Lucene search
K
CveMost viewed

368427 matches found

CVE
CVE
added 2020/06/15 1:55 p.m.990 views

CVE-2020-0543

CVE-2020-0543 (Special Register Buffer Data Sampling) is a privilege-local information-disclosure issue in Intel processors caused by incomplete cleanup of certain special-register reads. The Connected documents corroborate SRBDS as the underlying problem and tie mitigations to microcode updates ...

5.5CVSS6.3AI score0.0054EPSS
Exploits0References19Affected Software665
CVE
CVE
added 2023/10/31 8:22 p.m.989 views

CVE-2023-3676

CVE-2023-3676 affects Kubernetes clusters that include Windows nodes. A user who can create pods on Windows nodes may escalate to admin privileges on those nodes. This is described as an improper input validation issue (CWE-20) in the Kubernetes context. The provided connected documents do not sp...

8.8CVSS8.6AI score0.11668EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/04/16 9:26 p.m.987 views

CVE-2024-21057

CVE-2024-21057 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.35 and earlier. Attack vector: network access via multiple protocols; attacker must have high privileges. Impact: can cause a hang or frequent, repeatable crash (DoS) on the MySQL Server. No exploitation details a...

4.9CVSS5.8AI score0.00969EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/10/28 5:55 p.m.987 views

CVE-2018-19953

CVE-2018-19953 is a cross-site scripting vulnerability in QNAP NAS File Station affecting multiple QTS releases. The description indicates that, if exploited, remote attackers could inject malicious code. QNAP has issued fixes in several QTS versions (e.g., 4.4.2.1231; 4.4.1.1201; 4.3.6.1218; 4.3...

6.1CVSS6AI score0.23894EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2020/07/09 12:6 p.m.987 views

CVE-2020-9377

D-Link DIR-610 is affected by CVE-2020-9377, a remote code execution vulnerability in the cmd parameter of command.php. The issue affects devices that are no longer supported by the maintainer. Connected sources corroborate additional vulnerabilities in the same device family (e.g., information d...

8.8CVSS8.7AI score0.21338EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.987 views

CVE-2018-0159

CVE-2018-0159 affects Cisco IOS/IOS XE: IKEv1 implementation vulnerability where improper validation of specific IKEv1 packets allows an unauthenticated, remote attacker to reload an affected device, causing DoS during IKE negotiation. Root cause: packet validation flaw in IKEv1 handling. Impact:...

7.8CVSS7.5AI score0.06874EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2017/09/28 7:0 a.m.987 views

CVE-2017-12234

CVE-2017-12234 affects Cisco IOS Software CIP implementation (versions 12.4–15.6). The issue stems from improper parsing of crafted CIP packets, allowing an unauthenticated, remote attacker to cause the device to reload and trigger DoS. Affected components are Cisco IOS/CIP handling; exploit reli...

7.8CVSS7.5AI score0.06938EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2014/07/07 10:0 a.m.987 views

CVE-2013-3993

CVE-2013-3993 affects IBM InfoSphere BigInsights prior to 2.1.0.3. The issue arises from insufficient validation in unspecified APIs, allowing remote authenticated users to bypass file/dir restrictions and access untrusted data or code. Affected versions include 1.1 through 3.0; fixes are provide...

6.5CVSS6.3AI score0.05236EPSS
In wildExploits0References5Affected Software1
CVE
CVE
added 2022/12/02 12:0 a.m.986 views

CVE-2022-4262

CVE-2022-4262 : Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allows remote attackers to potentially exploit heap corruption via a crafted HTML page. Affects Google Chrome/Chromium users; base CVSS v3.1 score 8.8 (HIGH). Chrome notes an exploit exists in the wild and released a fix...

8.8CVSS8.6AI score0.16109EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2017/05/26 8:0 p.m.986 views

CVE-2017-6862

Netgear WNR2000 series (WNR2000v3 prior to 1.1.2.14, WNR2000v4 prior to 1.0.0.66, WNR2000v5 prior to 1.0.0.42) are affected by a buffer-overflow vulnerability in the administration web interface that allows authentication bypass and remote code execution. The root cause is a buffer overflow trigg...

