Lucene search
K
CveMost viewed

367897 matches found

CVE
CVE
added 2016/03/12 3:0 p.m.1029 views

CVE-2016-1010

CVE-2016-1010 is an integer overflow vulnerability in Adobe Flash Player and Adobe AIR stack. Affected: Flash Player before 18.0.0.333 and 19.x–21.x before 21.0.0.182 on Windows/macOS; Flash before 11.2.202.577 on Linux; Adobe AIR before 21.0.0.176 and AIR SDK/Compiler before 21.0.0.176. Cause: i...

9.3CVSS9AI score0.19785EPSS
In wildExploits1References9Affected Software1
CVE
CVE
added 2023/12/06 4:27 p.m.1028 views

CVE-2023-45285

CVE-2023-45285 : Golang Go could allow a remote attacker to obtain sensitive information when using go get to fetch a module with the ".git" suffix. The vulnerability arises because, if the module is not available via secure https or git+ssh, the fetch may fall back to the insecure git:// protoco...

7.5CVSS7.8AI score0.01137EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/03/11 3:26 p.m.1028 views

CVE-2020-10181

Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 is affected by a cross-site request forgery (CSRF) vulnerability (CVE-2020-10181) in goform/formEMR30 that enables creation of arbitrary administrator users. Exploitation demonstrated via a payload like setString=new_useradministrator sent to /...

9.8CVSS9.3AI score0.14209EPSS
In wildExploits5References4Affected Software1
CVE
CVE
added 2019/08/29 6:33 p.m.1028 views

CVE-2019-13608

Citrix StoreFront Server is affected by CVE-2019-13608: XML External Entity (XXE) processing vulnerability present in StoreFront versions before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000). The issue enables XXE attacks, with potential impact including reading arbit...

7.5CVSS7.4AI score0.3026EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2019/12/24 9:8 p.m.1027 views

CVE-2019-10758

MongoDB mongo-express ≤0.53.x is vulnerable to Remote Code Execution via endpoints using toBSON, due to unsafe use of the vm module to run exec commands. Affected component: mongo-express server-side routes that invoke toBSON. Root cause: misusing vm to execute commands in a non-safe environment....

9.9CVSS9.5AI score0.84845EPSS
In wildExploits3References2Affected Software1
CVE
CVE
added 2017/07/17 9:0 p.m.1027 views

CVE-2017-6739

CVE-2017-6739 describes a Cisco IOS/IOS XE SNMP subsystem vulnerability where a buffer overflow in SNMP handling can allow an authenticated, remote attacker to either reload the device or execute arbitrary code. Affected are Cisco devices running IOS/IOS XE with SNMP enabled; exploitation require...

9CVSS8.9AI score0.1055EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2016/04/07 11:0 p.m.1027 views

CVE-2016-3976

CVE-2016-3976 affects SAP NetWeaver AS Java versions 7.1–7.5. The vulnerability is a directory traversal in the AS Java Monitoring/CrashFileDownloadServlet component, exploitable remotely via a ..\ in the fileName parameter to read arbitrary files on the server. Public references point to SAP Sec...

7.5CVSS7.4AI score0.46605EPSS
In wildExploits5References7Affected Software1
CVE
CVE
added 2015/12/28 11:0 p.m.1027 views

CVE-2015-8651

CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...

9.3CVSS9.6AI score0.67922EPSS
In wildExploits0References13Affected Software2
CVE
CVE
added 2018/07/11 12:0 a.m.1026 views

CVE-2018-8298

CVE-2018-8298 – ChakraCore RCE vulnerability exists in the ChakraCore scripting engine, arising from how memory objects are handled. A remote code execution flaw is described, affecting ChakraCore (and related Microsoft scripting environments per linked advisories). The issue is categorized as a ...

7.6CVSS6.8AI score0.75339EPSS
In wildExploits3References4Affected Software1
CVE
CVE
added 2017/08/07 6:0 a.m.1026 views

CVE-2017-6663

CVE-2017-6663 relates to Cisco IOS/IOS XE Autonomic Networking. The flaw allows an unauthenticated, adjacent attacker to trigger a reload of autonomic nodes, causing a DoS condition. Affected products include Cisco IOS Software and Cisco IOS XE Software with Autonomic Networking enabled (per Dena...

