Lucene search
K
CveMost viewed

368250 matches found

CVE
CVE
added 2021/03/31 5:23 p.m.1070 views

CVE-2021-22991

CVE-2021-22991 affects BIG-IP Traffic Management Microkernel (TMM) URI normalization, where undisclosed requests to a virtual server may trigger a buffer overflow in TMM. This can cause a DoS and, in some scenarios, bypass URL-based access controls or enable remote code execution. The issue impac...

9.8CVSS9.7AI score0.61064EPSS
In wildExploits3References2Affected Software14
CVE
CVE
added 2021/02/15 4:10 a.m.1070 views

CVE-2020-7071

CVE-2020-7071 affects PHP: the FILTER_VALIDATE_URL path could treat a URL with invalid userinfo (username:password) as valid. Affected: PHP 7.3.x < 7.3.26, 7.4.x

5.3CVSS6.5AI score0.02983EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2016/05/11 1:0 a.m.1070 views

CVE-2016-4117

CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...

10CVSS9.8AI score0.94354EPSS
In wildExploits6References13Affected Software1
CVE
CVE
added 2015/04/14 10:0 p.m.1070 views

CVE-2015-3043

CVE-2015-3043 refers to a memory corruption vulnerability in Adobe Flash Player that allows remote code execution. Affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The underlying root cause is desc...

10CVSS7.7AI score0.7983EPSS
In wildExploits6References12Affected Software1
CVE
CVE
added 2025/04/14 4:50 p.m.1069 views

CVE-2025-3277

SQLite CVE-2025-3277: An integer overflow in concat_ws() can cause a heap buffer overflow of ~4GB by using an untruncated original size to allocate and then write, potentially enabling arbitrary code execution. This is documented across multiple advisories (Debian, AlmaLinux, Fedora, AIX RPM advi...

9.8CVSS7.9AI score0.00609EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/06/09 5:0 a.m.1069 views

CVE-2020-11261

CVE-2020-11261 is a memory-corruption vulnerability in Qualcomm Snapdragon chipsets (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). Root cause: improper check when an application requests memory allocation for an extremely large ...

7.8CVSS8.4AI score0.01772EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/05/27 8:55 p.m.1069 views

CVE-2021-27852

CVE-2021-27852 concerns Checkbox Survey before version 7, where CheckboxWeb.dll deserializes untrusted _VSTATE data via LosFormatter in ASP.NET View State. The underlying issue allows an unauthenticated remote attacker to execute arbitrary code on the affected server, with the impact described as...

9.8CVSS9.6AI score0.31946EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/01/08 5:47 p.m.1069 views

CVE-2020-16013

CVE-2020-16013 concerns the Chromium V8 engine used by Google Chrome prior to 86.0.4240.198, where an inappropriate implementation could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected software is Chromium-based Chrome builds up to version 86.0.4240.198 (inclu...

8.8CVSS8.6AI score0.02826EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2020/12/08 8:17 p.m.1069 views

CVE-2020-27930

CVE-2020-27930 is a memory corruption vulnerability in font parsing that can lead to arbitrary code execution when processing a malicious font. Affected Apple software includes macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, watchOS 7.1, and corresponding Security Updates (e.g., High Sierra/Mojave)....

7.8CVSS7.6AI score0.22178EPSS
In wildExploits0References11Affected Software5
CVE
CVE
added 2020/06/09 4:12 p.m.1069 views

CVE-2020-9818

CVE-2020-9818 describes an out‑of‑bounds write in the Mail component of Apple iOS/iPadOS/watchOS. Affected versions: iOS 13.5 and iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. Root cause: improved bounds checking in handling of malicious mail messages may prevent memory corruption. Impact as stated...

