Lucene search
K
CveMost viewed

368448 matches found

CVE
CVE
added 2019/11/12 6:52 p.m.1098 views

CVE-2019-1385

CVE-2019-1385 is a local privilege-escalation vulnerability in Windows AppX Deployment Extensions (AppXSVC). The issue arises from improper privilege management within the AppX Deployment Extensions, enabling an authenticated attacker who runs a specially crafted application to elevate privileges...

7.8CVSS8.3AI score0.03595EPSS
In wildExploits4References3Affected Software6
CVE
CVE
added 2016/10/13 7:0 p.m.1098 views

CVE-2016-6935

Adobe Creative Cloud Desktop on Windows is affected by CVE-2016-6935 due to an unquoted Windows search path in versions prior to 3.8.0.310, enabling local privilege escalation via a Trojan horse executable placed in the SYSTEMDRIVE root. The advisory APSB16-34 recommends updating to 3.8.0.310 to ...

7.8CVSS7.6AI score0.00768EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/15 5:0 p.m.1098 views

CVE-2011-0609

The CVE-2011-0609 issue is an Adobe Flash Player AVM Bytecode Verification vulnerability that allows remote code execution via crafted SWF content. Affected products include Flash Player 10.2.x and earlier (Windows, macOS, Linux, Solaris), Flash Player 10.1.106.16 and earlier on Android, Adobe AI...

9.3CVSS8.9AI score0.66821EPSS
In wildExploits8References23Affected Software1
CVE
CVE
added 2022/03/09 3:32 p.m.1097 views

CVE-2022-26143

Mitel MiCollab (TP-240) before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contains a vulnerability in the TP-240 component that allows remote attackers to obtain sensitive information and trigger denial of service, including detrimental outbound traffic. The issue, known for enabling th...

9.8CVSS9.1AI score0.87565EPSS
In wildExploits1References8Affected Software2
CVE
CVE
added 2021/08/24 6:49 p.m.1097 views

CVE-2021-30883

CVE-2021-30883 is an memory-corruption vulnerability in Apple’s IOMobileFrameBuffer that can allow a malicious app to execute arbitrary code with kernel privileges. Apple patched it across iOS/iPadOS 14.8.1 and 15.0.2, macOS Big Sur 11.6.1 and Monterey 12.0.1, tvOS 15.1, and watchOS 8.1. The Appl...

9.3CVSS7.7AI score0.14721EPSS
In wildExploits0References7Affected Software5
CVE
CVE
added 2018/12/11 3:0 p.m.1097 views

CVE-2018-17480

CVE-2018-17480 is a Chrome/Chromium vulnerability in the V8 JavaScript engine: an out-of-bounds write that could enable remote code execution inside the sandbox via a crafted HTML page. Connected advisories confirm the impact across Chromium-based browsers and list the fixed-upstream version as 7...

8.8CVSS8.7AI score0.34292EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2017/12/12 7:0 p.m.1097 views

CVE-2017-17562

Embedthis GoAhead before 3.6.5 allows remote code execution when CGI is enabled and a CGI program is dynamically linked. The root cause is the initialization of the CGI environment from untrusted HTTP request parameters in cgi.c, enabling abuse via LD_PRELOAD and similar payloads posted to /proc/...

8.1CVSS8.2AI score0.96327EPSS
In wildExploits15References9Affected Software1
CVE
CVE
added 2022/05/26 2:0 p.m.1096 views

CVE-2022-20821

Cisco IOS XR Software health check RPM opens port 6379 by default, exposing the Redis instance inside the NOSi container to unauthenticated remote access. This could allow writing to the Redis in-memory DB, writing arbitrary files to the container filesystem, and retrieving Redis data. The vulner...

6.5CVSS6.8AI score0.1176EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/09/11 5:8 p.m.1096 views

CVE-2020-0878

CVE-2020-0878 is a memory corruption vulnerability in the way Microsoft Edge/Internet Explorer access objects in memory, enabling remote code execution in the context of the current user. Public description confirms a network-exploitable scenario via malicious websites or compromised sites, with ...

7.5CVSS7.8AI score0.02696EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2025/04/01 7:26 a.m.1095 views

CVE-2025-27427

CVE-2025-27427 affects Apache ActiveMQ Artemis 2.0.0–2.39.0. A user with createDurableQueue or createNonDurableQueue permissions can augment the routing-type of an address without createAddress permission, and with send permission plus automatic queue creation could send messages using a routing-...

