Lucene search
K
CveMost viewed

368320 matches found

CVE
CVE
added 2020/05/22 1:27 p.m.1058 views

CVE-2020-1956

Apache Kylin CVE-2020-1956 affects 2.3.0 and releases up to 2.6.5 and 3.0.1, where REST APIs concatenate user input into OS commands, enabling likely remote code execution with high impact. Connected documents confirm vulnerable versions and the underlying command injection in the REST layer; som...

9CVSS8.6AI score0.9796EPSS
In wildExploits2References9Affected Software1
CVE
CVE
added 2019/09/12 12:56 p.m.1058 views

CVE-2019-16256

CVE-2019-16256 concerns the SIMalliance Toolbox Browser (S@T Browser) embedded on the UICC in some Samsung devices. The Red Hat/Red Hat-related and CVE references describe a vulnerability where SIM Toolkit (STK) instructions in an SMS could be abused to retrieve location data, IMEI, or other data...

9.8CVSS9.5AI score0.04949EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2019/09/05 4:50 p.m.1058 views

CVE-2019-15949

Nagios XI

9CVSS8.8AI score0.77741EPSS
In wildExploits13References4Affected Software1
CVE
CVE
added 2018/03/01 5:0 p.m.1058 views

CVE-2018-2380

CVE-2018-2380 affects SAP CRM running on SAP NetWeaver (CRM versions 7.01, 7.02, 7.30, 7.31, 7.33, 7.54). The issue is a directory traversal vulnerability caused by insufficient validation of user-supplied path information, allowing traversal sequences to be passed to file APIs. Remediation is av...

6.6CVSS6.4AI score0.29229EPSS
In wildExploits5References6Affected Software1
CVE
CVE
added 2023/02/14 7:32 p.m.1057 views

CVE-2023-21705

CVE-2023-21705 is a Microsoft SQL Server remote code execution vulnerability. Public documents indicate the issue is addressed in security updates for SQL Server 2019 GDR (KB5021125) which fixes multiple CVEs including CVE-2023-21705; the update targets SQL Server 2019 and brings the product to b...

8.8CVSS9.3AI score0.01113EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/11 8:23 p.m.1057 views

CVE-2022-21907

CVE-2022-21907 concerns the HTTP Protocol Stack (http.sys) in Windows, enabling remote code execution via specially crafted packets. Public documentation and PoCs indicate impact on Windows 10 (notably 2004) and Windows Server variants, with multiple exploits and PoCs surfacing publicly. Mitigati...

10CVSS9.7AI score0.9279EPSS
In wildExploits21References3Affected Software4
CVE
CVE
added 2021/10/05 5:30 p.m.1057 views

CVE-2021-39226

Grafana CVE-2021-39226 describes a snapshot authentication bypass that allows viewing and deleting the lowest-key snapshot via literal paths. Affected: Grafana snapshot feature (unauthenticated and authenticated users can access /dashboard/snapshot/:key and /api/snapshots/:key to view the lowest-...

9.8CVSS8.4AI score0.99888EPSS
In wildExploits1References9Affected Software1
CVE
CVE
added 2021/05/27 11:15 a.m.1057 views

CVE-2021-22899

CVE-2021-22899 is a command-injection vulnerability in Pulse Connect Secure (PCS) prior to 9.1R11.4, enabling a remote authenticated attacker to achieve remote code execution via the Windows File Resource Profiles feature. The Ivanti advisory SA44784 lists affected PCS versions up to 9.1R11.3 and...

8.8CVSS9.2AI score0.22343EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/05/20 7:15 a.m.1057 views

CVE-2019-11048

CVE-2019-11048 affects PHP mainline releases where HTTP file uploads are allowed: PHP 7.2.x below 7.2.31, 7.3.x below 7.3.18, and 7.4.x below 7.4.6. The flaw allows overly long filenames or field names to trigger memory allocation that exceeds limits, causing the engine to stop processing and fai...

5.3CVSS6.4AI score0.06264EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2019/09/11 7:44 p.m.1057 views

CVE-2019-11769

CVE-2019-11769 affects TeamViewer 14.2.2558. The issue arises when updating as a non-administrative user, where GUI-entered administrative credentials are processed in Teamviewer.exe and can be intercepted in cleartext in the non-admin process memory. This enables a local attacker to obtain crede...