9.8CVSS10AI score0.42696EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2025/04/28 5:59 p.m.985 views

CVE-2024-12706

CVE-2024-12706 describes an SQL Injection in OpenText Digital Asset Management. An authenticated user could cause arbitrary SQL commands to execute against the underlying database due to improper input handling. Affected products include Digital Asset Management up to version 24.4. Reported data ...

2.1CVSS7.3AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2018/06/11 10:0 p.m.984 views

CVE-2018-6961

CVE-2018-6961 affects VMware NSX SD-WAN Edge by VeloCloud, with a command injection in the local web UI component. Affected versions include SD-WAN Edge prior to 3.1.0; exploitation could lead to remote code execution. Public materials cite in-the-wild exploit tooling and a later fixed release (e...

8.1CVSS8.2AI score0.86431EPSS
In wildExploits6References5Affected Software1
CVE
CVE
added 2025/01/15 10:58 a.m.983 views

CVE-2025-0435

Google Chrome on Android (Navigation component) is affected by CVE-2025-0435 due to an inappropriate implementation that enables UI spoofing via a crafted HTML page. The issue affects versions prior to 132.0.6834.83. The practical impact is remote UI spoofing without user privileges. Remediation ...

6.5CVSS6.4AI score0.00334EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/02/05 5:0 a.m.983 views

CVE-2018-20753

Summary : CVE-2018-20753 affects Kaseya VSA RMM on-premises. Vulnerable versions : RMM before 9.3.0.35, before 9.4.0.36, and before 9.5.0.5. Impact : unprivileged remote attackers can execute PowerShell payloads on all managed devices. Exploitation note : attackers were active in the wild in Janu...

9.8CVSS9.5AI score0.29551EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2019/02/05 5:0 a.m.983 views

CVE-2017-18362

Summary: CVE-2017-18362 affects Kaseya VSA via ConnectWise ManagedITSync. It allows unauthenticated remote commands to access and modify the Kaseya VSA database when ManagedIT.asmx is reachable through the web interface. The vulnerability has been actively exploited in the wild (February 2019) to...

9.8CVSS9.8AI score0.86706EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2017/07/20 4:0 a.m.983 views

CVE-2017-6316

CVE-2017-6316 affects Citrix NetScaler SD-WAN devices (including CloudBridge) up to version 9.1.2.26.561201, where a remote attacker can execute arbitrary shell commands as root by abusing a cookie (CGISESSID on NetScaler SD-WAN; CAKEPHP on CloudBridge). The vulnerability arises from insufficient...

10CVSS9.7AI score0.72596EPSS
In wildExploits4References6Affected Software1
CVE
CVE
added 2015/06/23 9:0 p.m.983 views

CVE-2015-3113

CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...

10CVSS8.2AI score0.9994EPSS
In wildExploits4References15Affected Software1
CVE
CVE
added 2024/02/26 5:20 p.m.982 views

CVE-2023-52474

CVE-2023-52474: In the Linux kernel, fixes were applied for IB/hfi1 user SDMA multi-iovec handling to correct data handling across iovecs and to address related mmu_rb cache pinning issues. The description notes two root bugs: 1) user_sdma_txadd() could over-read an iovec by not honoring iov_len ...

7.8CVSS7.6AI score0.00251EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2021/06/15 9:40 p.m.982 views

CVE-2021-30547

CVE-2021-30547 : Out-of-bounds write in ANGLE affecting the Chromium/Chrome engine before 91.0.4472.101. A crafted HTML page could enable a remote attacker to cause memory access issues or a potentially exploitable crash. Mitigation: upgrade to Chrome/Chromium 91.0.4472.101 or newer (per multiple...

8.8CVSS5.9AI score0.03582EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2019/05/16 6:17 p.m.982 views

CVE-2019-0819

CVE-2019-0819 is an information-disclosure vulnerability in Microsoft SQL Server Analysis Services where metadata permissions are not enforced correctly. Exploitation requires credentials to access an affected Analysis Services database, potentially leaking restricted data due to flaws in Object-...