4.3CVSS7AI score0.0058EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/01/13 9:33 p.m.1095 views

CVE-2024-56323

OpenFGA Open Authorization Engine (versions v1.3.8–v1.8.2; Helm openfga-0.1.38–0.2.19; docker 1.3.8–1.8.2) contains a critical authorization bypass vulnerability (CVE-2024-56323). Root cause: when a model uses conditions and contextual tuples are provided in Check or ListObjects calls, and OPENFG...

9.8CVSS6.6AI score0.00428EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/12/09 1:35 p.m.1095 views

CVE-2024-53949

CVE-2024-53949 describes an improper authorization vulnerability in Apache Superset that occurs when the FAB_ADD_SECURITY_API is enabled (default is disabled). The issue allows lower-privilege users to use the security API to perform actions that should be restricted. Affected versions are 2.0.0 ...

7.6CVSS6.5AI score0.00641EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/31 3:33 p.m.1095 views

CVE-2022-1271

CVE-2022-1271 affects GNU gzip's zgrep: an attacker can cause arbitrary file writes by supplying crafted multi-line filenames. Two or more consecutive newlines in filenames lead to content and target file names being embedded in the same path, and insufficient validation enables remote, low-privi...

8.8CVSS8.5AI score0.04271EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2021/05/06 12:41 p.m.1095 views

CVE-2021-1498

Cisco HyperFlex HX Data Platform contains unauthenticated command injection vulnerabilities in its web-based management interface that could allow a remote attacker to execute arbitrary commands on the affected device. Evidence from multiple sources identifies CVE-2021-1498 as a remote command ex...

9.8CVSS9.9AI score0.99999EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2019/12/17 10:25 p.m.1095 views

CVE-2019-7481

SonicWall SMA100 is affected by CVE-2019-7481, an information-disclosure vulnerability that allows unauthenticated attackers to gain read-only access to unauthorized resources. The vulnerability impacts SMA100 versions up to and including 9.0.0.3 (and earlier per the CVE description). Reported CV...

7.5CVSS7.7AI score0.99906EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2023/10/10 1:12 p.m.1094 views

CVE-2023-4966

CVE-2023-4966 affects Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. The issue stems from improper usage of snprintf/memory handling in the WebProc/auth pathways, causing memory disclosure via crafted responses and exposing sensitive data (e.g., aut...

9.4CVSS8.6AI score0.99999EPSS
In wildExploits15References3Affected Software2
CVE
CVE
added 2022/02/15 12:0 a.m.1094 views

CVE-2022-21698

CVE-2022-21698 affects the Prometheus Go client_golang promhttp instrumentation (prior to v1.11.1). The issue allows HTTP server DoS/memory exhaustion when processing non-standard HTTP methods via promhttp.InstrumentHandler* (except RequestsInFlight). A patch exists in v1.11.1; remediation is to ...

7.5CVSS8.8AI score0.05994EPSS
Exploits0References22Affected Software1
CVE
CVE
added 2020/04/15 3:12 p.m.1094 views

CVE-2020-0938

CVE-2020-0938 affects the Windows Adobe Font Manager Library by improperly handling specially crafted multi-master Font 1 PostScript fonts. The root cause is a vulnerability in the font parser that can allow remote code execution when processing crafted documents. For all Windows versions except ...

7.8CVSS8.2AI score0.69166EPSS
In wildExploits0References3Affected Software17
CVE
CVE
added 2014/01/15 2:0 a.m.1094 views

CVE-2014-0496

CVE-2014-0496 is a use-after-free vulnerability in Adobe Reader and Acrobat (X and XI) on Windows and macOS. Affected products are Adobe Reader X (v10.0.x) prior to 10.1.8 and Adobe Acrobat X 10.1.8 and earlier, and Adobe Reader XI 11.x prior to 11.0.06 and Adobe Acrobat XI 11.x prior to 11.0.06....

10CVSS7.4AI score0.40243EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2022/07/06 12:0 a.m.1093 views

CVE-2022-31129

Moment.js (JavaScript date library) contains a vulnerability in string-to-date parsing via RFC2822 parsing, causing quadratic (N^2) complexity and potential (Re)DoS for long inputs (>10k chars). The issue is mitigated by upgrading to Moment.js v2.29.4 or later; if upgrading is not possible, li...

