Lucene search
K
CveMost viewed

368308 matches found

CVE
CVE
added 2002/10/05 4:0 a.m.1087 views

CVE-2002-0370

CVE-2002-0370 refers to a buffer overflow/unchecked buffer in ZIP decompression in Windows ZIP handling affecting Windows 98 with Plus! Pack, XP, ME, Lotus Notes R4–R6, Verity KeyView, and StuffIt Expander before 7.0. OpenVAS and Nessus entries corroborate the MS02-054 fix. The vulnerability can ...

7.5CVSS7.9AI score0.43298EPSS
Exploits0References9Affected Software4
CVE
CVE
added 2023/05/30 7:49 a.m.1086 views

CVE-2023-0329

CVE-2023-0329 affects the Elementor Website Builder WordPress plugin prior to 3.12.2. The issue is a SQL injection caused by improper sanitization/escaping of the Replace URL parameter in the Tools module before it is used in a SQL statement. Exploitation requires privileges of an Administrator, ...

7.2CVSS7.1AI score0.19695EPSS
Exploits7References2Affected Software1
CVE
CVE
added 2021/02/02 1:0 p.m.1086 views

CVE-2020-25506

Summary of vulnerability (CVE-2020-25506) : D-Link DNS-320 firmware v2.06B01 Revision Ax is vulnerable to a command-injection in the system_mgr.cgi component. The issue arises because the HTTP parameter f_ntp_server is not sanitized, enabling remote arbitrary command execution. The NUCLEI templat...

9.8CVSS9.8AI score0.99968EPSS
In wildExploits2References4Affected Software1
CVE
CVE
added 2020/06/02 4:50 p.m.1086 views

CVE-2020-5410

CVE-2020-5410 affects VMware/Tanzu Spring Cloud Config Server. Versions 2.2.x before 2.2.3 and 2.1.x before 2.1.9 (and older unsupported) are vulnerable to a directory-traversal where a crafted URL can cause the server to serve arbitrary configuration files. Root cause: inadequate validation in t...

7.5CVSS7.5AI score0.95586EPSS
In wildExploits3References2Affected Software1
CVE
CVE
added 2020/02/06 5:48 p.m.1086 views

CVE-2020-8657

Incident summary (CVE-2020-8657): EyesOfNetwork 5.3 is affected by a hardcoded API key vulnerability. The default API key (EONAPI_KEY) is stored in include/api_functions.php for API version 2.4.2, enabling an attacker to calculate/guess the admin access token and potentially gain administrative a...

9.8CVSS9.2AI score0.91874EPSS
In wildExploits4References3Affected Software1
CVE
CVE
added 2013/06/12 1:0 a.m.1086 views

CVE-2013-1331

CVE-2013-1331 is a buffer overflow in Microsoft Office 2003 SP3 and Office for Mac 2011 triggered when parsing PNG data embedded in an Office document, allowing remote attackers to execute arbitrary code. The vulnerability can be exploited through crafted PNG content, potentially via documents th...

9.3CVSS7.8AI score0.81877EPSS
In wildExploits4References5Affected Software1
CVE
CVE
added 2025/01/22 7:22 p.m.1085 views

CVE-2025-0611

Summary: CVE-2025-0611 affects Google Chrome’s V8 engine prior to 132.0.6834.110, where object corruption could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability is categorized as High severity (CVSS: NETWORK, NONE/LOW impacts on confidentiality, integr...

8.2CVSS6.3AI score0.00323EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/11 10:55 p.m.1085 views

CVE-2021-4102

CVE-2021-4102 is a use-after-free vulnerability in Google Chrome’s V8 engine. Affected component: V8 within Chrome prior to version 96.0.4664.110. Root cause: use-after-free that could enable heap corruption via a crafted HTML page. Impact: remote code execution with high severity (per CVSS metri...

8.8CVSS9.1AI score0.07836EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2016/02/16 2:0 a.m.1085 views

CVE-2016-0752

CVE-2016-0752 is a directory-traversal flaw in Rails’ Action View triggered when untrusted input is passed to render, allowing remote read of arbitrary files via a path containing .. and linked to incomplete fixes that affected Rails 3.2.x/4.x. The vulnerability stems from Action View’s rendering...