6.5CVSS6.1AI score0.05373EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2009/08/19 5:0 p.m.982 views

CVE-2009-2055

Cisco IOS XR (Cisco IOS XR software) versions 3.4.0–3.8.1 are affected by a BGP UPDATE handling DoS vulnerability (CVE-2009-2055). The issue allows remote attackers to cause a denial of service by sending a BGP UPDATE with an invalid attribute, resulting in a session reset of the BGP peering. Dem...

5.9CVSS6.5AI score0.03326EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2024/04/12 7:20 a.m.981 views

CVE-2024-3400

CVE-2024-3400 is a critical command-injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect. Multiple connected sources provide concrete details: an unauthenticated attacker can trigger arbitrary code execution with root privileges by crafting HTTP requests to GlobalProtect endpoints (...

10CVSS9.8AI score0.99999EPSS
In wildExploits43References5Affected Software1
CVE
CVE
added 2018/07/18 1:0 p.m.981 views

CVE-2018-3063

CVE-2018-3063 is a MySQL/MariaDB Server vulnerability in the Privileges subcomponent. Affected products include MySQL/MariaDB Server versions up to 5.5.60 and earlier. The vulnerability is exploitable by a high-privileged attacker with network access via multiple protocols and can lead to a hang ...

4.9CVSS5AI score0.03213EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2018/07/13 2:0 p.m.981 views

CVE-2018-14040

CVE-2018-14040 affects Bootstrap prior to 4.1.2, where an XSS vulnerability exists in the collapse data-parent attribute. The root cause is HTML/script-injection via the collapse component’s data-parent handling. The vulnerability impacts Bootstrap-based implementations using collapse and can lea...

6.1CVSS6.1AI score0.04135EPSS
Exploits1References19Affected Software1
CVE
CVE
added 2023/11/28 8:16 a.m.980 views

CVE-2023-34054

CVE-2023-34054 affects the Reactor Netty HTTP Server. In versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39, a user can send specially crafted HTTP requests that may cause a denial-of-service (DoS) if the Reactor Netty HTTP Server is used with Micrometer integration enabled. The available c...

7.5CVSS6AI score0.00906EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/13 4:47 p.m.980 views

CVE-2023-20867

Summary: CVE-2023-20867 affects open-vm-tools (VMware Tools) with an authentication bypass in the vgauth module, enabling a fully compromised ESXi host to disrupt host-to-guest authentication and impact guest VM confidentiality and integrity. The issue is exploitable with root access on ESXi (loc...

3.9CVSS5.1AI score0.13638EPSS
In wildExploits0References10Affected Software1
CVE
CVE
added 2014/11/18 11:0 p.m.980 views

CVE-2014-6324

Summary: CVE-2014-6324 affects the Microsoft Windows Kerberos Key Distribution Center (KDC) used by the Domain, affecting Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7, 8, 8.1, and Server 2012 Gold/R2. The vulnerability stems from improper validation of cryptographic signa...

9CVSS5.9AI score0.87448EPSS
In wildExploits8References8Affected Software6
CVE
CVE
added 2015/04/03 10:0 a.m.978 views

CVE-2015-0666

Cisco Prime Data Center Network Manager (DCNM) has a directory traversal vulnerability in the fmserver servlet that allows unauthenticated, remote attackers to read arbitrary files via a crafted pathname. Affected product: DCNM with fmserver servlet; affected version range is DCNM before 7.1(1). ...

7.8CVSS6.5AI score0.40608EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2013/11/15 8:0 p.m.978 views

CVE-2013-5223

CVE-2013-5223 reports multiple cross-site scripting (XSS) vulnerabilities in the D-Link DSL-2760U Gateway (Rev. E1). The issue allows remote authenticated users to inject arbitrary web script or HTML via a long list of parameters (including ntpServer1, ddnsmngr.cmd username, todmngr.tod, urlfilte...