6.5CVSS6.2AI score0.02135EPSS
In wildExploits0References4Affected Software2
CVE
CVE
added 2017/07/17 9:0 p.m.1026 views

CVE-2017-6744

CVE-2017-6744 is a Cisco IOS/IOS XE SNMP remote code execution vulnerability caused by a buffer overflow in the SNMP subsystem. An authenticated, remote attacker could exploit this by sending a crafted SNMP packet over IPv4/IPv6 to affected devices, potentially executing arbitrary code or causing...

9CVSS9.1AI score0.07158EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2017/07/17 9:0 p.m.1026 views

CVE-2017-6740

CVE-2017-6740 describes multiple SNMP remote code execution vulnerabilities in Cisco IOS and IOS XE, due to a buffer overflow in the SNMP subsystem. An authenticated, remote attacker could exploit crafted SNMP packets (over IPv4/IPv6) to execute arbitrary code or cause a reload. Exploitation for ...

9CVSS9.1AI score0.10788EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2016/03/29 10:0 a.m.1026 views

CVE-2016-1646

Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...

9.3CVSS8.7AI score0.4811EPSS
In wildExploits1References12Affected Software1
CVE
CVE
added 2022/05/05 4:1 p.m.1025 views

CVE-2022-22434

IBM Robotic Process Automation (RPA) versions 21.0.1 and 21.0.2 are affected by CVE-2022-22434, where a user with physical access can modify an API request to create additional objects. The IBM security bulletin lists remediation: upgrade to 21.0.1.6 for 21.0.1 and 21.0.2.3 for 21.0.2; RPA as a S...

4.6CVSS4.3AI score0.00233EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2021/02/15 12:0 a.m.1025 views

CVE-2021-25298

CVE-2021-25298 affects Nagios XI up to version 5.7.5, with an authenticated OS command-injection in /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php caused by improper sanitization of user-controlled input via a single HTTP request. The vulnerability can enable remote cod...

9CVSS8.8AI score0.75196EPSS
In wildExploits5References7Affected Software1
CVE
CVE
added 2020/10/21 2:4 p.m.1025 views

CVE-2020-14864

CVE-2020-14864 affects Oracle BI Enterprise Edition (OBIEE) under the Fusion Middleware Installation component. A Directory Traversal/Local File Inclusion in the getPreviewImage function lets an authenticated attacker with access to the admin interface read arbitrary system files via the previewF...

7.8CVSS7AI score0.97233EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2020/04/23 2:16 p.m.1025 views

CVE-2020-11945

Squid vulnerability CVE-2020-11945 is confirmed in various advisories for Squid prior to 5.0.2, where a remote attacker can replay a sniffed Digest Authentication nonce due to overflow of the nonce reference counter, potentially enabling remote code execution if pooled token credentials are freed...

9.8CVSS9.7AI score0.27246EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2020/04/01 3:35 a.m.1025 views

CVE-2020-7065

CVE-2020-7065 concerns PHP mb_strtolower() with UTF-32LE encoding. Affects PHP 7.3.x below 7.3.16 and 7.4.x below 7.4.4; invalid strings can cause a stack-allocated buffer overrun, leading to memory corruption, crashes, and potential code execution. Publicly documented fixes appear in PHP 7.3.16+...

8.8CVSS8.2AI score0.04764EPSS
In wildExploits1References8Affected Software1
CVE
CVE
added 2017/04/12 2:0 p.m.1025 views

CVE-2017-0210

CVE-2017-0210 is an Internet Explorer elevation-of-privilege vulnerability caused by IE not properly enforcing cross-domain policies, allowing information disclosure and potential content injection across domains. The CVE is referenced in multiple 2017 security updates for Internet Explorer and i...

8.8CVSS5.8AI score0.19522EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2019/04/09 2:31 a.m.1024 views

CVE-2019-0808

Technical details (affected software, vulnerable component, root cause, impact, fixes) are not provided in the connected documents. Please monitor for updates from official advisories.

7.8CVSS8.2AI score0.53298EPSS
In wildExploits10References3Affected Software2
CVE
CVE
added 2017/09/28 7:0 a.m.1024 views

CVE-2017-12232

Cisco ISR G2 routers running Cisco IOS 15.0–15.6 are affected by CVE-2017-12232 due to a misclassification of Ethernet frames, which allows an unauthenticated adjacent attacker to cause a reload and a DoS condition by sending a crafted Ethernet frame. The vulnerability impact is a denial of servi...