8.8CVSS7.6AI score0.02286EPSS
In wildExploits0References4Affected Software3
CVE
CVE
added 2020/01/14 11:11 p.m.1069 views

CVE-2020-0638

CVE-2020-0638 is a Windows Update Notification Manager elevation-of-privilege vulnerability. An attacker who already has code execution on the target could exploit the flaw by running a crafted program to elevate privileges, due to how the Update Notification Manager handles files. The issue is l...

7.8CVSS8.6AI score0.02928EPSS
In wildExploits0References2Affected Software9
CVE
CVE
added 2018/01/18 11:0 p.m.1069 views

CVE-2012-6708

CVE-2012-6708 concerns jQuery. In versions before 1.9.0, the library’s jQuery(strInput) would treat inputs containing the character ‘<’ as HTML payloads, conflating HTML with selectors and enabling XSS via crafted strings. The underlying issue was that any input containing ‘<’ could be misi...

6.1CVSS5.8AI score0.08632EPSS
Exploits6References11Affected Software1
CVE
CVE
added 2019/06/24 3:34 p.m.1068 views

CVE-2019-12384

CVE-2019-12384 affects FasterXML jackson-databind 2.x (pre-2.9.9.1) where failure to block logback-core in polymorphic deserialization can enable remote code execution depending on classpath contents. The Connected IBM documents corroborate broader jet deserialization gadget vulnerabilities in ja...

5.9CVSS8AI score0.45205EPSS
Exploits2References45Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1068 views

CVE-2018-0161

The CVE-2018-0161 issue is a Cisco IOS/IOS XE SNMP vulnerability affecting Cisco Catalyst switches (e.g., 2960-L series and related Digital Building Series switches) where an authenticated SNMP GET for the ciscoFlashMIB OID can trigger a DoS and restart the device (SYS-3-CPUHOG). Root cause is a ...

6.3CVSS6.4AI score0.04746EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2019/05/16 6:17 p.m.1067 views

CVE-2019-0903

Technical details about CVE-2019-0903 (affected component/version/root cause/impact) are not publicly provided in the supplied documents. Monitor for updates.

9.3CVSS8AI score0.21713EPSS
In wildExploits0References2Affected Software16
CVE
CVE
added 2018/03/26 3:0 p.m.1067 views

CVE-2018-1302

Apache HTTP Server (httpd) before 2.4.30 may write a NULL pointer to freed memory when an HTTP/2 stream is destroyed after handling. This is described as low risk and hard to trigger in standard configurations, with no reproducibility outside debug builds. Affected releases include older 2.4.x li...

5.9CVSS6.4AI score0.13436EPSS
Exploits0References23Affected Software1
CVE
CVE
added 2013/10/09 2:44 p.m.1067 views

CVE-2013-3897

CVE-2013-3897 is a use-after-free vulnerability in the CDisplayPointer class of mshtml.dll used by Microsoft Internet Explorer (IE6–IE11). The flaw is triggered via crafted JavaScript using the onpropertychange event, leading to remote code execution or memory corruption. Public discussions and r...

9.3CVSS7.5AI score0.77462EPSS
In wildExploits8References5Affected Software1
CVE
CVE
added 2021/04/20 11:55 a.m.1066 views

CVE-2021-20023

The CVE-2021-20023 entry affects SonicWall Email Security (version 10.0.9.x). Connected advisories describe a directory traversal/path traversal vulnerability that, when exploited by a post-authenticated attacker, could allow reading arbitrary files on the remote host. Evidence from advisories an...

4.9CVSS6.9AI score0.51407EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/07/10 3:39 p.m.1066 views

CVE-2020-8196

CVE-2020-8196 is an information-disclosure vulnerability in Citrix ADC/ Gateway and Citrix SD-WAN WANOP where improper access control allows limited data exposure to low-privilege users. Affected versions include Citrix ADC/Gateway prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-...

4.3CVSS5AI score0.26333EPSS
In wildExploits3References3Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1066 views

CVE-2018-0167

CVE-2018-0167 involves multiple buffer overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, IOS XE Software, and IOS XR Software. The description documents that an unauthenticated, adjacent attacker could trigger a denial of service or escalate pri...

