Lucene search
K
CveMost viewed

368787 matches found

CVE
CVE
added 2023/01/27 10:42 p.m.899 views

CVE-2022-39324

Grafana prior to versions 8.5.16 and 9.2.8 is affected by CVE-2022-39324, where a malicious user can craft a snapshot URL to mislead other users via an attacker-injected originalUrl. The vulnerability arises from a web proxy-related query editing, causing the Open original dashboard button to poi...

6.7CVSS4.9AI score0.00828EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/03/23 7:46 p.m.898 views

CVE-2021-4197

CVE-2021-4197 is a Linux kernel vulnerability in the cgroup process migration permission checks. A local attacker could escalate privileges due to incorrect permission validation for cgroup-associated processes (affecting both cgroup v1 and v2). The issue is described across multiple sources as a...

7.8CVSS7.9AI score0.00541EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2019/10/24 3:51 p.m.898 views

CVE-2019-18196

Summary (CVE-2019-18196): A DLL sideloading vulnerability in the Windows Service component of TeamViewer allows potential code execution via a service restart when a malicious DLL is placed in the TeamViewer directory. Affected TeamViewer versions and fixes include: up to 11.0.133222 (fixed in 11...

6.9CVSS6.6AI score0.00633EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/01/23 9:0 p.m.898 views

CVE-2015-0310

CVE-2015-0310 is an Adobe Flash Player ASLR bypass vulnerability that allows discovery of memory addresses, bypassing ASLR with implications across affected platforms. Connected advisories confirm remediation by upgrading Flash Player to version 11.2.202.440 (RHSA-2015:0094; OpenSUSE openSUSE-SU-...

10CVSS6.7AI score0.15217EPSS
In wildExploits0References10Affected Software1
CVE
CVE
added 2023/11/03 12:32 p.m.897 views

CVE-2023-3961

Samba (smbd) is affected by CVE-2023-3961 due to insufficient sanitization of client pipe names for Unix domain sockets, enabling a path traversal that could let a client connect as root to sockets outside the private directory. Exploitation details are not provided beyond this risk, but multiple...

9.8CVSS9.3AI score0.02409EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2022/02/18 12:0 a.m.897 views

CVE-2020-25717

CVE-2020-25717 affects Samba: an authenticated user mapping domain users to local users can lead to privilege escalation. Public references in Connected documents confirm this is a Samba issue (no exploit details provided here). Several advisories and vendor notes indicate patches or updated pack...

8.5CVSS8.1AI score0.01612EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/09/14 10:0 a.m.897 views

CVE-2016-3351

CVE-2016-3351 is a information-disclosure vulnerability affecting Microsoft Internet Explorer (IE) 9–11 and Microsoft Edge. The issue arises from improper handling of objects in memory by affected scripting engines, which could allow a remote attacker to detect or obtain sensitive files on the us...

6.5CVSS4.8AI score0.26286EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2015/08/19 10:0 a.m.897 views

CVE-2015-2502

CVE-2015-2502 affects Internet Explorer 7–11 and is a memory-corruption vulnerability triggered by visiting a crafted web site. The issue allows remote code execution (or DoS) and was exploited in the wild around August 2015. Public documentation identifies the affected software as Internet Explo...

9.3CVSS7.6AI score0.51127EPSS
In wildExploits2References7Affected Software1
CVE
CVE
added 2014/10/15 10:0 a.m.896 views

CVE-2014-4123

CVE-2014-4123 affects Microsoft Internet Explorer 7–11. The vulnerability allows remote attackers to gain privileges via a crafted web site (elevation of privilege). Exploitation in the wild was noted in October 2014 (per the CVE description). Mitigation: apply the MS14-056 cumulative update for ...

8.8CVSS6.7AI score0.40289EPSS
In wildExploits0References6Affected Software1
CVE
CVE
added 2007/06/08 12:0 a.m.896 views

CVE-2007-3126

Gimp before 2.8.22 is vulnerable to a denial-of-service via ICO files with an ICO InfoHeader Height of zero. The issue is a context-dependent crash and is documented in multiple advisories (e.g., Mageia openSUSE/SUSE updates) referencing CVE-2007-3126. A patch was released with GIMP 2.8.22 to fix...