7.8CVSS7.6AI score0.00439EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/02/15 6:0 p.m.1056 views

CVE-2009-3960

CVE-2009-3960 is an information-disclosure vulnerability in Adobe BlazeDS and related Adobe data services components (e.g., LiveCycle, ColdFusion) where XML External Entity/XML Injection flaws can allow remote attackers to obtain sensitive information. Root cause: injected tags and external entit...

6.5CVSS8.8AI score0.90118EPSS
In wildExploits12References7Affected Software5
CVE
CVE
added 2021/08/16 11:7 a.m.1055 views

CVE-2021-35395

Realtek Jungle SDK (Realtek AP-Router/IoT SDK) CVE-2021-35395 enables multiple stack-buffer overflows and command-injection flaws in the HTTP web server management interface (Go-Ahead webs and Boa-based). Affected forms include reboot, WSC/auth, WLANMultiAP, SiteSurvey, StaticDHCP, and peerPin-ba...

10CVSS10AI score0.981EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2020/09/23 12:25 a.m.1055 views

CVE-2020-3569

CVE-2020-3569 affects Cisco IOS XR Software DVMRP. The vulnerability stems from incorrect handling of IGMP packets, allowing an unauthenticated remote attacker to either immediately crash the IGMP process or exhaust memory, potentially destabilizing other processes (e.g., routing protocols). Expl...

8.6CVSS8.3AI score0.03293EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2022/05/26 5:47 p.m.1054 views

CVE-2022-26691

CVE-2022-26691 is a privilege-escalation issue in the CUPS printing system caused by a logic error in local authorization. Connected documentation shows affected packages across multiple distributions and versions, with patches released: e.g., cups

7.2CVSS6.1AI score0.00579EPSS
Exploits0References9Affected Software3
CVE
CVE
added 2021/03/11 3:46 p.m.1054 views

CVE-2021-27085

Technical details about CVE-2021-27085 are not publicly provided in the connected documents. The sources mention Internet Explorer RCE but do not specify affected versions, exploits, or remediations in the supplied materials. Monitor for updates.

8.8CVSS9.3AI score0.03708EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/01/14 8:55 p.m.1054 views

CVE-2020-6572

CVE-2020-6572 is a use-after-free in Chrome’s Media handling that could let a remote attacker run arbitrary code via a crafted HTML page, affecting Chrome desktop (pre-81.0.4044.92) and Android. The core issue is a use-after-free in Media components, with Android variant CVE-2020-6572 involving M...

9.3CVSS8.7AI score0.10586EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2022/05/26 12:0 a.m.1053 views

CVE-2022-22577

CVE-2022-22577 describes an XSS vulnerability in Rails’ Action Pack with the claim of bypassing CSP for non-HTML responses. The Initial and connected documents consistently reference this issue in Action Pack (Rails component) and cite multiple advisories (e.g., Debian DSA-5372, Rocky/RLSA adviso...

6.1CVSS5.8AI score0.01594EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/05/07 7:20 p.m.1053 views

CVE-2020-4430

CVE-2020-4430 affects IBM Data Risk Manager (IDRM) 2.0.1–2.0.4. A remote authenticated attacker can traverse directories via a specially crafted URL request to download arbitrary files from the system. The related Nessus/Checkpoints indicate multiple vulnerabilities in IDRM 2.0.1–2.0.4, including...

4.3CVSS6.2AI score0.68544EPSS
In wildExploits6References5Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1053 views

CVE-2018-0172

CVE-2018-0172 affects Cisco IOS/IOS XE. The issue lies in the DHCP option 82 encapsulation in DHCPv4, where incomplete input validation can lead to a heap overflow and device reload, causing DoS. An unauthenticated, remote attacker could trigger this by sending crafted DHCPv4 packets. Documents n...

8.6CVSS8.4AI score0.07824EPSS
In wildExploits0References7Affected Software2
CVE
CVE
added 2010/12/03 8:0 p.m.1053 views

CVE-2010-4398

CVE-2010-4398 is a stack-based buffer overflow in win32k.sys (RtlQueryRegistryValues) that enables local privilege escalation and UAC bypass across multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7). The vulnerability is triggered by a craft...

7.8CVSS6.8AI score0.08661EPSS
In wildExploits2References14Affected Software5
CVE
CVE
added 2020/06/18 12:0 a.m.1052 views

CVE-2020-14422

CVE-2020-14422 affects the Python ipaddress module (IPv4Interface/IPv6Interface) where improper hash computation can cause a DoS by creating many dictionary entries due to performance of dictionaries containing those objects. The issue is documented for Lib/ipaddress.py up to Python 3.8.3, with f...