8.8CVSS8.9AI score0.03449EPSS
In wildExploits0References7Affected Software3
CVE
CVE
added 2012/02/16 7:0 p.m.1066 views

CVE-2012-0767

Adobe Flash Player contains a Cross‑Site Scripting (XSS) vulnerability (UXSS) tracked as CVE-2012-0767. The public description specifies that remote attackers could inject arbitrary script or HTML via unspecified vectors. Affected versions include Flash Player before 10.3.183.15 and 11.x before 1...

6.1CVSS5AI score0.06662EPSS
In wildExploits0References9Affected Software1
CVE
CVE
added 2025/01/27 9:46 p.m.1065 views

CVE-2025-24166

Apple security advisory PT-2025-5329 links CVE-2025-24166 to a memory/state-management weakness that can be triggered by processing malicious web content, causing an unexpected process crash. Affected products and minimum patch levels cite: iPadOS before 17.7.4; macOS Ventura before 13.7.3; macOS...

6.1AI score
Exploits0
CVE
CVE
added 2024/04/16 3:14 p.m.1065 views

CVE-2024-3859

CVE-2024-3859: Mozilla Firefox and Thunderbird are affected by a 32-bit integer overflow that can cause an out-of-bounds read via a malformed OpenType font. Affected products per the CVE entry: Firefox < 125, Firefox ESR < 115.10, and Thunderbird

5.9CVSS5.7AI score0.00663EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2020/07/10 3:39 p.m.1065 views

CVE-2020-8195

CVE-2020-8195 involves improper input validation in Citrix ADC and Citrix Gateway (and Citrix SD-WAN WAN-OP) prior to version 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, plus WAN-OP 11.1.1a/11.0.3d/10.2.7. It results in limited information disclosure to low-privileged users. T...

6.5CVSS6.2AI score0.33263EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2020/04/15 8:10 p.m.1065 views

CVE-2020-3161

The CVE-2020-3161 issue affects the web server used by Cisco IP Phones, where improper input validation of HTTP requests can allow an unauthenticated, remote attacker to execute code with root privileges or trigger a reload, causing a DoS. The vulnerability is tied to input validation flaws in th...

10CVSS9.5AI score0.83734EPSS
In wildExploits4References3Affected Software1
CVE
CVE
added 2019/10/16 5:40 p.m.1065 views

CVE-2019-3010

CVE-2019-3010 affects Oracle Solaris with the XScreenSaver component. A local privilege-escalation vulnerability exists in xscreensaver since version 5.06 on unpatched Solaris 11; a user with local logon can escalate privileges to root, potentially compromising the system. Public references descr...

8.8CVSS8.6AI score0.13506EPSS
In wildExploits8References4Affected Software1
CVE
CVE
added 2017/02/26 11:30 p.m.1065 views

CVE-2017-0037

CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...

8.1CVSS6.4AI score0.80386EPSS
In wildExploits9References10Affected Software1
CVE
CVE
added 2019/06/11 8:46 p.m.1064 views

CVE-2010-5330

CVE-2010-5330 covers a command injection in Ubiquiti devices via GET to stainfo.cgi. The issue arises because the ifname parameter is not sanitized, enabling shell metacharacters to be injected. Affected families include Ubiquiti AirOS (before 4.0.1), AirMax ISP products (before 5.3.5), and AirSy...

9.8CVSS9.3AI score0.34401EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2017/04/21 3:0 p.m.1064 views

CVE-2016-1555

CVE-2016-1555 affects NETGEAR wireless AP/routers (e.g., WN604/3.3.3+; WN802Tv2; WNAP210v2; WNAP320; WNDAP3xx/6xx) and related firmware where five PHP data endpoints (boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, boardDataWW.php) permit unauthenticated remote command execu...