5CVSS5.4AI score0.02722EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/02/08 7:4 p.m.895 views

CVE-2022-4450

Summary (CVE-2022-4450): OpenSSL’s PEM_read_bio_ex() and wrappers PEM_read_bio()/PEM_read() are vulnerable. If a PEM file is crafted to trigger a 0-byte payload, PEM_read_bio_ex() may return a failure while its header buffer has already been freed; freeing that buffer again can cause a use-after-...

7.5CVSS8AI score0.20444EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/02/15 4:10 a.m.894 views

CVE-2021-21702

In PHP, the SOAP extension is vulnerable to a null-pointer dereference when a SOAP server returns malformed XML, potentially crashing the interpreter. Affected versions are PHP 7.3.x < 7.3.27, 7.4.x < 7.4.15, and 8.0.x

7.5CVSS6.3AI score0.03179EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2015/06/10 1:0 a.m.894 views

CVE-2015-2360

CVE-2015-2360 is a local privilege-escalation in Windows kernel-mode driver Win32k.sys affecting multiple Windows versions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1). The underlying issue is in Win32k.sys that allows crafted a...

8.8CVSS6.5AI score0.14958EPSS
In wildExploits0References4Affected Software9
CVE
CVE
added 2023/02/17 3:46 p.m.893 views

CVE-2022-47986

Summary: CVE-2022-47986 affects IBM Aspera Faspex 4.4.2 PL1 and earlier due to a YAML deserialization flaw that allowed remote code execution. The vulnerability is triggered by a specially crafted obsolete API call; the obsolete call was removed in Faspex 4.4.2 PL2. IBM’s bulletin confirms remedi...

9.8CVSS8.4AI score0.99968EPSS
In wildExploits5References4Affected Software1
CVE
CVE
added 2022/02/18 5:50 p.m.893 views

CVE-2022-21141

Airspan Networks/Mimosa CVE-2022-21141 describes improper authorization on multiple API functions in MMP, PTP C-series, PTMP C-series and A5x, allowing remote code execution, DoS, and information disclosure. Affected versions: MMP < 1.0.3; PTP C-series < 2.8.6.1; PTMP C-series/A5x

10CVSS9.8AI score0.03043EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/10/14 1:0 a.m.893 views

CVE-2016-3298

CVE-2016-3298 affects Microsoft Internet Explorer 9–11 and the Internet Messaging API on Windows (Vista/7/Server 2008 R2 family). The root cause is improper handling of objects in memory, enabling a crafted web site to disclose whether arbitrary files exist on disk (information disclosure). The v...

6.5CVSS5.4AI score0.3279EPSS
In wildExploits0References5Affected Software1
CVE
CVE
added 2022/11/09 12:0 a.m.891 views

CVE-2022-41128

CVE-2022-41128 is a Windows Scripting Languages Remote Code Execution vulnerability in the JScript9 scripting language. Reports consistently describe a network-exploitable RCE where visiting a malicious site can trigger memory corruption and arbitrary code execution on affected Windows systems. E...

8.8CVSS8.3AI score0.24808EPSS
In wildExploits0References2Affected Software16
CVE
CVE
added 2022/03/09 5:8 p.m.891 views

CVE-2022-24526

CVE-2022-24526 is a Visual Studio Code vulnerability described as Spoofing. Connected sources confirm a UI spoofing flaw in VS Code, with exploitation not detailed in the initial entry but reflected in multiple accompanying advisories. The vulnerability is tied to VS Code and has remediation refe...

6.1CVSS6.5AI score0.01555EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/01 3:35 a.m.889 views

CVE-2020-7064

CVE-2020-7064 is a PHP EXIF parsing vulnerability: when exif_read_data() processes EXIF data, malicious input may cause PHP to read one byte of uninitialized memory, enabling information disclosure or a crash. Affected are PHP 7.2.x below 7.2.9, 7.3.x below 7.3.16, and 7.4.x below 7.4.4. The issu...