7.5CVSS7.8AI score0.04923EPSS
In wildExploits1References11Affected Software1
CVE
CVE
added 2022/02/09 3:19 a.m.1093 views

CVE-2022-24682

CVE-2022-24682 affects Zimbra Collaboration Suite 8.8.x (before 8.8.15 patch 30/update 1). A cross-site scripting (XSS) vulnerability in the Calendar/webmail UI allows an attacker to place HTML with executable JavaScript in element attributes, leading to unescaped markup and potential session coo...

6.1CVSS6.3AI score0.3106EPSS
In wildExploits2References6Affected Software1
CVE
CVE
added 2021/10/13 12:26 a.m.1093 views

CVE-2021-40450

CVE-2021-40450 is a Win32k elevation-of-privilege vulnerability (local, privilege escalation) in Windows. The CVE is described as a Win32k Privilege Escalation issue with high impact (confidentiality, integrity, availability) per CVSS 3.1/3.1 vector; attack is local and requires no user interacti...

7.8CVSS7.9AI score0.01968EPSS
In wildExploits0References2Affected Software10
CVE
CVE
added 2021/03/11 3:49 p.m.1093 views

CVE-2021-27059

CVE-2021-27059 is a Microsoft Office Remote Code Execution vulnerability with public advisories and multiple security updates. The provided documents indicate affected products include Office 2010, Office 2013, and Office 2016 (32/64‑bit), across multiple Service Packs. The root cause is not expl...

8.5CVSS7.7AI score0.03182EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/03/16 5:24 p.m.1093 views

CVE-2020-5849

Summary (CVE-2020-5849) Unraid 6.8.0 contains an authentication bypass that can lead to remote code execution when exploited alongside the related issue (CVE-2020-5847). The Nessus plugin notes that Unraid

7.5CVSS8.5AI score0.95844EPSS
In wildExploits8References5Affected Software1
CVE
CVE
added 2013/09/13 6:0 p.m.1093 views

CVE-2013-4810

HP ProCurve Manager (PCM) 3.20/4.0, PCM+ 3.20/4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management are affected. The root cause is a remote code execution vector via a marshalled object to the EJBInvokerServlet or JMXInvokerServlet, enabling an attacker to execute arbitrar...

10CVSS6.7AI score0.79003EPSS
In wildExploits5References8Affected Software2
CVE
CVE
added 2016/12/20 5:54 a.m.1091 views

CVE-2016-7262

CVE-2016-7262 is a Microsoft Office vulnerability (Microsoft Excel family) described as a Security Feature Bypass: a crafted cell mishandled on click can allow user-assisted remote command execution. Affected products include Excel 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, Office Compatibi...

7.8CVSS7.8AI score0.58204EPSS
In wildExploits0References4Affected Software3
CVE
CVE
added 2014/05/07 10:0 a.m.1091 views

CVE-2014-0130

CVE-2014-0130 describes a directory traversal in Ruby on Rails’ Action Pack (implicit_render path) affecting Rails 3.2.x before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1. A crafted request using wildcard route globbing can cause the application to read arbitrary local files via actionpac...

7.5CVSS6.3AI score0.53703EPSS
In wildExploits2References5Affected Software2
CVE
CVE
added 2008/04/02 6:0 p.m.1091 views

CVE-2008-1657

OpenSSH vulnerability CVE-2008-1657 affects OpenSSH 4.4 up to versions before 4.9. The issue allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. Severity is medium (CVSS 2.0 base score 6.5) with network access, low attack compl...

6.5CVSS6.5AI score0.02223EPSS
Exploits3References32Affected Software1
CVE
CVE
added 2006/06/13 6:0 p.m.1091 views

CVE-2006-2660

Summary: CVE-2006-2660 is a buffer/path length vulnerability in PHP’s tempnam() related to long pathnames. Affected versions: PHP 5.1.4 and PHP 4.x prior to 4.4.3. Impact (as stated): Local users can bypass restrictions and create PHP files with fixed names in other directories due to MAXPATHLEN–...

2.1CVSS6AI score0.00354EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/04/16 3:14 p.m.1090 views

CVE-2024-3861

CVE-2024-3861 is a Firefox/Thunderbird memory-safety issue caused by an AlignedBuffer self-move that can lead to a use-after-free due to an incorrect reference count. The connected Astra Linux bulletin confirms vulnerable products and versions: Firefox <125, Firefox ESR <115.10, and Thunder...