10CVSS9.5AI score0.98325EPSS
In wildExploits5References5Affected Software1
CVE
CVE
added 2023/11/15 9:46 a.m.1063 views

CVE-2023-34062

CVE-2023-34062 affects Reactor Netty HTTP Server. Versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39 are vulnerable when the server is configured to serve static resources. A crafted URL can trigger a directory traversal (path traversal) vulnerability, allowing access to restricted files. T...

7.5CVSS7.2AI score0.01124EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/10/13 12:0 a.m.1063 views

CVE-2022-42889

CVE-2022-42889 affects Apache Commons Text 1.5–1.9 where default interpolation lookups (script, dns, url) can trigger arbitrary code execution or remote access when untrusted values are used. The vulnerability can lead to remote code execution or unintended contact with remote servers via the Str...

9.8CVSS10AI score0.99931EPSS
Exploits41References9Affected Software1
CVE
CVE
added 2020/06/09 4:12 p.m.1063 views

CVE-2020-9819

CVE-2020-9819 is a memory consumption issue in Apple’s Mail processing that can lead to heap corruption when handling a maliciously crafted mail message. Public sources confirm the vulnerability affects Apple platforms and was fixed in specific updates: iOS 13.5, iPadOS 13.5, iOS 12.4.7, watchOS ...

4.3CVSS5AI score0.02178EPSS
In wildExploits0References5Affected Software3
CVE
CVE
added 2018/03/28 10:0 p.m.1063 views

CVE-2018-0175

CVE-2018-0175 is a vulnerability in the LLDP subsystem of Cisco IOS Software, IOS XE Software, and IOS XR Software. The issue stems from a Format String vulnerability in LLDP that could allow an unauthenticated, adjacent attacker to cause a denial of service or to execute arbitrary code with elev...

8CVSS8AI score0.03577EPSS
In wildExploits0References7Affected Software1
CVE
CVE
added 2012/11/20 12:0 a.m.1063 views

CVE-2012-5519

CVE-2012-5519 affects the Common UNIX Printing System (CUPS) 1.4.4 and earlier on Linux distros (e.g., Debian). The web interface stores the administrator key in /var/run/cups/certs/0 with permissions that allow lpadmin users to read/write files, enabling local privilege escalation to root via th...

7.2CVSS8.6AI score0.02128EPSS
Exploits2References13Affected Software1
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wildExploits10References3Affected Software7
CVE
CVE
added 2024/05/01 12:50 p.m.1061 views

CVE-2024-4368

CVE-2024-4368 affects Chromium/Chrome where Dawn use-after-free can lead to heap corruption via a crafted HTML page. The issue is fixed in Chromium 124.0.6367.118 and newer per multiple advisories (e.g., Debian DSA-5676-1 and Fedora/chromium updates); update Chromium/Chrome to the patched version...

8.8CVSS6.5AI score0.01064EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2021/09/23 12:44 p.m.1061 views

CVE-2021-22941

CVE-2021-22941 affects Citrix ShareFile Storage Zones Controller prior to version 5.11.20 and is due to Improper Access Control. An unauthenticated attacker could remotely compromise the storage zones controller, with an endpoint exposure at /ShareFile/StorageCenter/Upload.aspx and potential for ...

10CVSS9.3AI score0.53585EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2019/03/08 9:0 p.m.1061 views

CVE-2019-1003029

CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...

9.9CVSS9.6AI score0.73854EPSS
In wildExploits3References5Affected Software1
CVE
CVE
added 2017/10/27 5:0 a.m.1061 views

CVE-2017-5070

CVE-2017-5070 is a type confusion vulnerability in Google Chrome’s V8 engine that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected products include Google Chrome and other Chromium-based browsers (V8 engine), with desktop versions prior to 59...

8.8CVSS8.5AI score0.31212EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2014/10/22 2:0 p.m.1061 views

CVE-2014-6352

CVE-2014-6352 is an OLE remote code execution vulnerability in Microsoft Windows where a crafted OLE object can trigger arbitrary code execution. The issue affected Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows Server 2008/2012 variants, and Windows RT, with public exploitation reporte...