6.5CVSS6.8AI score0.04295EPSS
In wildExploits1References10Affected Software1
CVE
CVE
added 2024/11/10 12:0 a.m.888 views

CVE-2020-10370

CVE-2020-10370 affects Cypress (and Broadcom) Wireless Combo chips, specifically the CYW43455. When the 2021-01-26 Bluetooth firmware update is not present, a Bluetooth outage is possible via a Spectra attack. The provided documents do not include explicit vulnerability details beyond this descri...

8.8CVSS7AI score0.00545EPSS
Exploits0References5
CVE
CVE
added 2020/08/21 3:41 a.m.888 views

CVE-2020-24574

CVE-2020-24574 affects GOG GALAXY up to version 2.0.41. The vulnerability arises in GalaxyClientService.exe via DLL injection into GalaxyClient.exe, defeating the TCP-based trusted-client protection and enabling local privilege escalation from an authenticated user to SYSTEM. Multiple sources (NV...

7.8CVSS7.8AI score0.00623EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2025/01/21 11:4 p.m.887 views

CVE-2024-49736

CVE-2024-49736 describes a logic error in MainClear.java that could trigger a factory reset without explicit user consent, enabling a local denial-of-service without additional privileges and with no user interaction required. The issue is documented across multiple sources (e.g., NVD/NVD-derived...

5.5CVSS6.7AI score0.00074EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/09 12:0 a.m.886 views

CVE-2022-38023

CVE-2022-38023 (NetLogon RC4-HMAC vulnerability) affects Samba and related packages (samba, samba-client, libsmbclient, libwbclient, etc.). Technical detail: the issue stems from allowing RC4/HMAC-MD5 in the NetLogon Secure Channel, weakening authentication between clients and servers. Affected p...

8.1CVSS8.3AI score0.02559EPSS
Exploits0References2Affected Software5
CVE
CVE
added 2021/01/14 2:45 p.m.886 views

CVE-2021-24122

CVE-2021-24122 affects Apache Tomcat across multiple branches (7.0.x, 8.5.x, 9.x, 10.x). Root cause: JSP source disclosure when serving resources from a network/NTFS location due to JRE File.getCanonicalPath() and FindFirstFileW behavior. Affected versions include 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1...

5.9CVSS6.5AI score0.22852EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2025/01/24 4:33 p.m.885 views

CVE-2025-22610

Summary: CVE-2025-22610 affects Coolify prior to 4.0.0-beta.361, where missing authorization lets any authenticated user fetch and modify the global OAuth configuration, exposing the OAuth client ID and client secret for every custom provider. Affected component/flow: global Coolify OAuth configu...

7.1CVSS6.4AI score0.00376EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/05/12 1:54 p.m.885 views

CVE-2021-20277

CVE-2021-20277 affects Samba’s libldb. The flaw: multiple leading spaces in an LDAP attribute trigger an out-of-bounds write, crashing the LDAP server process and impacting availability. Connected advisories show affected packages and that a remediation exists via updated libldb versions (e.g., v...

7.5CVSS7.5AI score0.04328EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2020/12/02 4:20 p.m.885 views

CVE-2020-13956

CVE-2020-13956 affects Apache HttpClient prior to 4.5.13 and 5.0.3. A malformed authority component in request URIs, when passed as a java.net.URI, can cause the client to misinterpret the target host and execute the request against an unintended host. This represents a misrouting vulnerability i...

5.3CVSS5.9AI score0.08665EPSS
Exploits1References64Affected Software1
CVE
CVE
added 2020/09/29 12:0 a.m.884 views

CVE-2020-26137

CVE-2020-26137 pertains to Python’s urllib3 and is explicitly described as a CRLF injection vulnerability in the HTTP request handling of urllib3/http.client. The connected advisories show affected package and version details: python-urllib3 1.24.2-2 (CBLMariner entry) and a recommended upgrade t...

6.5CVSS7.2AI score0.02269EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2022/11/01 12:0 a.m.883 views

CVE-2022-42827

CVE-2022-42827 is an Apple kernel out-of-bounds write vulnerability. It affects iOS/iPadOS; exploit could allow arbitrary code execution with kernel privileges. Fixed in iOS 15.7.1/iPadOS 15.7.1 and iOS 16.x/iPadOS 16.x. Some sources indicate active exploitation; update to patched releases is rec...