7.5CVSS6.1AI score0.95537EPSS
In wildExploits11References13Affected Software1
CVE
CVE
added 2022/08/09 7:55 p.m.1084 views

CVE-2022-34713

CVE-2022-34713 (DogWalk) is a remote code execution vulnerability in Microsoft Windows MSDT that is triggered when MSDT is invoked via the URL protocol from a calling application (e.g., Word). The CVSS 3.1 entry indicates a local attack vector with low attack complexity, no privileges required, b...

7.8CVSS8.9AI score0.6798EPSS
In wildExploits1References2Affected Software16
CVE
CVE
added 2019/04/18 5:21 p.m.1084 views

CVE-2019-3398

CVE-2019-3398 affects Atlassian Confluence Server and Data Center. A path traversal vulnerability in the downloadallattachments resource lets an attacker with page/blog permissions or admin rights write files to arbitrary locations, potentially leading to remote code execution on vulnerable insta...

9CVSS8.8AI score0.97153EPSS
In wildExploits10References7Affected Software1
CVE
CVE
added 2019/04/09 2:34 a.m.1084 views

CVE-2019-0797

CVE-2019-0797 is a Windows Win32k privilege-escalation vulnerability caused by the Win32k component failing to properly handle objects in memory, enabling local code execution with kernel privileges. Affected: Windows Win32k subsystem (Win32k.sys). Impact: elevated privileges to SYSTEM with poten...

7.8CVSS8.2AI score0.0189EPSS
In wildExploits0References2Affected Software13
CVE
CVE
added 2010/02/21 5:0 p.m.1084 views

CVE-2010-0188

CVE-2010-0188 is an Adobe Reader/Acrobat vulnerability in the PDF handling stack (notably LibTIFF-related parsing) that could allow denial of service or remote code execution via a crafted PDF. Affected products include Adobe Reader/Acrobat 8.x (before 8.2.1) and 9.x (before 9.3.1). Public analys...

9.3CVSS7.7AI score0.88246EPSS
In wildExploits12References11Affected Software2
CVE
CVE
added 2021/10/13 12:28 a.m.1083 views

CVE-2021-41357

CVE-2021-41357 is a Windows Win32k privilege-escalation vulnerability (local, low complexity, no user interaction) with CVSS v3.1 base score 7.8 (high). Affected component is Win32k; root cause involves elevation of privileges on Windows systems. Public disclosures in the connected documents indi...

7.8CVSS7.5AI score0.01968EPSS
In wildExploits0References2Affected Software7
CVE
CVE
added 2021/02/15 12:0 a.m.1083 views

CVE-2021-25296

CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...

9CVSS8.8AI score0.71737EPSS
In wildExploits7References7Affected Software1
CVE
CVE
added 2019/03/26 5:43 p.m.1083 views

CVE-2019-10068

Kentico CMS is affected by a remote code execution vulnerability (CVE-2019-10068) due to insecure .NET object deserialization during staging service processing. Affected versions include Kentico 12.0.x before 12.0.15, 11.x before 11.0.48, 10.x before 10.0.52, and 9.x. The issue can be triggered v...

9.8CVSS9.9AI score0.96031EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2013/11/27 11:0 p.m.1083 views

CVE-2013-5065

NDProxy.sys in the Windows kernel is affected by a local privilege escalation flaw (CVE-2013-5065) caused by improper input validation in the NDPROXY driver. A crafted IOCTL path allows a local attacker to exploit a NULL pointer dereference to escalate privileges on affected systems. Public explo...

7.8CVSS6.3AI score0.34893EPSS
In wildExploits16References5Affected Software2
CVE
CVE
added 2020/04/15 3:13 p.m.1082 views

CVE-2020-1027

CVE-2020-1027 is a Windows privilege-escalation vulnerability affecting Windows kernel memory handling and the CSRSS subsystem. The Windows kernel path (memory object handling) enabled local privilege escalation via write-what-where style abuse in kernel fault paths, while the CSRSS path allowed ...

7.8CVSS8AI score0.04447EPSS
In wildExploits2References3Affected Software17
CVE
CVE
added 2022/09/07 8:20 a.m.1080 views

CVE-2021-36783

CVE-2021-36783 (Rancher info-disclosure) affects SUSE Rancher where credentials, passwords and API tokens stored in cleartext are exposed via API endpoints to authenticated users (Cluster Owners/Members, Project Owners/Members). Affected: Rancher versions before 2.6.4 (and 2.5.x before 2.5.13). R...