5.9CVSS6.5AI score0.12826EPSS
Exploits0References24Affected Software2
CVE
CVE
added 2017/07/17 9:0 p.m.1052 views

CVE-2017-6743

Cisco IOS and IOS XE SNMP Remote Code Execution Vulnerabilities (CVE-2017-6743) arise from buffer overflow in the SNMP subsystem, allowing an authenticated, remote attacker to execute arbitrary code or cause a reload by sending crafted SNMP packets over IPv4/IPv6. Exploitation varies by SNMP vers...

9CVSS9.1AI score0.1055EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2017/03/17 12:0 a.m.1052 views

CVE-2017-0101

CVE-2017-0101 affects Windows kernel Transaction Manager, where kernel-mode drivers improperly handle memory, enabling local privilege escalation to SYSTEM via crafted apps. Affected platforms span Vista SP2 through Windows 10 1607 and corresponding Server editions. Public exploit code exists (Ex...

7.8CVSS6.2AI score0.57482EPSS
In wildExploits3References5Affected Software3
CVE
CVE
added 2016/02/10 11:0 a.m.1052 views

CVE-2016-0040

CVE-2016-0040 is a Windows kernel privilege-escalation vulnerability (uninitialized-pointer issue) exploited locally on NT kernel surfaces. Public materials show a PoC/PoC-like exploit (MS16-014) overwriting kernel objects to gain SYSTEM/root privileges (e.g., ntoskrnl/Win32k surface). Exploit-DB...

7.8CVSS7.3AI score0.24554EPSS
In wildExploits10References4Affected Software3
CVE
CVE
added 2026/02/20 3:46 p.m.1051 views

CVE-2024-51915

CVE-2024-51915 affects the LiteSpeed Cache (litespeed-cache) WordPress plugin up to version 6.5.2. The issue is improper input handling during web page generation, enabling Stored XSS in pages viewed by other users. Affected component: litespeed-cache; root cause: failure to properly neutralize i...

6.5CVSS5.5AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2022/02/11 12:20 p.m.1051 views

CVE-2022-24112

CVE-2022-24112 affects Apache APISIX. It arises from the batch-requests plugin, where a bug can bypass the Admin API IP restriction, enabling remote code execution. Exploits/PoCs exist for APISIX 2.12.0–2.12.1 demonstrating RCE via admin API path and Lua code injection in routes, with documented ...

9.8CVSS9.7AI score0.96182EPSS
In wildExploits16References5Affected Software1
CVE
CVE
added 2016/06/16 1:0 a.m.1051 views

CVE-2016-3235

CVE-2016-3235 corresponds to a Microsoft Office OLE DLL side-loading vulnerability. Affected products include Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016 and Visio Viewer (2007/2010 variants). The root cause is improper library loading validation, allowing a crafted file or applica...

9.3CVSS7AI score0.43431EPSS
In wildExploits4References7Affected Software2
CVE
CVE
added 2020/08/13 12:28 p.m.1050 views

CVE-2020-17463

Summary: CVE-2020-17463 affects Fuel CMS 1.4.7 and enables SQL Injection via the col parameter in /pages/items, /permissions/items, or /navigation/items. The underlying issue is a CWE-89-style vulnerable input handling that allows untrusted input to affect SQL queries. Impact in sources: high, in...

9.8CVSS9.7AI score0.90044EPSS
In wildExploits4References6Affected Software1
CVE
CVE
added 2016/05/11 1:0 a.m.1050 views

CVE-2016-0185

CVE-2016-0185 affects Windows Media Center on Vista SP2, Windows 7 SP1, and Windows 8.1. The vulnerability allows remote code execution when a user opens a specially crafted Media Center link (.mcl) file. Root cause: Windows Media Center mishandles paths in the Run parameter of the Application ta...

9.3CVSS7.9AI score0.6994EPSS
In wildExploits3References6Affected Software3
CVE
CVE
added 2018/11/20 9:0 p.m.1049 views

CVE-2018-19396

CVE-2018-19396 affects PHP 5.x through 7.1.24. The issue lies in ext/standard/var_unserializer.c where an unserialize call for the com, dotnet, or variant class can cause a denial of service (application crash). Several connected advisories (EulerOS/OpenVAS/NVD entries) document this vulnerabilit...