6.5CVSS6.3AI score0.02171EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2017/09/07 9:0 p.m.1023 views

CVE-2017-6627

CVE-2017-6627 affects Cisco IOS 15.1/15.2/15.4 and IOS XE 3.14–3.18. A UDP processing code issue leaves UDP sockets idle, allowing unauthenticated remote attackers to send UDP packets (dest port 0) that fill the input interface queue, wedge an interface queue, and cause DoS. The input queue repor...

7.5CVSS7.5AI score0.06042EPSS
In wildExploits0References4Affected Software2
CVE
CVE
added 2004/07/14 4:0 a.m.1023 views

CVE-2004-0210

CVE-2004-0210 describes a local privilege escalation in the Windows POSIX subsystem affecting Windows NT 4.0 and Windows 2000. The vulnerability is a buffer overflow caused by unchecked message length handling in the POSIX subsystem, enabling a local authenticated user to gain full system privile...

7.8CVSS7.3AI score0.07606EPSS
In wildExploits0References7Affected Software3
CVE
CVE
added 2023/09/15 6:37 p.m.1021 views

CVE-2023-36479

What is affected. Jetty’s CGI Servlet (org.eclipse.jetty.servlets.CGI) in Jetty versions impacted by CVE-2023-36479. Root cause. When a request targets a binary with a space in its name, Jetty escapes the command by wrapping it in quotes; if the binary name contains a quotation mark followed by a...

3.5CVSS5.9AI score0.01006EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/07/06 8:30 p.m.1021 views

CVE-2022-20791

CVE-2022-20791 affects Cisco Unified Communications Manager (CUCM), Unified CM SME, and Unified CM IM&P. Root cause: insufficient file permission restrictions that allow an authenticated remote attacker to read arbitrary files on the underlying OS by sending a crafted command via the application ...

6.5CVSS6.4AI score0.01288EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2021/09/14 11:21 a.m.1021 views

CVE-2021-38163

CVE-2021-38163 affects SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30/7.31/7.40/7.50 with an unrestricted file upload path traversal that, when exploited by an authenticated non-administrative user, can trigger processing of a malicious file and execute OS commands under the Java Server pro...

9.9CVSS8.6AI score0.37149EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2020/05/04 9:25 a.m.1021 views

CVE-2020-1631

CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...

9.8CVSS9.7AI score0.04725EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1021 views

CVE-2018-0173

CVE-2018-0173 affects Cisco IOS Software and Cisco IOS XE Software. The issue is incomplete input validation of encapsulated DHCPv4 option 82 information, processed when handling DHCPOFFER responses forwarded to DHCP servers. A crafted DHCPv4 packet can trigger an error in processing the option 8...

8.6CVSS8.2AI score0.07613EPSS
In wildExploits0References7Affected Software2
CVE
CVE
added 2017/10/21 5:0 a.m.1021 views

CVE-2017-11292

Adobe Flash Player

8.8CVSS8.3AI score0.12104EPSS
In wildExploits0References6Affected Software1
CVE
CVE
added 2017/08/09 6:0 p.m.1021 views

CVE-2015-2291

CVE-2015-2291 affects Intel Ethernet diagnostics drivers IQVW32.sys and IQVW64.sys (Windows). The connected exploit write-up details a local-privilege-escalation path via IOCTL handling, where a memmove-like dispatch (via a jump-table 0x33) enables arbitrary kernel memory read/write by crafting a...

7.8CVSS7.8AI score0.09011EPSS
In wildExploits7References5Affected Software2
CVE
CVE
added 2013/05/16 10:0 a.m.1021 views

CVE-2013-2729

CVE-2013-2729 : Integer overflow in Adobe Reader/Acrobat BMP/RLE image handling can lead to arbitrary code execution. Affected: Adobe Reader/Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03. Root cause: heap/buffer overflow while parsing embedded BMP RLE resources in PDFs. Im...

10CVSS7.6AI score0.66555EPSS
In wildExploits2References7Affected Software2
CVE
CVE
added 2020/09/01 6:55 p.m.1020 views

CVE-2020-24557

CVE-2020-24557 affects Trend Micro Apex One, OfficeScan, and Worry‑Free Business Security on Windows. The issue is an improper access control that allows an attacker who can run low‑privilege code to manipulate a protected product folder, disable security temporarily, abuse a Windows function, an...

