Lucene search
K
CveMost viewed

367637 matches found

CVE
CVE
added 2025/04/04 5:51 p.m.806 views

CVE-2024-11235

CVE-2024-11235 affects PHP 8.3.x before 8.3.19 and 8.4.x before 8.4.5. The issue is a use-after-free caused by a code sequence involving the __set handler or the ??= operator in the presence of exceptions, which an attacker could exploit if they can influence memory layout (e.g., crafted inputs) ...

9.2CVSS7.1AI score0.01263EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/03/22 4:36 p.m.806 views

CVE-2023-0464

OpenSSL CVE-2023-0464 is a denial-of-service vulnerability that affects all supported OpenSSL versions by enabling exponential resource usage when verifying X.509 certificate chains that include policy constraints. The root cause is in policy constraint verification during chain processing, allow...

7.5CVSS7.3AI score0.03658EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2018/02/08 11:0 p.m.806 views

CVE-2014-8985

Microsoft Internet Explorer 11 contains a memory corruption vulnerability (CVE-2014-8985) that can be exploited remotely by visiting a crafted site, potentially enabling arbitrary code execution or memory-based denial of service. Public exploits exist; exploitation details are not provided in the...

7.6CVSS7.7AI score0.10002EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/18 5:50 p.m.805 views

CVE-2022-21215

CVE-2022-21215 is an SSRF vulnerability in Airspan/Mimosa MMP stack. Affected: MMP before v1.0.3; PTP C-series before v2.8.6.1; PTMP C-series/A5x before v2.5.4.1. Root cause: improper server-side request handling allows an attacker to force the server to access internal routes and cloud-hosting p...

10CVSS9.5AI score0.0139EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/11/09 8:0 p.m.805 views

CVE-2010-4221

CVE-2010-4221 describes a remote code execution vulnerability in ProFTPD’s TELNET IAC handling. Multiple stack-based buffer overflows in pr_netio_telnet_gets (netio.c) allow unauthenticated attackers to potentially execute arbitrary code by crafting TELNET IAC sequences to FTP/FTPS services. The ...

10CVSS9.4AI score0.91303EPSS
Exploits10References13Affected Software1
CVE
CVE
added 2023/08/08 6:52 p.m.804 views

CVE-2023-38180

CVE-2023-38180 is a .NET/Visual Studio denial-of-service vulnerability (DoS) affecting .NET Core and related components. The CVSSv3.1 vector indicates Network attack, low attack complexity, no privileges required, with no confidentiality/integirty impact but a High availability impact. Moderate-t...

7.5CVSS7.8AI score0.15519EPSS
In wildExploits0References4Affected Software3
CVE
CVE
added 2022/11/09 12:0 a.m.804 views

CVE-2022-41073

CVE-2022-41073 — Windows Print Spooler Elevation of Privilege affects Windows Print Spooler. Connected docs note exploitation in the wild and public patching via Microsoft updates (Nov 2022 Patch Tuesday). Remediation is to apply the Microsoft update for CVE-2022-41073 per MSRC/update guidance in...

7.8CVSS8.1AI score0.02389EPSS
In wildExploits0References3Affected Software16
CVE
CVE
added 2022/02/02 11:48 a.m.804 views

CVE-2022-21724

CVE-2022-21724 affects the official PostgreSQL JDBC Driver (libpgjava) used by pgjdbc. The vulnerability stems from the driver instantiating plugin classes based on connection properties (authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback) without v...

9.8CVSS8.4AI score0.0301EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2019/09/04 5:59 a.m.804 views

CVE-2019-15903

CVE-2019-15903 is a libexpat/libxml2 (Expat) issue present in libexpat prior to 2.2.8. Crafted XML input could cause the parser to switch from DTD parsing to document parsing too early, and a subsequent call to XML_GetCurrentLineNumber/XML_GetCurrentColumnNumber could trigger a heap-based buffer ...