7.5CVSS7.3AI score0.04584EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/05/27 11:15 a.m.1048 views

CVE-2021-22900

Pulse Connect Secure (PCS) before 9.1R11.4 is affected by CVE-2021-22900, which allows an authenticated administrator to write files via a malicious archive upload in the admin web interface due to an unrestricted upload vulnerability. The IVANTI advisory SA44784 consolidates multiple PCS CVEs an...

7.2CVSS7.9AI score0.14146EPSS
In wildExploits0References2Affected Software2
CVE
CVE
added 2022/02/08 7:40 p.m.1047 views

CVE-2022-21702

Grafana CVE-2022-21702 is an XSS vulnerability in the data source proxy and plugin proxy paths. Affected: Grafana HTTP-based datasources configured with Server as Access Mode and a URL, and HTTP-based app plugins configured with a URL (versions up to 8.3.4; back-end plugin resources also mentione...

6.5CVSS6.5AI score0.02359EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2022/01/07 10:39 p.m.1047 views

CVE-2021-35247

CVE-2021-35247 affects SolarWinds Serv-U where the LDAP authentication input validator improperly sanitized characters in the web login interface. Public documentation from SolarWinds notes that versions up to 15.2.5 were affected and fixed in 15.3; SolarWinds recommends updating Serv-U to the la...

5.3CVSS6.6AI score0.03359EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2019/07/29 2:13 p.m.1047 views

CVE-2019-1129

CVE-2019-1129 is a Windows AppX Deployment Service (AppXSVC) privilege-escalation vulnerability caused by improper handling of hard links. The issue enables local Privilege Escalation with high impact; CVSS 3.1 base score 7.8 (LOCAL, LOW complexity, no user interaction) as documented by NVD, and ...

7.8CVSS7.7AI score0.01782EPSS
In wildExploits0References2Affected Software8
CVE
CVE
added 2010/06/08 6:0 p.m.1047 views

CVE-2010-1297

CVE-2010-1297 affects Adobe Flash Player (versions prior to 9.0.277.0 and 10.x prior to 10.1.53.64), Adobe AIR (prior to 2.0.2.12610), and Adobe Reader/Acrobat (8.x up to 8.2.3; 9.x prior to 9.3.3) on Windows and macOS. The root cause is memory corruption/remote code execution via crafted SWF con...

9.3CVSS9.7AI score0.82296EPSS
In wildExploits22References44Affected Software2
CVE
CVE
added 2017/07/17 9:0 p.m.1046 views

CVE-2017-6737

CVE-2017-6737 is a Cisco SNMP remote code execution vulnerability affecting the SNMP subsystem in Cisco IOS and IOS XE. The issue arises from a buffer overflow in the SNMP handling code that could allow an authenticated, remote attacker to execute arbitrary code or cause a system reload by sendin...

9CVSS8.9AI score0.42632EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2016/07/12 7:0 p.m.1046 views

CVE-2016-4994

CVE-2016-4994 is a Use‑after‑free vulnerability in GIMP’s XCF file loader (function xcf_load_image in app/xcf/xcf-load.c). An attacker could craft an XCF file to crash GIMP or potentially execute arbitrary code. Public discussions and advisories indicate multiple use‑after‑free bugs in the channe...

7.8CVSS8AI score0.03113EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2015/02/02 7:0 p.m.1046 views

CVE-2015-0313

Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....

10CVSS7.9AI score0.95683EPSS
In wildExploits9References18Affected Software1
CVE
CVE
added 2021/02/15 12:0 a.m.1045 views

CVE-2021-25297

CVE-2021-25297 affects Nagios XI 5.7.5 (and related versions) with an OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. The vulnerability stems from improper sanitization of input provided by an authenticated user via a single HTTP reques...

9CVSS8.8AI score0.71737EPSS
In wildExploits8References7Affected Software1
CVE
CVE
added 2016/08/25 9:0 p.m.1045 views

CVE-2016-4656

CVE-2016-4656 is an Apple iOS kernel memory‑corruption vulnerability that can allow an attacker to execute arbitrary code with kernel privileges or cause a DoS via a crafted app. Affected are iOS versions prior to 9.3.5; Apple’s security content notes the kernel memory corruption issue was addres...

9.3CVSS7.4AI score0.23626EPSS
In wildExploits6References7Affected Software1
CVE
CVE
added 2013/05/24 8:0 p.m.1045 views

CVE-2013-3660

CVE-2013-3660 describes a local privilege-escalation in Microsoft Windows via Win32k.sys (EPATHOBJ::pprFlattenRec) where a pointer for the next object in a PATHREC list is not properly initialized. According to the CVE description and linked documents, local users could gain write access to the P...