7.8CVSS7.6AI score0.01136EPSS
In wildExploits0References3Affected Software2
CVE
CVE
added 2022/05/27 2:6 p.m.883 views

CVE-2022-20806

Summary (CVE-2022-20806) : Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) contain multiple vulnerabilities in their API and web-based management interfaces that could allow an authenticated, remote attacker to write files or disclose sensitive information on an af...

7.1CVSS5.8AI score0.00899EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2016/08/18 6:0 p.m.883 views

CVE-2016-6367

The CVE-2016-6367 issue affects Cisco ASA Software on ASA 5500/5500-X, PIX, and FWSM where an authenticated, local attacker can trigger the CLI parser with invalid commands to gain privileges and potentially execute code or cause DoS. The root cause is improper handling of invalid CLI input in th...

7.8CVSS7.6AI score0.22583EPSS
In wildExploits2References8Affected Software1
CVE
CVE
added 2024/07/01 6:16 p.m.882 views

CVE-2024-39573

The CVE-2024-39573 entry corresponds to Apache HTTP Server mod_rewrite/mod_proxy SSRF-related risk and is confirmed by connected sources reporting the issue in Apache httpd 2.4.59 and earlier, with a fix in 2.4.60 (and later 2.4.61 in later advisories). Root cause: unsafe RewriteRules/Substitutio...

7.5CVSS8.5AI score0.35447EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/06/02 12:0 a.m.882 views

CVE-2023-23599

CVE-2023-23599 affects Firefox <109, Firefox ESR <102.7, and Thunderbird

6.5CVSS6.9AI score0.00601EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2019/11/12 6:52 p.m.882 views

CVE-2019-1388

CVE-2019-1388 is a Windows local privilege-escalation vulnerability in the Certificate Dialog caused by improper enforcement of user privileges. Public data shows CVSS v3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW privilege requirements, no user interaction, and high impact to confiden...

7.8CVSS8.5AI score0.08589EPSS
In wildExploits7References3Affected Software14
CVE
CVE
added 2018/03/27 11:0 p.m.882 views

CVE-2018-9105

CVE-2018-9105 affects NordVPN 3.3.10 for macOS. The root cause is an unprotected XPC service within the privileged helper tool that handles OpenVPN connection requests from the main app. A malicious or compromised non-privileged app can connect to this XPC service, inject a crafted message, and s...

9CVSS8.6AI score0.02744EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/07 12:0 a.m.881 views

CVE-2022-22817

CVE-2022-22817 affects Pillow’s PIL.ImageMath.eval before 9.0.0, enabling evaluation of arbitrary expressions (including code execution) via the expression parameter; a workaround/change was introduced in Pillow 9.0.0 to restrict builtins. Upgrading to 9.0.0+ (per Pillow release notes) is the adv...

9.8CVSS8.9AI score0.03399EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2020/05/19 2:5 p.m.881 views

CVE-2020-8617

CVE-2020-8617 involves ISC BIND and is triggered by a logic error in the TSIG validity check (tsig.c). A remote attacker who can guess or know the TSIG key name could cause the server to reach an inconsistent state or trigger an assertion failure, leading to a denial of service. Several connected...

7.5CVSS7.2AI score0.93422EPSS
Exploits5References12Affected Software1
CVE
CVE
added 2019/03/08 11:0 p.m.881 views

CVE-2019-9639

CVE-2019-9639 affects the PHP EXIF extension: uninitialized read in exif_process_IFD_in_MAKERNOTE (data_len mishandling) on PHP < 7.1.27, < 7.2.16, and

7.5CVSS8.3AI score0.08202EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2019/03/08 11:0 p.m.881 views

CVE-2019-9638

CVE-2019-9638 affects PHP’s EXIF component. Root cause: uninitialized read in exif_process_IFD_in_MAKERNOTE due to mishandling maker_note->offset/value_len. Affected versions: PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Impact is potential arbitrary code execution on the sy...