9.9CVSS9.3AI score0.00647EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/12/11 9:0 a.m.1080 views

CVE-2018-20058

CVE-2018-20058 describes a local file path traversal in Evernote for macOS prior to 7.6, affecting the attachment preview feature (MACOSNOTE-28634). The vulnerability path is local file access via the attachment preview, enabling potential leakage of files present on the user’s system. The NVD en...

7.5CVSS7.4AI score0.01406EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/08/15 5:0 p.m.1080 views

CVE-2018-8405

Technical details (exploit vector, affected products/versions, root cause specifics, and mitigations) are not publicly disclosed in the provided connected documents. Monitor for updates from authoritative sources.

7.8CVSS7.7AI score0.03444EPSS
In wildExploits0References4Affected Software11
CVE
CVE
added 2017/03/17 12:0 a.m.1080 views

CVE-2017-0005

Technical details (affected product/version, root cause, fix) are not provided in the supplied documents; public details are high-level. Monitor for updates from official advisories and CVE feeds.

7.8CVSS6.2AI score0.11022EPSS
In wildExploits1References5Affected Software10
CVE
CVE
added 2013/05/16 10:0 a.m.1080 views

CVE-2013-1675

CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...

6.5CVSS8.7AI score0.06696EPSS
In wildExploits1References16Affected Software3
CVE
CVE
added 2021/10/22 9:25 p.m.1079 views

CVE-2021-42258

BillQuick Web Suite SQL Injection (CVE-2021-42258) affects BEQ BillQuick Web Suite 2018–2021 prior to 22.0.9.1. The vulnerability is an SQL injection in the txtID/username parameter that enables unauthenticated remote code execution, including the potential to run code as MSSQLSERVER$ via xp_cmds...

9.8CVSS9.9AI score0.73269EPSS
In wildExploits3References2Affected Software1
CVE
CVE
added 2019/12/05 4:30 p.m.1079 views

CVE-2019-7194

CVE-2019-7194 is a QNAP Photo Station path-traversal vulnerability (external control of file name/path) that allows remote access to or modification of files. Affected: QNAP Photo Station (versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier). Impact per sources: remote access/modification of sys...

9.8CVSS9.3AI score0.82966EPSS
In wildExploits8References3Affected Software1
CVE
CVE
added 2020/09/29 1:44 p.m.1078 views

CVE-2020-8243

CVE-2020-8243 affects Pulse Connect Secure, specifically the admin web interface prior to 9.1R8.2. An authenticated attacker can upload a custom template to achieve arbitrary code execution via the admin UI. The CVSSv3 base score is 7.2 (High) with network access, low attack complexity, and high ...

7.2CVSS8.1AI score0.90759EPSS
In wildExploits0References2Affected Software2
CVE
CVE
added 2020/05/29 6:57 p.m.1078 views

CVE-2020-8816

CVE-2020-8816 : Pi-hole Web (AdminLTE) 4.3.2 is vulnerable to Remote Code Execution via a crafted DHCP static lease. Exploitation requires privileged dashboard access and is authenticated; the flaw arises from how DHCP static leases are processed, enabling an attacker with dashboard privileges to...

9.1CVSS7AI score0.77847EPSS
In wildExploits13References8Affected Software1
CVE
CVE
added 2025/01/27 5:12 p.m.1077 views

CVE-2025-24367

CVE-2025-24367 affects Cacti, an open-source monitoring framework. The flaw allows an authenticated Cacti user to abuse graph creation and graph template functionality to write arbitrary PHP scripts in the web root, leading to remote code execution on the server. Impact is remote code execution w...

8.8CVSS7.9AI score0.51488EPSS
Exploits10References3Affected Software1
CVE
CVE
added 2020/03/16 5:23 p.m.1077 views

CVE-2020-5847

Unraid 6.8.0 and earlier contains two CVEs: CVE-2020-5847 (remote code execution via insecure use of PHP extract) and CVE-2020-5849 (authentication bypass). Reports and exploit references (Metasploit module and Exploit-DB) confirm practical impact: authenticated admin access can be gained, then a...

10CVSS9.4AI score0.95844EPSS
In wildExploits8References5Affected Software1
CVE
CVE
added 2019/01/08 9:0 p.m.1077 views

CVE-2019-0541

CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...

