Lucene search
K
CveMost viewed

367818 matches found

CVE
CVE
added 2010/01/21 7:0 p.m.1042 views

CVE-2010-0232

CVE-2010-0232 is a Windows kernel elevation-of-privilege vulnerability affecting 16‑bit BIOS call handling in NTVDM. When 16‑bit app access is enabled on 32‑bit x86, the kernel fails to validate certain BIOS calls, allowing a local user to craft a VDM_TIB in the TEB and trigger the NTVDM NtVdmCon...

7.8CVSS6.2AI score0.29253EPSS
In wildExploits13References15Affected Software3
CVE
CVE
added 2016/04/12 11:0 p.m.1041 views

CVE-2016-0151

CVE-2016-0151 affects the Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 (Gold/R2), Windows RT 8.1, and Windows 10 (Gold/1511). The root cause is mismanagement of process tokens in CSRSS/in memory, enabling local privilege escalation via a crafted applicati...

7.8CVSS6.6AI score0.63195EPSS
In wildExploits2References4Affected Software5
CVE
CVE
added 2017/09/07 6:0 a.m.1040 views

CVE-2017-14174

CVE-2017-14174 : ImageMagick 7.0.7-0 Q16 contains a DoS in ReadPSDLayersInternal() due to missing EOF check when parsing PSDs. A crafted PSD that claims a large length but lacks data can trigger a loop over length that consumes massive CPU, as described in the entry. The vulnerability is in coder...

7.1CVSS6.2AI score0.02249EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2008/08/05 7:20 p.m.1040 views

CVE-2008-3431

CVE-2008-3431 affects Sun xVM VirtualBox on Windows prior to 1.6.4. The VBoxDrv.sys driver handles IOCTLs with METHOD_NEITHER and fails to validate the user-supplied buffer, enabling a local unprivileged user to craft a kernel address and gain kernel privileges by calling DeviceIoControl to the ....

8.8CVSS7.5AI score0.06932EPSS
In wildExploits8References12Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1039 views

CVE-2018-0151

CVE-2018-0151 affects Cisco IOS and IOS XE QoS subsystem. It stems from incorrect bounds checking of values in packets destined to UDP port 18999, leading to an exploitable buffer overflow that could allow unauthenticated remote code execution with elevated privileges or cause a device reload DoS...

10CVSS9.8AI score0.14204EPSS
In wildExploits0References5Affected Software1
CVE
CVE
added 2019/12/05 4:22 p.m.1038 views

CVE-2019-7193

CVE-2019-7193 affects QNAP QTS 4.3.6 and 4.4.1 (and earlier) where an improper input validation allows remote attackers to inject arbitrary code. This is documented to enable remote code execution on affected devices. Mitigation provided: update QTS to versions listed by QNAP as 4.4.1 build 20190...

10CVSS9.4AI score0.14367EPSS
In wildExploits6References3Affected Software1
CVE
CVE
added 2019/05/22 7:20 p.m.1038 views

CVE-2018-7841

Schneider Electric U.motion Builder 1.3.4 is affected by a remote code execution vulnerability due to improper input sanitization in the track_import_export.php object_id parameter. The Nuclei template for CVE-2018-7841 describes an unauthenticated command injection that lets an attacker execute ...

9.8CVSS9.8AI score0.72486EPSS
In wildExploits6References4Affected Software1
CVE
CVE
added 2018/12/11 5:0 p.m.1038 views

CVE-2018-20060

CVE-2018-20060 affects urllib3/python-urllib3 prior to 1.23, where the Authorization header is not removed on cross-origin redirects. This can allow credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. Public sources in the Connected documents ind...

9.8CVSS7.8AI score0.04488EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2018/10/30 6:0 p.m.1038 views

CVE-2018-14558

CVE-2018-14558 affects Tenda AC7/AC9/AC10 routers (firmware: AC7 ≤ V15.03.06.44_CN, AC9 ≤ V15.03.05.19(6318)_CN, AC10 ≤ V15.03.06.23_CN). The flaw arises in the formsetUsbUnload function, which calls dosystemCmd with untrusted input via a crafted goform/setUsbUnload request, leading to arbitrary ...