7.8CVSS7.7AI score0.02639EPSS
In wildExploits0References4Affected Software2
CVE
CVE
added 2018/03/28 10:0 p.m.1020 views

CVE-2018-0174

CVE-2018-0174 affects Cisco IOS/IOS XE DHCP option 82 encapsulation. The issue is incomplete input validation of DHCPv4 option 82 data received from DHCP relay agents, allowing an unauthenticated, remote attacker to cause an affected device to reload and trigger a DoS. The connected documents con...

8.6CVSS8.2AI score0.07613EPSS
In wildExploits0References7Affected Software2
CVE
CVE
added 2010/01/13 7:0 p.m.1020 views

CVE-2009-3953

CVE-2009-3953 affects Adobe Reader/Acrobat U3D handling in PDFs. The vulnerability arises from a CLODProgressiveMeshDeclaration array boundary issue in the U3D implementation, allowing remote code execution when processing malformed U3D data. Affected product versions include Acrobat/Reader 9.x p...

10CVSS7.4AI score0.83574EPSS
In wildExploits3References15Affected Software1
CVE
CVE
added 2025/02/28 9:25 p.m.1019 views

CVE-2025-26466

CVE-2025-26466 describes a DoS in OpenSSH where a malicious client floods ping/pong packets, causing unbounded memory growth on the server. Connected IBM AIX advisory notes affected OpenSSH filesets and provides concrete fixes: openssh.base.client/server at OpenSSH versions 9.7.3013.1000 (and 9.9...

5.9CVSS6.6AI score0.38474EPSS
Exploits4References15Affected Software1
CVE
CVE
added 2022/02/18 5:50 p.m.1019 views

CVE-2022-21176

CVE-2022-21176 affects Airspan/Mimosa MMP and related C-series and A5x device versions: improper input sanitization leads to SQL injection and potential exposure of sensitive data. Affected versions: MMP < 1.0.3; PTP C-series < 2.8.6.1; PTMP C-series/A5x

8.6CVSS7.9AI score0.01037EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/09/21 4:0 p.m.1019 views

CVE-2015-1187

CVE-2015-1187 is a remote command injection vulnerability in the NCC service used by multiple D-Link and TRENDnet devices. The ping handling (ping_addr to ping.ccp) enables an attacker to execute arbitrary commands, causing full remote code execution with high impact (CVE-2015-1187 CVSS v3.1 base...

10CVSS9.6AI score0.82863EPSS
In wildExploits8References7Affected Software1
CVE
CVE
added 2012/08/15 10:0 a.m.1019 views

CVE-2012-1535

Adobe Flash Player suffers an arbitrary code execution/DoS vulnerability (CVE-2012-1535) via crafted SWF content. Expected impact is remote code execution or application crash; evidence cites in-the-wild activity in August 2012. Affected versions are Windows/Mac OS X: prior to 11.3.300.271; Linux...

9.3CVSS7.7AI score0.70384EPSS
In wildExploits11References7Affected Software1
CVE
CVE
added 2006/05/20 12:0 a.m.1019 views

CVE-2006-2492

CVE-2006-2492 is a buffer overflow in Microsoft Word (Office 2000 SP3, XP SP3, 2003 SP1/SP2) and Microsoft Works through 2006 caused by a malformed object pointer. The flaw allows arbitrary code execution and requires user interaction (via opening a crafted Word/Works document). Affected products...

8.8CVSS7.4AI score0.48387EPSS
In wildExploits2References18Affected Software2
CVE
CVE
added 2024/08/13 5:29 p.m.1018 views

CVE-2024-38063

CVE-2024-38063 is a Windows IPv6/tcpip.sys vulnerability involving improper handling of IPv6 extension headers and fragmentation. Technical material in connected docs shows an integer underflow in the IPv6 fragment reassembly path (Ipv6pReassemblyTimeout) and a risky code path where IppSendErrorL...

9.8CVSS9.8AI score0.70564EPSS
Exploits24References1Affected Software15
CVE
CVE
added 2020/11/11 12:0 a.m.1018 views

CVE-2020-17049

CVE-2020-17049 is a Kerberos KDC service-ticket delegation bypass in IBM Application Gateway, enabling a compromised service using Kerberos Constrained Delegation to tamper with service tickets and force KDC acceptance. The vulnerability affects IBM Application Gateway versions 19.12–24.06. IBM’s...