9.3CVSS7.9AI score0.53202EPSS
In wildExploits4References4Affected Software1
CVE
CVE
added 2024/02/13 6:2 p.m.1076 views

CVE-2024-21413

Summary of CVE-2024-21413 (Microsoft Outlook / Moniker Link): A vulnerability in Outlook where crafted Moniker Link URLs (often via file:///UNC paths) can trigger an automatic SMB access, potentially leaking the user’s NTLM hash to an attacker. Multiple PoCs on GitHub demonstrate delivering malic...

9.8CVSS9.6AI score0.9466EPSS
In wildExploits22References5Affected Software4
CVE
CVE
added 2021/09/13 7:41 a.m.1076 views

CVE-2021-40870

Summary (CVE-2021-40870) : Aviatrix Controller 6.x before 6.5-1804.1922 is affected by an unrestricted file upload via a directory traversal flaw that enables an unauthenticated attacker to execute arbitrary code. The base vulnerability is described in the primary CVE record, which lists the affe...

9.8CVSS9.6AI score0.92382EPSS
In wildExploits5References4Affected Software1
CVE
CVE
added 2024/02/26 5:20 p.m.1075 views

CVE-2020-36775

CVE-2020-36775 affects the Linux kernel’s f2fs subsystem. The vulnerability was tied to a potential deadlock in the f2fs_write_compressed_pages() path, mitigated by using f2fs_trylock_op() (consistent with the approach used in f2fs_write_single_data_page()) to avoid deadlocks. The concrete fix is...

5.5CVSS5.3AI score0.0017EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/12/08 4:15 p.m.1075 views

CVE-2021-27860

CVE-2021-27860 affects FatPipe WARP, IPVPN, and MPVPN web management interfaces. An unauthenticated remote attacker can upload arbitrary files to any location on the filesystem on affected devices running versions < 10.1.2r60p92 or

9.8CVSS9.1AI score0.39824EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2016/11/10 6:16 a.m.1075 views

CVE-2016-7200

CVE-2016-7200 refers to a memory-corruption/remote-code-execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The Connected documents confirm this family of issues (ChakraCore/RCE vulnerabilities) and note it as a memory-corruption-based flaw triggered by a crafted site,...

8.8CVSS7.8AI score0.8249EPSS
In wildExploits6References8Affected Software1
CVE
CVE
added 2012/05/03 10:0 p.m.1075 views

CVE-2012-1710

CVE-2012-1710 affects Oracle WebCenter Forms Recognition in Oracle Fusion Middleware 10.1.3.5. Multiple ActiveX components (CroProj.dll and Sssplt30.ocx) are vulnerable to directory-traversal flaws that can allow arbitrary file creation/overwrite when a user visits a crafted page. This enables re...

9.8CVSS5.8AI score0.11636EPSS
In wildExploits4References4Affected Software1
CVE
CVE
added 2019/12/05 4:34 p.m.1074 views

CVE-2019-7195

CVE-2019-7195 is a QNAP Photo Station external file name/path control vulnerability. The CVE affects QNAP Photo Station on QTS with Photo Station versions prior to the fixes listed in QNAP NAS advisory NAS-201911-25 and related vendor advisories. The underlying issue is a path traversal/ improper...

9.8CVSS9.3AI score0.89681EPSS
In wildExploits9References3Affected Software1
CVE
CVE
added 2019/06/24 3:34 p.m.1074 views

CVE-2019-12384

CVE-2019-12384 affects FasterXML jackson-databind 2.x (pre-2.9.9.1) where failure to block logback-core in polymorphic deserialization can enable remote code execution depending on classpath contents. The Connected IBM documents corroborate broader jet deserialization gadget vulnerabilities in ja...

5.9CVSS8AI score0.45205EPSS
Exploits2References45Affected Software1
CVE
CVE
added 2018/08/15 5:0 p.m.1074 views

CVE-2018-8406

CVE-2018-8406 is a DirectX Graphics Kernel (DXGKRNL) privilege-escalation vulnerability caused by the DXGKRNL driver improperly handling memory objects. Affected products include Windows Server 2016 and Windows 10 (and Windows 10 Servers). The CVE is characterized by a local, low-complexity attac...