4CVSS5.7AI score0.00226EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2022/09/19 12:0 a.m.1090 views

CVE-2022-35914

CVE-2022-35914 affects GLPI’s htmlawed integration via htmLawedTest.php, enabling PHP code injection. Exploit PoCs exist (PoC scripts and reports in Exploit-DB and GitHub repos) demonstrating remote code execution potential. CVSS v3.1 base score 9.8 (C/H I/H A/H) with network attack vector and no...

9.8CVSS9.6AI score0.99628EPSS
In wildExploits13References8Affected Software1
CVE
CVE
added 2022/02/10 5:6 p.m.1090 views

CVE-2022-20700

CVE-2022-20700 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. The Cisco advisory (KA9PK6D) documents a set of vulnerabilities in the management interface and SSL VPN/firmware image verification that can enable arbitrary code execution, privilege escalation, arbitrary command...

10CVSS10AI score0.05655EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/08/12 6:11 p.m.1090 views

CVE-2021-34486

CVE-2021-34486 is a Windows Event Tracing Elevation of Privilege vulnerability. The referenced data identify ETW as the affected component with a local attack vector and privilege escalation impact (CVE severity up to HIGH in CVSS‑3.1). Microsoft and related catalogs describe this as a Windows ET...

7.8CVSS7.6AI score0.07428EPSS
In wildExploits1References2Affected Software8
CVE
CVE
added 2019/09/11 9:25 p.m.1090 views

CVE-2019-1297

CVE-2019-1297 is a Microsoft Excel remote code execution vulnerability caused by improper handling of memory objects. An attacker can exploit it by convincing a user to open a specially crafted file, executing arbitrary code in the user’s context (higher impact if admin). The vulnerability is add...

9.3CVSS8.8AI score0.21805EPSS
In wildExploits0References2Affected Software3
CVE
CVE
added 2016/05/05 6:0 p.m.1090 views

CVE-2016-3718

ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...

5.5CVSS6.7AI score0.76897EPSS
In wildExploits4References20Affected Software16
CVE
CVE
added 2016/05/05 6:0 p.m.1090 views

CVE-2016-3715

Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...

5.8CVSS6.3AI score0.75383EPSS
In wildExploits5References21Affected Software16
CVE
CVE
added 2020/10/09 6:29 a.m.1089 views

CVE-2020-26919

CVE-2020-26919 affects NETGEAR JGS516PE devices prior to 2.6.0.43, with a lack of function-level access control. Connected documents also describe unauthenticated remote code execution in NETGEAR ProSAFE Plus (pre-2.6.0.43) via public login pages and POST endpoints exposing debug actions (submitI...

9.8CVSS9.4AI score0.57195EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/08/29 3:15 p.m.1089 views

CVE-2020-3566

CVE-2020-3566 affects Cisco IOS XR Software, exploiting the DVMRP feature via crafted IGMP traffic to exhaust device memory and disrupt processes. Root cause is insufficient IGMP queue management within DVMRP, potentially impacting interior/exterior routing protocols and causing instability. Mult...

8.6CVSS8AI score0.03631EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/03/23 7:31 p.m.1089 views

CVE-2020-5722

The Grandstream UCM6200 series (UCM62xx) is affected by CVE-2020-5722: an unauthenticated remote SQL injection via crafted HTTP requests in the HTTP interface, with potential to execute shell commands as root on versions before 1.0.19.20 and to inject HTML in password recovery emails on versions ...

10CVSS9.9AI score0.83926EPSS
In wildExploits8References4Affected Software1
CVE
CVE
added 2019/12/30 2:28 a.m.1089 views

CVE-2019-20085

Summary: CVE-2019-20085 affects TVT NVMS-1000 devices, enabling directory traversal through GET /.. requests and potentially exposing sensitive files. The normal/affected component is the NVMS-1000 web interface handling file paths, with a root cause linked to directory traversal exposure. Public...

7.5CVSS7.5AI score0.96071EPSS
In wildExploits6References3Affected Software1
CVE
CVE
added 2019/12/18 4:15 p.m.1089 views

CVE-2019-4716

IBM Planning Analytics (PA) versions 2.0.0–2.0.8 are vulnerable to a configuration overwrite that lets an unauthenticated attacker log in as admin and execute code as root/SYSTEM via TM1 scripting, potentially fully compromising the host. IBM remediation is to upgrade to PA 2.0.9 or apply availab...