7.5CVSS8.2AI score0.06643EPSS
Exploits1References59Affected Software1
CVE
CVE
added 2018/08/18 2:0 a.m.804 views

CVE-2018-15494

CVE-2018-15494: Dojo Toolkit’s DataGrid in Dojo before 1.14 is vulnerable to unescaped string injection, enabling cross‑site scripting. Affected component is dojox/Grid/DataGrid; impact is client-side script execution in the context of the hosting page. The public fix is to upgrade to Dojo 1.14 o...

9.8CVSS9.4AI score0.02611EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2004/05/05 4:0 a.m.803 views

CVE-2004-0230

Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.

5CVSS9.1AI score0.80855EPSS
Exploits3References29Affected Software1
CVE
CVE
added 2023/01/17 11:35 p.m.802 views

CVE-2023-21839

CVE-2023-21839 affects Oracle WebLogic Server (core) versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. It is exploitable via unauthenticated network access over T3/IIOP and relates to post-deserialization of a ForeignOpaqueReference object, enabling remote code execution as the oracle user. Multip...

7.5CVSS7.5AI score0.99811EPSS
In wildExploits10References3Affected Software1
CVE
CVE
added 2022/08/24 12:0 a.m.802 views

CVE-2021-4189

CVE-2021-4189 affects Python’s FTP (ftplib) client: in PASV mode it trusts the host from the PASV response by default, enabling a malicious FTP server to trick clients into connecting back to an attacker-specified IP/port (potential port scanning). Debian LTS postings and other advisories explici...

5.3CVSS6.2AI score0.02511EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2021/02/24 4:57 p.m.802 views

CVE-2021-21974

CVE-2021-21974 is a heap-based overflow in VMware ESXi’s OpenSLP service that can enable remote code execution when an attacker on the same network segment can reach port 427. Affected releases include ESXi 7.x (before ESXi70U1c-17325551), ESXi 6.7 (before 202102401-SG), and ES6.5 (before 2021021...

8.8CVSS8.9AI score0.45063EPSS
In wildExploits7References3Affected Software1
CVE
CVE
added 2025/01/08 10:15 p.m.801 views

CVE-2025-0282

CVE-2025-0282 is a stack-based buffer overflow in Ivanti Connect Secure (pre-auth) that enables remote code execution. Affected products include Ivanti Connect Secure, Policy Secure, and Ivanti Neurons for ZTA Gateways, with vulnerable versions listed as 22.7R2.5 (Connect Secure), 22.7R1.2 (Polic...

9CVSS8.3AI score0.99971EPSS
In wildExploits13References7Affected Software3
CVE
CVE
added 2013/11/19 3:0 p.m.801 views

CVE-2013-6282

The CVE-2013-6282 issue affects the Linux kernel on ARM v6k/v7 where get_user and put_user do not validate certain addresses, enabling an unprivileged user to read/write arbitrary kernel memory. Exploitation was reported in the wild on Android devices in late 2013. Affected kernel versions includ...

8.8CVSS7.7AI score0.39711EPSS
In wildExploits9References9Affected Software1
CVE
CVE
added 2025/01/28 12:0 a.m.800 views

CVE-2024-55968

DTEX DEC-M (DTEX Forwarder) 6.1.1 is affected. The com.dtexsystems.helper service fails to validate client identity during XPC IPC, not verifying code requirements, entitlements, security flags, or client version before connections. This enables unauthorized XPC connections to call DTConnectionHe...

8.8CVSS7.5AI score0.00979EPSS
Exploits1References2
CVE
CVE
added 2026/01/19 9:16 p.m.799 views

CVE-2026-23944

CVE-2026-23944 affects Arcane prior to v1.13.2. The vulnerability exists in the environment proxy middleware which handles /api/environments/{id}/… requests for remote environments before authentication is enforced. If the environment ID is not local, the middleware proxies the request and attach...