10CVSS9.7AI score0.08672EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2017/09/28 7:0 a.m.1038 views

CVE-2017-12237

CVE-2017-12237 affects Cisco IOS (15.0–15.6) and IOS XE (3.5–16.5) with ISAKMP enabled. The IKEv2 module is vulnerable to unauthenticated remote probes via specific IKEv2 packets, allowing high CPU utilization, traceback messages, or device reloads that cause DoS. Affected devices need ISAKMP to ...

7.8CVSS7.5AI score0.06938EPSS
In wildExploits0References4Affected Software2
CVE
CVE
added 2021/05/07 10:1 p.m.1037 views

CVE-2021-31755

CVE-2021-31755 : Tenda AC11 routers (firmware up to 02.03.01.104_CN) are affected by a stack buffer overflow in /goform/setmac that can be triggered via a crafted POST request to execute arbitrary code. This is described as a remote, unauthenticated condition with high impact. Connected sources c...

10CVSS9.6AI score0.85849EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2021/01/08 5:50 p.m.1037 views

CVE-2020-16017

CVE-2020-16017 is a use-after-free vulnerability in site isolation of Chromium-based browsers (Google Chrome/Chromium) before version 86.0.4240.198. The underlying issue in the renderer process could enable a remote attacker to escape the sandbox via a crafted HTML page, as described in multiple ...

9.6CVSS9AI score0.02747EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2019/11/26 3:12 a.m.1037 views

CVE-2019-15271

Cisco CVE-2019-15271 affects Small Business RV Series routers (RV016, RV042, RV042G, RV082). The issue is due to insufficient input validation of the HTTP payload in the web-based management interface, allowing an authenticated remote attacker with valid credentials or an active session token to ...

9CVSS8.9AI score0.05979EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2016/11/10 6:16 a.m.1037 views

CVE-2016-7256

CVE-2016-7256 is a remote code execution vulnerability in atmfd.dll, the Windows font library, affecting multiple Windows releases (Vista‑through‑Server 2016/Win10 1511–1607). It allows an attacker to execute arbitrary code by visiting a crafted web page that leverages specially embedded fonts du...

9.3CVSS8.8AI score0.64835EPSS
In wildExploits0References5Affected Software10
CVE
CVE
added 2023/06/23 12:0 a.m.1036 views

CVE-2023-27930

CVE-2023-27930 is a kernel-level type confusion vulnerability addressed by Apple in iOS 16.5 / iPadOS 16.5, watchOS 9.5, tvOS 16.5, and macOS Ventura 13.4. The issue allows an app to potentially execute arbitrary code with kernel privileges due to a type confusion in the kernel; Apple notes impro...

7.8CVSS7.5AI score0.00482EPSS
Exploits0References4Affected Software5
CVE
CVE
added 2022/05/24 2:10 p.m.1036 views

CVE-2022-29217

CVE-2022-29217 affects the Python PyJWT library (jwt handling for RFC 7519). The root cause is algorithm confusion when decoding tokens if the application does not restrict accepted algorithms; allowing unintended verification behavior across signing algorithms. The issue is mitigated by upgradin...

7.5CVSS6.7AI score0.012EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2020/05/20 7:15 a.m.1036 views

CVE-2019-11048

CVE-2019-11048 affects PHP mainline releases where HTTP file uploads are allowed: PHP 7.2.x below 7.2.31, 7.3.x below 7.3.18, and 7.4.x below 7.4.6. The flaw allows overly long filenames or field names to trigger memory allocation that exceeds limits, causing the engine to stop processing and fai...

5.3CVSS6.4AI score0.06264EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2020/03/08 9:3 p.m.1036 views

CVE-2020-10221

CVE-2020-10221 (rConfig) is a remote code execution vulnerability in the rConfig utility. Multiple connected sources confirm that lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection flaw that allows an attacker to execute arbitrary OS commands, by injecting shell metacharacters ...

9CVSS8.9AI score0.36754EPSS
In wildExploits5References5Affected Software1
CVE
CVE
added 2019/02/17 4:0 a.m.1036 views

CVE-2019-8394

Zoho ManageEngine SDP

7.5CVSS6.6AI score0.64051EPSS
In wildExploits5References4Affected Software1
CVE
CVE
added 2010/04/01 4:0 p.m.1036 views

CVE-2010-0840

CVE-2010-0840 is an unspecified vulnerability in the Java Runtime Environment within Oracle Java SE/Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 that can affect confidentiality, integrity, and availability via unknown vectors. The March 2010 CPU note references a possible issue with privileg...