7.8CVSS7.7AI score0.03444EPSS
In wildExploits0References4Affected Software8
CVE
CVE
added 2018/06/07 2:0 a.m.1074 views

CVE-2017-16138

CVE-2017-16138 affects the mime Node.js module, with vulnerable versions including

7.5CVSS7.1AI score0.02051EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/07/20 1:6 a.m.1073 views

CVE-2025-53770

CVE-2025-53770 is a critical remote code execution vulnerability in on-premises Microsoft SharePoint Server, achieved via deserialization of untrusted data and an unauthenticated POST to ToolPane.aspx. The attack chain typically bypasses authentication, retrieves MachineKey values from the web.co...

9.8CVSS6.8AI score0.99982EPSS
In wildExploits41References13Affected Software1
CVE
CVE
added 2022/09/20 12:0 a.m.1073 views

CVE-2022-32917

CVE-2022-32917 is a kernel-level remote code execution risk in Apple OSes addressed by fixes that implement improved bounds checks. Affected: macOS Big Sur 11.7, macOS Monterey 12.6, iOS 15.7, iPadOS 15.7, iOS 16. The issue allowed an application to execute arbitrary code with kernel privileges a...

7.8CVSS7.8AI score0.05557EPSS
In wildExploits0References9Affected Software3
CVE
CVE
added 2021/05/07 9:10 a.m.1073 views

CVE-2021-1906

CVE-2021-1906 affects Qualcomm Snapdragon GPU address management across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables. Root cause: improper handling of address deregistration on failure can lead to a new GPU address allocation failure. CVSS reflects Medium seve...

6.2CVSS6.9AI score0.0052EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2018/01/18 11:0 p.m.1073 views

CVE-2012-6708

CVE-2012-6708 concerns jQuery. In versions before 1.9.0, the library’s jQuery(strInput) would treat inputs containing the character ‘<’ as HTML payloads, conflating HTML with selectors and enabling XSS via crafted strings. The underlying issue was that any input containing ‘<’ could be misi...

6.1CVSS5.8AI score0.08632EPSS
Exploits6References11Affected Software1
CVE
CVE
added 2013/01/09 1:0 a.m.1073 views

CVE-2013-0629

CVE-2013-0629 is an Adobe ColdFusion directory traversal vulnerability affecting ColdFusion 9.0, 9.0.1, 9.0.2, and 10 when a password is not configured. It allows an attacker to access restricted directories via unspecified vectors and was exploited in the wild in January 2013. Connected sources ...

7.5CVSS9.3AI score0.65902EPSS
In wildExploits4References4Affected Software1
CVE
CVE
added 2005/09/06 4:0 a.m.1073 views

CVE-2005-2700

This CVE concerns the Apache mod_ssl module (ssl_engine_kernel.c) where configuring SSLVerifyClient optional at global vhost level fails to enforce SSLVerifyClient require in per-location contexts. Attackers could bypass intended access restrictions by omitting a client certificate. Affected comp...

10CVSS9.3AI score0.30576EPSS
Exploits0References64Affected Software1
CVE
CVE
added 2017/05/12 2:0 p.m.1072 views

CVE-2017-0222

CVE-2017-0222 and CVE-2017-0226 describe a remote code execution vulnerability in Microsoft’s Internet Explorer caused by improper access to memory objects. The root cause is memory corruption during object handling, leading to possible code execution in the current user context. CVSS data in the...

8.8CVSS7.9AI score0.29645EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2016/12/14 4:0 p.m.1072 views

CVE-2016-6277

CVE-2016-6277 affects Netgear routers (R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400, D7000, and possibly others) where remote attackers could execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. Root cause is unsanitized/crafted pat...

9.3CVSS8.9AI score0.99781EPSS
In wildExploits8References9Affected Software1
CVE
CVE
added 2022/11/01 12:0 a.m.1071 views

CVE-2022-3786

OpenSSL CVE-2022-3602 and CVE-2022-3786 describe buffer overflows in X.509 name-constraint processing triggered by crafted email addresses in certificates, potentially crashing the TLS client/server and, in some scenarios, enabling remote code execution. Documents confirm the issues affect OpenSS...

7.5CVSS8.1AI score0.91153EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2010/12/14 3:0 p.m.1071 views

CVE-2010-4345

CVE-2010-4345 is a local privilege escalation in Exim up to version 4.72, where the exim user could gain root privileges by specifying an alternate configuration file with -C or via macro overrides (-D). Upstream fixes require changes to Exim behavior; newer builds drop root privileges when run w...

7.8CVSS8.8AI score0.17794EPSS
In wildExploits4References29Affected Software1
Total number of security vulnerabilities5000