow an unauthenticated attacker to install and boot a malicious or unsigned image, enabling possible arbitrary c...

10CVSS9.3AI score0.09203EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2022/04/20 11:23 p.m.1132 views

CVE-2022-27925

CVE-2022-27925 affects Zimbra Collaboration Suite 8.8.15 and 9.0, where mboximport accepts a ZIP and extracts files. An authenticated administrator can upload arbitrary files, enabling directory traversal. Public PoCs/exploits in connected docs demonstrate path traversal behavior and indicate aff...

7.2CVSS7.2AI score0.98163EPSS
In wildExploits14References5Affected Software1
CVE
CVE
added 2021/10/08 9:50 p.m.1132 views

CVE-2021-37976

CVE-2021-37976 is a Google Chrome information-disclosure vulnerability described as an information leak in the core memory component that could allow a remote attacker to obtain potentially sensitive data from process memory via a crafted HTML page. The issue affected Chrome pre-94.0.4606.71; a f...

6.5CVSS6.5AI score0.19901EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2020/01/14 11:11 p.m.1132 views

CVE-2020-0610

CVE-2020-0610 is a Windows RD Gateway vulnerability (BlueGate) that enables unauthenticated remote code execution over UDP/3391. The RD Gateway role with UDP transport enabled is affected; exploitation targets the gateway service via specially crafted UDP traffic, enabling full compromise (per th...

10CVSS9.7AI score0.6526EPSS
In wildExploits8References1Affected Software3
CVE
CVE
added 2013/11/06 11:0 a.m.1132 views

CVE-2013-3906

CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...

9.3CVSS9.4AI score0.84971EPSS
In wildExploits7References6Affected Software8
CVE
CVE
added 2020/03/10 7:56 p.m.1131 views

CVE-2020-0069

The CVE-2020-0069 issue affects MediaTek CMDQ driver ioctl handlers in Android kernel, where insufficient input sanitization and missing SELinux restrictions can cause an out-of-bounds write, enabling local privilege escalation without extra privileges or user interaction. Public material confirm...

7.8CVSS7.8AI score0.01299EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2021/09/15 11:24 a.m.1130 views

CVE-2021-38648

CVE-2021-38648 is a local privilege-escalation flaw in Microsoft Open Management Infrastructure (OMI). Multiple sources confirm an authentication bypass allowing a local attacker to issue commands to the OMI socket (default UNIX socket at /var/opt/omi/run/omiserver.sock) and execute as root. The ...

7.8CVSS8.6AI score0.10933EPSS
In wildExploits4References3Affected Software10
CVE
CVE
added 2019/12/20 4:1 p.m.1130 views

CVE-2019-17571

CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...

9.8CVSS8.8AI score0.6906EPSS
Exploits3References113Affected Software1
CVE
CVE
added 2021/02/16 8:12 p.m.1129 views

CVE-2021-27103

The CVE-2021-27103 issue affects Accellion FTA prior to FTA_9_12_416, where SSRF is triggered by a crafted POST to wmProgressstat.html. The connected documents provide concrete context: (1) vulnerability stems from server-side request forgery in the Accellion FTA web interface, (2) remediation is...

9.8CVSS9.3AI score0.11406EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2011/10/05 10:0 p.m.1129 views

CVE-2011-3368

CVE-2011-3368 affects the Apache HTTP Server’s mod_proxy in reverse-proxy configurations. The vulnerability arises when using (1) RewriteRule with the [P] flag or (2) ProxyPassMatch; a remote attacker can craft a URI starting with an initial @ character to force the proxy to connect to an interna...

5CVSS9.2AI score0.90734EPSS
Exploits12References55Affected Software1
Total number of security vulnerabilities5000