9.8CVSS7.9AI score0.96166EPSS
In wildExploits5References41Affected Software1
CVE
CVE
added 2009/07/23 8:0 p.m.1036 views

CVE-2009-1862

CVE-2009-1862 describes a memory-corruption vulnerability in Adobe Flash Player (and Adobe Reader/Acrobat components) that can be triggered by specially crafted SWF content or a crafted PDF/Flash combo via authplay.dll, leading to remote code execution or memory corruption DoS. Affected products ...

9.3CVSS7.8AI score0.25006EPSS
In wildExploits5References21Affected Software2
CVE
CVE
added 2021/09/01 5:29 a.m.1035 views

CVE-2021-37415

CVE-2021-37415 affects Zoho ManageEngine ServiceDesk Plus. Before 11302, the product is vulnerable to an authentication bypass that allows access to a number of REST-API URLs without authentication. According to multiple sources, affected versions include 11.3 before 11302, 11.2 before 11208, 11....

9.8CVSS9.4AI score0.99854EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2021/08/04 7:10 p.m.1035 views

CVE-2021-20028

CVE-2021-20028 is an SQL injection in SonicWall Secure Remote Access (SRA) appliances and SRA/SMA endpoints due to improper neutralization of SQL commands. Affected products include end-of-life SRA appliances with 8.x firmware and 9.0.0.9-26sv or earlier. The vulnerability has a high/critical imp...

9.8CVSS9.8AI score0.30084EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2024/04/26 7:40 p.m.1034 views

CVE-2022-48611

CVE-2022-48611 is tied to Apple iTunes on Windows, where a logic issue could allow a local attacker to elevate privileges. The issue is addressed in iTunes 12.12.4 for Windows, per multiple sources (NVD, Red Hat, CVE lists, and Apple security content). The Red Hat and NVD descriptions concur that...

7.8CVSS7.9AI score0.00225EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/12/05 12:0 a.m.1034 views

CVE-2022-32221

CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...

9.8CVSS8.6AI score0.04325EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2019/06/03 1:43 p.m.1034 views

CVE-2019-11580

Atlassian Crowd/Crowd Data Center are affected by CVE-2019-11580 due to the pdkinstall development plugin being incorrectly enabled in release builds. The flaw permits attackers to install arbitrary plugins via unauthenticated or authenticated requests, enabling remote code execution on vulnerabl...

9.8CVSS9.5AI score0.95355EPSS
In wildExploits6References4Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1034 views

CVE-2018-0158

CVE-2018-0158 affects Cisco IOS/IOS XE with an issue in the IKEv2 processing path. The vulnerability can be triggered by crafted IKEv2 packets from an unauthenticated, remote attacker, potentially causing a memory leak or device reload and resulting in a DoS condition. Connected sources corrobora...

8.6CVSS8.2AI score0.07194EPSS
In wildExploits0References6Affected Software1
CVE
CVE
added 2017/07/17 9:0 p.m.1034 views

CVE-2017-6738

Cisco IOS and IOS XE SNMP subsystem contains multiple buffer overflow vulnerabilities that could allow an authenticated, remote attacker to execute arbitrary code or cause a reload via crafted SNMP packets over IPv4/IPv6. Affected are SNMP versions 1–3; for SNMPv2c/earlier, attacker needs the rea...

9CVSS9.1AI score0.1055EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2016/02/16 3:0 p.m.1034 views

CVE-2016-2386

CVE-2016-2386 affects SAP NetWeaver J2EE Engine 7.40, specifically the UDDI server. The vulnerability is a SQL injection that allows remote attackers to execute arbitrary SQL commands via unspecified vectors, with exploitation attempts documented in PoCs and exploits targeting the UDDI interface ...

9.8CVSS9.8AI score0.7106EPSS
In wildExploits8References8Affected Software1
CVE
CVE
added 2019/09/16 11:58 a.m.1033 views

CVE-2019-16057

D-Link DNS-320 NAS (up to firmware 2.05.B10) is affected by a remote command injection in login_mgr.cgi, enabling remote code execution with root privileges. The vulnerability arises from improper handling of input in the login_mgr.cgi component, allowing an unauthenticated attacker to run arbitr...