7.8CVSS6.5AI score0.39578EPSS
In wildExploits6References15Affected Software8
CVE
CVE
added 2023/03/13 9:4 a.m.1044 views

CVE-2023-1370

The CVE-2023-1370 entry concerns Netplex Json-smart, a JSON processing library. Public materials in the connected docs confirm a stack-exhaustion (DoS) due to unbounded nesting when parsing nested arrays/objects in JSON input, caused by recursive parsing. Affected version range is 2.5.0 through 2...

7.5CVSS7.8AI score0.01119EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/08/23 12:0 a.m.1044 views

CVE-2022-31676

Summary: CVE-2022-31676 affects VMware Tools / open-vm-tools (versions including 12.0.0, 11.x.y, 10.x.y). A local non-administrative guest OS user can escalate privileges to root inside the VM. Root cause / impact: Local privilege escalation within the guest VM as described in multiple security a...

7.8CVSS7.8AI score0.0054EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2017/04/06 9:0 p.m.1044 views

CVE-2016-8735

CVE-2016-8735 is a remote code execution vulnerability in Apache Tomcat via JmxRemoteLifecycleListener. Affected are Tomcat releases before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12, when JMX ports are reachable. Root cause: JmxRemoteLifecycleListe...

9.8CVSS8AI score0.90338EPSS
In wildExploits1References37Affected Software1
CVE
CVE
added 2016/04/07 10:0 a.m.1044 views

CVE-2016-1019

CVE-2016-1019 affects Adobe Flash Player 21.0.0.197 and earlier. The initial description notes remote code execution via unspecified vectors with in-the-wild activity in April 2016. Connected documents place CVE-2016-1019 among vulnerabilities embedded in Neutrino EK and referenced by CISA KEV as...

10CVSS9.7AI score0.22487EPSS
In wildExploits0References17Affected Software1
CVE
CVE
added 2010/08/30 8:0 p.m.1044 views

CVE-2010-3035

CVE-2010-3035 affects Cisco IOS XR 3.4.0–3.9.1 with BGP enabled. A crafted BGP prefix using an unrecognized transitive attribute (notably attribute code 99) can cause a DoS by resetting the BGP peering session. In the wild demonstrations occurred in August 2010. Affected platforms: Cisco IOS XR. ...

7.5CVSS6.7AI score0.05562EPSS
In wildExploits0References8Affected Software1
CVE
CVE
added 2008/02/12 6:0 p.m.1044 views

CVE-2007-5659

Adobe Acrobat/Reader (シリーズ 8.1.1 and earlier) contains a buffer-overflow in unspecified JavaScript methods triggered by a crafted PDF long-argument to JavaScript calls, enabling remote code execution. The vulnerability (CVE-2007-5659) is noted to potentially be subsumed by CVE-2008-0655. Exploita...

9.3CVSS7.4AI score0.94222EPSS
In wildExploits9References14Affected Software2
CVE
CVE
added 2024/05/09 4:17 a.m.1043 views

CVE-2024-29857

CVE-2024-29857 (open vulnerability in Bouncy Castle family). An issue in ECCurve.java/ECCurve.cs can allow an EC certificate with crafted F2m parameters to trigger excessive CPU usage while evaluating curve parameters. Affected products/versions include BC Java before 1.78, BC Java LTS before 2.7...

7.5CVSS6.4AI score0.011EPSS
Exploits0References4
CVE
CVE
added 2021/01/29 7:32 p.m.1043 views

CVE-2020-29557

The CVE-2020-29557 issue affects D-Link DIR-825 R1 devices with firmware up to 3.0.1 (pre-2020-11-20). A buffer overflow in the web interface enables pre-authentication remote code execution, i.e., an unauthenticated attacker could run arbitrary commands on the device. Related sources (OpenVAS NA...

10CVSS9.9AI score0.5432EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2023/01/12 12:0 a.m.1042 views

CVE-2022-3515

CVE-2022-3515 affects the Libksba library, caused by an integer overflow in the CRL parser. The vulnerability can be exploited remotely by sending specially crafted data (for example, a malicious S/MIME attachment) to achieve code execution on the target system. Several connected advisories note ...

9.8CVSS9.6AI score0.01635EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities5000