5.4CVSS5.3AI score0.33567EPSS
In wildExploits3References19Affected Software1
CVE
CVE
added 2014/10/15 10:0 a.m.977 views

CVE-2014-4114

CVE-2014-4114 is the Windows OLE Remote Code Execution vulnerability exploited via a crafted OLE object embedded in a Office document. Affected products include Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold and R2, and Windows RT Gol...

9.3CVSS9.5AI score0.81628EPSS
In wildExploits22References11Affected Software8
CVE
CVE
added 2026/04/02 4:30 p.m.975 views

CVE-2026-35385

OpenSSH before 10.3 is affected. When using scp as root with -O (legacy protocol) and without -p, a downloaded file may be installed setuid or setgid, contrary to user expectations. This could enable privilege elevation per the cited advisories. Remediation: upgrade to OpenSSH 10.3p1 or later (as...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References33Affected Software1
CVE
CVE
added 2022/12/15 12:0 a.m.974 views

CVE-2022-42856

CVE-2022-42856 is a type-confusion vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. The connected documents confirm impact across WebKit-based products, including Apple WebKit (Safari) and WebKitGTK, with fixes in Safari 16.2, macO...

8.8CVSS8.7AI score0.08523EPSS
In wildExploits0References13Affected Software5
CVE
CVE
added 2020/07/14 3:0 p.m.974 views

CVE-2020-13935

CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...

7.5CVSS7.5AI score0.87553EPSS
Exploits1References17Affected Software1
CVE
CVE
added 2013/10/09 2:44 p.m.974 views

CVE-2013-3896

CVE-2013-3896 affects Microsoft Silverlight 5 before 5.1.20913.0, where improper pointer validation during access to Silverlight elements leads to potential information disclosure. Affected component is Silverlight runtime; impact is partial confidentiality loss without integrity or availability ...

5.5CVSS5.9AI score0.6961EPSS
In wildExploits5References5Affected Software1
CVE
CVE
added 2022/02/16 12:0 a.m.972 views

CVE-2022-25271

The provided materials confirm CVE-2022-25271 affects Drupal core via the form API. The root cause is improper input validation in certain contributed or custom modules’ forms, potentially allowing an attacker to inject disallowed values or overwrite data. Affected forms are described as uncommon...

7.5CVSS7.2AI score0.01247EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/10/21 11:0 p.m.972 views

CVE-2015-4902

CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...

5.3CVSS5.5AI score0.13354EPSS
In wildExploits0References23Affected Software2
CVE
CVE
added 2014/03/14 3:0 p.m.972 views

CVE-2014-2323

Lighttpd vulnerability CVE-2014-2323: SQL injection in mod_mysql_vhost.c allows remote command execution via the host name (related to request_check_hostname). Affected software: lighttpd prior to 1.4.35. Impact risk is described in public advisories as enabling arbitrary SQL execution. Remediati...

9.8CVSS9.8AI score0.61665EPSS
Exploits2References12Affected Software1
CVE
CVE
added 2014/02/26 11:0 a.m.972 views

CVE-2013-7331

CVE-2013-7331 is an information-disclosure vulnerability in the Microsoft XMLDOM ActiveX control used by Internet Explorer on Windows (XMLDOM object). The flaw allows an attacker to determine the existence of local pathnames, UNC shares, intranet hostnames, and intranet IP addresses by inspecting...

6.5CVSS6.3AI score0.58023EPSS
In wildExploits3References6Affected Software1
CVE
CVE
added 2012/05/24 11:0 p.m.972 views

CVE-2011-3188

CVE-2011-3188 affects the Linux kernel prior to 3.1, where IPv4 and IPv6 sequence numbers/Fragment IDs are generated with a modified MD4. This predictable value generation enables remote attackers to cause DoS or hijack sessions by crafting packets. The vulnerability is mitigated by upgrading the...

9.1CVSS8.7AI score0.05689EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2023/06/07 2:35 p.m.971 views

CVE-2023-2878

CVE-2023-2878 affects Kubernetes secrets-store-csi-driver. The vulnerability occurs in versions before 1.3.3, where the driver discloses service account tokens in logs. This could allow an attacker with local access or log access to read leaked tokens, enabling impersonation of the associated ser...