10CVSS9.6AI score0.8721EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2019/03/05 4:0 p.m.1033 views

CVE-2019-6223

CVE-2019-6223 – Summary (Mode C) Affected products: Apple iOS and macOS with Group FaceTime support (Group FaceTime calls). Root cause: A logic issue in the handling of Group FaceTime calls leading to improper state management. Impact: The initiator of a Group FaceTime call may cause the recipien...

7.5CVSS6.9AI score0.02629EPSS
In wildExploits0References3Affected Software2
CVE
CVE
added 2016/11/23 2:0 a.m.1033 views

CVE-2016-9563

This CVE concerns XML External Entity (XXE) injection in SAP NetWeaver AS Java 7.5, specifically the BC-BMT-BPM-DSK component exposed via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI. Root cause is an XXE flaw that could allow an authenticated remote attacker to read arbitrary fil...

6.5CVSS6.4AI score0.23805EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2014/04/27 10:0 a.m.1033 views

CVE-2014-1776

CVE-2014-1776 is a memory‑safety flaw in Microsoft Internet Explorer (versions 6–11) described as a use‑after‑free in CMarkup::IsConnectedToPrimaryMarkup. Exploitation leads to remote code execution or memory corruption, with evidence of in‑the‑wild activity in April 2014. The vulnerability affec...

10CVSS9.4AI score0.88013EPSS
In wildExploits1References13Affected Software1
CVE
CVE
added 2003/04/02 5:0 a.m.1033 views

CVE-2002-0367

CVE-2002-0367 affects Windows NT/2000 and involves the smss.exe debugging subsystem not properly authenticating connections to privileged processes. This allows a local attacker to gain Administrator or SYSTEM privileges by duplicating a handle to a privileged process. The vulnerability is charac...

7.8CVSS8.9AI score0.05188EPSS
In wildExploits1References10Affected Software2
CVE
CVE
added 2022/02/17 8:7 p.m.1032 views

CVE-2021-45382

CVE-2021-45382 affects D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers. The vulnerability is a Remote Command Execution via the DDNS function in the ncc2 binary, allowing unauthenticated command execution and potentially full router compromise. The issue is described as a c...

10CVSS9.6AI score0.97836EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2017/04/24 11:0 p.m.1032 views

CVE-2017-5030

CVE-2017-5030 is a memory corruption vulnerability in Google Chrome’s V8 engine. A remote attacker could execute arbitrary code via a crafted HTML page. Affected portion is V8 in Chromium/Chrome; remediation is upgrade to Chromium/Chrome version 57.0.2987.98 or newer (upstream fix referenced by A...

8.8CVSS8.2AI score0.41603EPSS
In wildExploits1References8Affected Software1
CVE
CVE
added 2017/01/19 5:43 a.m.1032 views

CVE-2016-5198

CVE-2016-5198 is an out-of-bounds memory access vulnerability in the V8 engine of Chromium/Google Chrome that allowed remote code execution via a crafted HTML page. Affected Chrome versions were prior to 54.0.2840.90 (Linux), 54.0.2840.85 (Android), and 54.0.2840.87 (Windows/Mac). The root cause ...

8.8CVSS7.1AI score0.34703EPSS
In wildExploits1References6Affected Software1
CVE
CVE
added 2019/01/27 2:0 a.m.1031 views

CVE-2019-6977

The CVE-2019-6977 issue affects the GD Graphics Library (LibGD) via gdImageColorMatch in gd_color_match.c. A heap-based buffer overflow in this function affects GD 2.2.5 and PHP builds before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1 when imagecolormatch processes cra...

8.8CVSS8.6AI score0.65116EPSS
Exploits7References19Affected Software1
CVE
CVE
added 2017/10/02 9:0 p.m.1031 views

CVE-2017-14493

CVE-2017-14493 is a stack-based buffer overflow in dnsmasq’s DHCPv6 handling. Remote attackers on the local network can send a crafted DHCPv6 request to trigger a crash or potentially execute arbitrary code. Public advisories confirm the issue and note a fix/update was released upstream in dnsmas...