9CVSS6.8AI score0.13794EPSS
In wildExploits0References3Affected Software3
CVE
CVE
added 2016/04/12 11:0 p.m.1018 views

CVE-2016-0162

CVE-2016-0162 affects Microsoft Internet Explorer 9–11. The vulnerability is an information disclosure flaw: crafted JavaScript can cause IE to reveal the existence of local files, enabling an attacker to detect specific files on a user’s system. Impact is limited to information disclosure (not c...

4.3CVSS5AI score0.22088EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2020/03/09 12:55 a.m.1017 views

CVE-2016-11021

The CVE-2016-11021 entry concerns D-Link DCS-930L devices with version 2.12 and earlier. The vulnerability arises from a flaw in the setSystemCommand handling, allowing a remote attacker to execute arbitrary OS commands via the SystemCommand parameter. The Red Hat, CISA KEV, CVE records and PT-Se...

9CVSS7.2AI score0.68525EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2017/09/28 7:0 a.m.1017 views

CVE-2017-12233

Summary: CVE-2017-12233 affects Cisco IOS (versions 12.4–15.6) where CIP (Common Industrial Protocol) packets are improperly parsed. The root cause is insufficient input handling for CIP requests, allowing an unauthenticated, remote attacker to cause an affected device to reload, producing a deni...

7.8CVSS7.5AI score0.06938EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2017/03/06 2:0 a.m.1017 views

CVE-2017-6334

CVE-2017-6334 affects NETGEAR DGN2200 routers (firmware up to 10.0.0.50). The vulnerability is a command-injection in dnslookup.cgi, exploitable by remote authenticated users via shell metacharacters in the host_name field of an HTTP POST, enabling arbitrary OS command execution. Related entries ...

9CVSS9.1AI score0.72199EPSS
In wildExploits11References5Affected Software1
CVE
CVE
added 2015/07/14 9:0 p.m.1017 views

CVE-2015-2419

CVE-2015-2419 is a JScript 9 vulnerability in Microsoft Internet Explorer (IE10/IE11) that allows remote code execution and memory corruption when processing crafted JSON with JSON.stringify. The CVE is exploited via malicious web content and has been leveraged by loaders in exploit kits (notably...

9.3CVSS8.7AI score0.44537EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2025/04/22 8:39 p.m.1016 views

CVE-2025-32965

CVE-2025-32965 affects xrpl.js, a JavaScript/TypeScript API for the XRP Ledger. Versions 4.2.1–4.2.4 and 2.14.2 are compromised, containing malicious code designed to exfiltrate private keys. The High-risk impact includes potential key exposure and compromised confidentiality and integrity of aff...

9.3CVSS6.8AI score0.00818EPSS
Exploits2References4
CVE
CVE
added 2020/12/10 10:10 p.m.1016 views

CVE-2020-8908

CVE-2020-8908 (Guava) : A temp directory creation vulnerability exists in all Guava versions where guava’s API com.google.common.io.Files.createTempDir() creates temporary directories that are world-readable on Unix-like systems. The issue arises because the temp dir permissions are not restricte...

3.3CVSS6.3AI score0.00964EPSS
Exploits1References43Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1016 views

CVE-2018-0154

CVE-2018-0154 affects the Cisco IOS ISM‑VPN crypto engine. The issue stems from improper handling of VPN traffic, allowing an unauthenticated, remote attacker to trigger a DoS via crafted VPN traffic that can cause the device to hang or crash. Affected product: Cisco Integrated Services Module fo...

7.8CVSS7.5AI score0.07074EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2015/04/10 2:0 p.m.1016 views

CVE-2015-1130

CVE-2015-1130 affects Apple OS X, specifically the XPC implementation in the Admin Framework, before 10.10.3. It allows local users to bypass authentication and obtain admin privileges via unspecified vectors. Exploitation has been demonstrated (e.g., ROOTPIPE/Rootpipe PoC and Metasploit/CANVAS r...

7.8CVSS6.9AI score0.09887EPSS
In wildExploits16References7Affected Software1
Total number of security vulnerabilities5000