6.5CVSS5.8AI score0.00372EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/02/16 3:4 a.m.971 views

CVE-2021-27229

CVE-2021-27229 affects Mumble prior to 1.3.4. A remote code execution vulnerability exists when a user navigates to a crafted URL in a server list and clicks the Open Webpage text, enabling arbitrary code execution. Several advisories confirm the issue and patch guidance: upgrade to Mumble 1.3.4 ...

8.8CVSS8.7AI score0.03203EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/03/05 7:11 p.m.970 views

CVE-2025-27517

Volt (Livewire) contains a remote code execution vulnerability in Volt components triggered by malicious, user-crafted payloads. Affected versions are prior to 1.7.0; the issue is fixed in 1.7.0. The CVE entry documents the vulnerability as critical with network attack vector and no user interact...

9.3CVSS8AI score0.00567EPSS
Exploits0References1
CVE
CVE
added 2023/02/08 7:3 p.m.969 views

CVE-2023-0215

CVE-2023-0215 describes a use-after-free in OpenSSL’s BIO_new_NDEF path used with SMIME/CMS/PKCS7 streaming. When a CMS recipient key is invalid, the filter BIO is freed but the caller’s BIO still holds pointers, allowing use-after-free on BIO_pop(); this can crash the process. Affected internal ...

7.5CVSS7.9AI score0.04494EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2015/08/08 12:0 a.m.969 views

CVE-2015-4495

CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...

8.8CVSS6.6AI score0.70226EPSS
In wildExploits8References18Affected Software1
CVE
CVE
added 2024/02/26 5:20 p.m.968 views

CVE-2021-46906

CVE-2021-46906 — Linux kernel HID (usbhid) info leak fix : The vulnerability arises in hid_submit_ctrl where report->size of zero caused transfer_buffer_length to be calculated as 16384, enabling an information leak. The root cause is the calculation in hid_report_len() not handling a zero-siz...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/03/23 12:0 a.m.968 views

CVE-2023-0056

CVE-2023-0056 affects HAProxy and is described in connected advisories as an uncontrolled resource consumption DoS that can crash the service, including a scenario where an authenticated remote attacker could trigger a crafted server in an OpenShift cluster. The issue is associated with HAProxy’s...

6.5CVSS6.3AI score0.01834EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2021/12/28 7:35 p.m.968 views

CVE-2021-44832

CVE-2021-44832 affects Apache Log4j2 up to 2.17.0 (except 2.3.2 and 2.12.4) when a configuration uses a JDBC Appender with a JNDI LDAP data source URI and an attacker controls the LDAP server. The root cause is JNDI LDAP data source handling enabling RCE. Impact: remote code execution with the de...

8.5CVSS8.4AI score0.97906EPSS
In wildExploits9References12Affected Software1
CVE
CVE
added 2026/06/08 11:7 a.m.965 views

CVE-2026-50751

CVE-2026-50751 is a logic-flow weakness in certificate validation during the deprecated IKEv1 key exchange used by Check Point Remote Access VPN, Mobile Access, and Spark Firewall. The flaw allows an unauthenticated attacker to bypass user authentication and establish a VPN session without a vali...

9.3CVSS5.9AI score0.70099EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2024/12/04 11:36 p.m.964 views

CVE-2018-9416

CVE-2018-9416 concerns memory corruption in the Linux kernel SCSI driver, specifically in sg_remove_scat (scsi/sg.c). The root cause is described as an unusual root cause leading to local escalation of privilege with System execution privileges needed; no user interaction required. Connected docu...

10CVSS7AI score0.00165EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/02/05 5:40 p.m.964 views

CVE-2020-3118

CVE-2020-3118 is a Cisco CDP format-string vulnerability in Cisco IOS XR CDP handling. The issue arises from improper validation of string input in CDP messages, enabling an unauthenticated, adjacent attacker to potentially execute arbitrary code with administrative privileges or cause a reload v...

8.8CVSS8.8AI score0.11685EPSS
In wildExploits0References3Affected Software1
Total number of security vulnerabilities5000