9.8CVSS9AI score0.83638EPSS
Exploits6References20Affected Software6
CVE
CVE
added 2017/03/17 12:0 a.m.1031 views

CVE-2017-0059

CVE-2017-0059 affects Microsoft Internet Explorer 9–11 and is described as an information-disclosure vulnerability that allows remote attackers to obtain sensitive data from process memory via a crafted web site. The CVE has public exploit references (e.g., Exploit-DB entries) and has been observ...

4.3CVSS4.2AI score0.61968EPSS
In wildExploits6References7Affected Software1
CVE
CVE
added 2017/03/17 12:0 a.m.1031 views

CVE-2017-0149

CVE-2017-0149 concerns Microsoft Internet Explorer (IE) 9–11, described as a memory corruption vulnerability that can allow remote code execution or cause a denial of service when a user visits a crafted website. The connected documents reiterate that this IE memory‑corruption issue is distinct f...

8.8CVSS6.5AI score0.29189EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2014/10/15 12:0 a.m.1031 views

CVE-2014-3566

CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...

4.3CVSS4.4AI score0.99999EPSS
Exploits7References244Affected Software7
CVE
CVE
added 2009/03/19 10:0 a.m.1031 views

CVE-2009-0927

CVE-2009-0927 : A stack-based buffer overflow in the getIcon() method of the Collab object affects Adobe Reader and Adobe Acrobat. Affected products include: Acrobat/Reader < 9.1 (9.x before 9.1.0), < 8.1.3, and

9.3CVSS8AI score0.96598EPSS
In wildExploits14References17Affected Software1
CVE
CVE
added 2025/01/11 2:59 a.m.1030 views

CVE-2025-0103

CVE-2025-0103 describes an SQL injection in Palo Alto Networks Expedition. An authenticated attacker can exfiltrate Expedition data (password hashes, usernames, device configurations, and device API keys) and can create/read arbitrary files on the Expedition system. The CVE is reflected in multip...

9.2CVSS7.5AI score0.00596EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/19 3:40 a.m.1030 views

CVE-2023-2136

CVE-2023-2136 refers to an integer overflow in Skia used by Google Chrome before 112.0.5615.137. A remote attacker who already compromised the renderer could craft a page to potentially escape the sandbox. The issue affects Chrome/Chromium's Skia path and was fixed in Chrome 112.0.5615.137 and ne...

9.6CVSS8.2AI score0.05786EPSS
In wildExploits0References11Affected Software1
CVE
CVE
added 2022/08/31 12:0 a.m.1030 views

CVE-2022-1552

CVE-2022-1552 affects PostgreSQL across multiple distributions. A privileged user maintaining another user’s objects can bypass protections during operations like Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck, enabling execution of arbitrary SQL functions u...

8.8CVSS9.1AI score0.11726EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1030 views

CVE-2018-0156

CVE-2018-0156 concerns Cisco IOS/IOS XE Smart Install DoS. The vulnerability arises from improper validation of Smart Install packet data, allowing an unauthenticated, remote attacker to trigger a device reload via a crafted packet sent to TCP port 4786. Affected are Cisco devices configured as S...

7.8CVSS7.3AI score0.08369EPSS
In wildExploits0References6Affected Software1
CVE
CVE
added 2011/04/13 2:0 p.m.1030 views

CVE-2011-0611

CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...

9.3CVSS8.8AI score0.9941EPSS
In wildExploits14References26Affected Software1
CVE
CVE
added 2025/01/14 6:4 p.m.1029 views

CVE-2025-21333

CVE-2025-21333 is a local elevation-of-privilege vulnerability in Windows Hyper‑V NT Kernel Integration VSP. The issue is a heap-based buffer overflow in the VSP component, enabling a local attacker with Low privilege and no user interaction to gain SYSTEM rights on the host. Public materials in ...

7.8CVSS7.7AI score0.09798EPSS
In wildExploits5References5Affected Software7
CVE
CVE
added 2022/07/06 8:30 p.m.1029 views

CVE-2022-20813

CVE-2022-20813 affects Cisco Expressway Series (Expressway-C/Expressway-E) and Cisco TelePresence Video Communication Server (VCS). The flaw is a null byte poisoning vulnerability arising from improper certificate validation, enabling a remote attacker to mount a Man‑in‑the‑Middle and gain unauth...

9CVSS7.7AI score0.00976EPSS
Exploits0References1Affected Software2
Total number of security vulnerabilities5000