10CVSS8.8AI score0.86441EPSS
In wildExploits6References5Affected Software1
CVE
CVE
added 2018/08/15 5:0 p.m.1089 views

CVE-2018-8373

CVE-2018-8373 describes a remote code execution vulnerability in Internet Explorer due to how the scripting engine handles objects in memory. Affected software includes Internet Explorer 9, 10, and 11. The root cause is memory handling flaws in the scripting engine that can be triggered remotely ...

7.6CVSS6.8AI score0.61912EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2015/05/13 10:0 a.m.1089 views

CVE-2015-1671

Summary: CVE-2015-1671 covers a remote code execution vulnerability in the Windows DirectWrite font parsing path used by multiple Microsoft products (Windows fonts stack, .NET Framework components, Office Lync/Live Meeting, Silverlight). The issue arises from handling of crafted TrueType fonts, e...

9.3CVSS7.3AI score0.54628EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2021/09/15 11:24 a.m.1088 views

CVE-2021-38649

CVE-2021-38649 is part of the OMIGOD family affecting Open Management Infrastructure (OMI) used by Azure VM Management Extensions. The vulnerability is an Elevation of Privilege flaw in OMI that can permit a local attacker to escalate privileges on Linux-based Azure VMs where OMI is exposed. Expl...

7.8CVSS8.2AI score0.01896EPSS
In wildExploits0References2Affected Software10
CVE
CVE
added 2019/04/30 8:21 p.m.1088 views

CVE-2019-3929

CVE-2019-3929 is a remote, unauthenticated command-injection vulnerability exploitable via the file_transfer.cgi HTTP endpoint. Affected devices include Crestron AM-100 (firmware 1.6.0.2) and AM-101 (2.7.0.1); Barco wePresent WiPG-1000P (2.3.0.10) and WiPG-1600W prior to 2.4.1.19; Extron ShareLin...

10CVSS9.8AI score0.98952EPSS
In wildExploits10References5Affected Software1
CVE
CVE
added 2014/02/14 4:0 p.m.1088 views

CVE-2014-0322

The CVE-2014-0322 issue is a Use-After-Free in Internet Explorer 9–10 triggered by crafted JavaScript/CMarkup and the onpropertychange attribute of a script element, exploited in the wild in early 2014. Affected product: Microsoft Internet Explorer 9 and 10 . Root cause: use-after-free condition ...

9.3CVSS9.3AI score0.85239EPSS
In wildExploits23References12Affected Software1
CVE
CVE
added 2010/08/04 7:0 p.m.1088 views

CVE-2010-1871

CVE-2010-1871 affects JBoss Seam 2 (jboss-seam2) as used in Red Hat Linux’s JBoss Enterprise Application Platform 4.3.0. The vulnerability stems from inadequate sanitization of inputs to JBoss Expression Language (EL) expressions, enabling remote code execution via a crafted URL when the Java Sec...

8.8CVSS9.5AI score0.83397EPSS
In wildExploits8References9Affected Software1
CVE
CVE
added 2024/04/16 3:14 p.m.1087 views

CVE-2024-3857

CVE-2024-3857 is a concrete Firefox/Thunderbird memory-safety issue caused by the JIT generating incorrect code for arguments, enabling use-after-free during GC. Affected: Firefox <125, Firefox ESR <115.10, Thunderbird

7.8CVSS6AI score0.00243EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2023/05/30 7:49 a.m.1087 views

CVE-2023-0329

CVE-2023-0329 affects the Elementor Website Builder WordPress plugin prior to 3.12.2. The issue is a SQL injection caused by improper sanitization/escaping of the Replace URL parameter in the Tools module before it is used in a SQL statement. Exploitation requires privileges of an Administrator, ...

7.2CVSS7.1AI score0.19695EPSS
Exploits7References2Affected Software1
CVE
CVE
added 2022/03/04 12:0 a.m.1087 views

CVE-2021-3737

CVE-2021-3737 is a vulnerability in Python’s HTTP client where an improperly handled HTTP response from a server could cause the client script to enter an infinite loop, leading to CPU-based DoS and affecting availability. The issue is documented across multiple advisories and packages (e.g., Pyt...

7.5CVSS7.6AI score0.11586EPSS
Exploits1References12Affected Software1
Total number of security vulnerabilities5000