7.5CVSS8.3AI score0.06677EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2015/12/09 11:0 a.m.881 views

CVE-2015-6175

CVE-2015-6175 is a Windows kernel local privilege escalation vulnerability. The initial description identifies a memory-elevation flaw in the Windows kernel that allows a crafted application running with local access to gain elevated privileges. Connected documents corroborate that this family in...

7.8CVSS6.3AI score0.05169EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2016/12/15 6:31 a.m.879 views

CVE-2016-7892

CVE-2016-7892 affects Adobe Flash Player and is due to a use-after-free in the TextField class, leading to arbitrary code execution. Affected versions: 23.0.0.207 and earlier, 11.2.202.644 and earlier. Industry advisories (e.g., Arch Linux ASA entries) indicate remediation by upgrading to Flash P...

9.3CVSS8.8AI score0.18786EPSS
In wildExploits0References9Affected Software1
CVE
CVE
added 2023/06/22 11:0 p.m.877 views

CVE-2023-34462

CVE-2023-34462 affects Netty SniHandler: during TLS handshake, it can allocate up to 16 MB of heap per channel (ByteBuf from ClientHello) if no idle timeout is set, enabling a crafted ClientHello to trigger memory growth and DoS. The issue is fixed in Netty 4.1.94.Final. Remediation: upgrade Nett...

6.5CVSS7.1AI score0.02459EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2022/10/11 12:0 a.m.877 views

CVE-2022-41033

CVE-2022-41033 is a Windows Privilege Escalation affecting the COM+ Event System Service. The root cause is an improper privilege handling in the service, enabling a local attacker with low privileges to obtain SYSTEM level access, compromising confidentiality, integrity, and availability. The CV...

7.8CVSS8.1AI score0.01777EPSS
In wildExploits0References3Affected Software16
CVE
CVE
added 2022/05/04 3:25 p.m.877 views

CVE-2022-23443

FortiSOAR flaw (CVE-2022-23443) : Fortinet FortiSOAR before 7.2.0 has improper access control (CWE-284) that allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Exploitation occurs over the network with no auth. Advisories from FortiGuard (FG-IR-22-041) and ...

7.5CVSS7.5AI score0.01206EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/08/12 9:0 p.m.877 views

CVE-2014-2817

CVE-2014-2817 summary (normal mode) : Affects Microsoft Internet Explorer 6–11, where a crafted web site can escalate privileges to the attacker. Root cause is an elevation of privilege vulnerability in IE; exploitation vector is remote and via a crafted page. Public exploits exist for this vulne...

8.8CVSS7.5AI score0.26349EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2011/11/30 2:0 a.m.877 views

CVE-2011-4317

The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...

4.3CVSS9.4AI score0.60783EPSS
Exploits3References33Affected Software1
CVE
CVE
added 2024/05/07 9:1 p.m.876 views

CVE-2024-0042

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are listed. Monitor for updates.

7.8CVSS6.7AI score0.00111EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/20 5:25 p.m.876 views

CVE-2022-26138

CVE-2022-26138 affects Atlassian’s Questions for Confluence app on Confluence Server/Data Center. The vulnerability arises because the app creates a Confluence user account named disabledsystemuser in the confluence-users group with a hardcoded password, and the account is not disabled by default...

9.8CVSS9.4AI score0.9817EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2022/06/02 9:39 p.m.876 views

CVE-2022-31460

CVE-2022-31460 affects Owl Labs Meeting Owl Pro and Whiteboard Owl devices (version 5.2.0.15). The issue enables activation of Tethering Mode using hard-coded hoothoot credentials, via a specific value, allowing an attacker in proximity to cause the device to expose a rogue access point and poten...

7.4CVSS7.4AI score0.03408EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2010/10/19 7:0 p.m.876 views

CVE-2010-3492

CVE-2010-3492 (Python asyncore accept handling) is a vulnerability in Python before 3.2 where the asyncore module does not properly handle unsuccessful calls to accept, and lacks guidance for daemon applications on handling such calls. This leads to denial-of-service by remote attackers terminati...

5CVSS7.3AI score0.03627EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities5000