9.3CVSS7.6AI score0.77553EPSS
In wildExploits11References9Affected Software8
CVE
CVE
added 2022/02/10 5:6 p.m.1060 views

CVE-2022-20708

CVE-2022-20708 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. Vulnerabilities allow arbitrary code execution, privilege escalation, arbitrary command execution, bypass of authentication/authorization, installation of unsigned software, and DoS, via issues in the web-based ma...

10CVSS9.3AI score0.14863EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2021/05/27 11:15 a.m.1060 views

CVE-2021-22894

Pulse Connect Secure (PCS) is affected by CVE-2021-22894: a buffer overflow in Pulse Connect Secure Collaboration Suite prior to 9.1R11.4 can allow a remote authenticated user to execute arbitrary code as root via a maliciously crafted meeting room. The vulnerability has a high CVSS score (3.1): ...

9CVSS9.2AI score0.41284EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2019/12/19 12:35 a.m.1060 views

CVE-2019-7483

SonicWall SMA100 is affected by CVE-2019-7483: an unauthenticated Directory Traversal in the handleWAFRedirect CGI that can reveal file presence on the server. The affected product is SonicWall SMA100; evidence across multiple sources consistently describes directory traversal affecting unauthent...

7.5CVSS7.5AI score0.03977EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2018/08/15 5:0 p.m.1060 views

CVE-2018-8273

CVE-2018-8273 is a buffer overflow vulnerability in Microsoft SQL Server that could allow remote code execution. Public details identify affected products as Microsoft SQL Server (notably SQL Server 2016/2017 families) with exploitation described as requiring the ability to execute SQL queries ag...

10CVSS9.8AI score0.29208EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/09/12 4:58 p.m.1059 views

CVE-2023-36802

CVE-2023-36802 is an Elevation of Privilege vulnerability in the Microsoft Streaming Service Proxy (MSKSSRV.SYS). The connected documents identify the root cause as an object type confusion in the Windows kernel-mode driver, enabling local privilege escalation to SYSTEM on vulnerable Windows 10/1...

7.8CVSS8.2AI score0.261EPSS
In wildExploits4References2Affected Software7
CVE
CVE
added 2020/08/12 1:7 p.m.1059 views

CVE-2020-17496

Vulnerability: vBulletin 5.5.4–5.6.2 allows remote code execution via crafted subWidgets data in ajax/render/widget_tabbedcontainer_tab_panel requests. Root cause: an incomplete patch for CVE-2019-16759 left a logic bug in widget handling, enabling pre-auth code execution. Impact: remote PHP code...

9.8CVSS9.8AI score0.8774EPSS
In wildExploits2References5Affected Software1
CVE
CVE
added 2016/11/10 6:16 a.m.1059 views

CVE-2016-7201

Technical details about CVE-2016-7201 are not publicly provided in the supplied documents. Monitor official advisories for updates on affected components, versions, impact, and remediations.

8.8CVSS7.8AI score0.79687EPSS
In wildExploits6References8Affected Software1
CVE
CVE
added 2020/07/30 12:53 p.m.1058 views

CVE-2020-8218

Pulse Connect Secure

7.2CVSS7.3AI score0.32739EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2019/09/12 12:56 p.m.1058 views

CVE-2019-16256

CVE-2019-16256 concerns the SIMalliance Toolbox Browser (S@T Browser) embedded on the UICC in some Samsung devices. The Red Hat/Red Hat-related and CVE references describe a vulnerability where SIM Toolkit (STK) instructions in an SMS could be abused to retrieve location data, IMEI, or other data...

9.8CVSS9.5AI score0.04949EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2019/09/05 4:50 p.m.1058 views

CVE-2019-15949

Nagios XI

9CVSS8.8AI score0.77741EPSS
In wildExploits13References4Affected Software1
Total number of security vulnerabilities5000