9.8CVSS5.6AI score0.00445EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/02/16 4:55 p.m.799 views

CVE-2021-23840

CVE-2021-23840 describes an integer-length overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate that can cause a negative output length value when input length is near the platform’s integer limit. This can lead to application crashes or incorrect behavior. Affected OpenSSL rele...

7.5CVSS8AI score0.50732EPSS
Exploits0References20Affected Software1
CVE
CVE
added 2011/11/08 11:0 a.m.799 views

CVE-2011-3607

The CVE-2011-3607 issue affects the Apache HTTP Server 2.0.x (up to 2.0.64) and 2.2.x (up to 2.2.21) when mod_setenvif is enabled. An integer overflow in ap_pregsub() in server/util.c can cause a heap-based buffer overflow, enabling local privilege escalation via a crafted .htaccess SetEnvIf dire...

4.4CVSS7.7AI score0.04716EPSS
Exploits4References48Affected Software1
CVE
CVE
added 2024/10/14 12:0 a.m.798 views

CVE-2024-49214

The CVE-2024-49214 issue affects HAProxy QUIC handling. Affected: HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11. Root cause: insufficient validation enables opening a 0-RTT session with a spoofed IP, bypassing IP allow/block lists. Impact: potential unauthorized acces...

5.3CVSS5.4AI score0.00502EPSS
Exploits0References7
CVE
CVE
added 2022/11/09 12:0 a.m.798 views

CVE-2022-41091

CVE-2022-41091 is a Windows security feature bypass in Mark of the Web (MOTW). The vulnerability allows bypassing MOTW protections, with a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L). Public sources note exploitation in the wild and patches are delivered via Microsoft’s upda...

5.4CVSS7AI score0.01986EPSS
In wildExploits0References2Affected Software12
CVE
CVE
added 2021/07/20 6:1 p.m.798 views

CVE-2021-33909

CVE-2021-33909 affects the Linux kernel’s filesystem layer (fs/seq_file.c) across 3.16–5.13.x, with fixed releases in 5.13.4 and via patches noted in downstream advisories. The root cause is a size_t-to-int conversion that permits an integer overflow during seq buffer allocations, enabling an Out...

7.8CVSS7.9AI score0.09808EPSS
Exploits6References20Affected Software1
CVE
CVE
added 2023/03/30 12:17 a.m.796 views

CVE-2023-25000

CVE-2023-25000 : HashiCorp Vault’s Shamir secret sharing uses precomputed table lookups and is vulnerable to cache-timing attacks during seal/unseal. An attacker observing many unseal operations locally could reduce the search space for recovering Shamir shares. Affected: Vault’s Shamir implement...

5CVSS4.9AI score0.0021EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/09 12:0 a.m.796 views

CVE-2022-41049

CVE-2022-41049 refers to a Windows Mark of the Web (MotW) security feature bypass vulnerability. Affected: Windows MotW handling; Root cause: bypass of MotW checks that normally protect against untrusted content. Impact: limited loss of integrity and availability of security features; exploitatio...

5.4CVSS6.8AI score0.02482EPSS
In wildExploits0References2Affected Software12
CVE
CVE
added 2020/11/16 12:40 a.m.796 views

CVE-2020-25695

CVE-2020-25695 affects PostgreSQL across multiple versions (pre-13.1, pre-12.5, pre-11.10, pre-10.15, pre-9.6.20, pre-9.5.24). The issue allows an attacker who can create non-temporary objects in at least one schema to execute arbitrary SQL functions as a superuser, impacting data confidentiality...

8.8CVSS7.2AI score0.4644EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/10/18 3:55 a.m.794 views

CVE-2023-39332

CVE-2023-39332 concerns Node.js: certain node:fs path operations permit traversal when paths are provided as non-Buffer Uint8Array objects. The vulnerability contrasts with existing mitigations for string paths and Buffer paths (CVE-2023-30584 and CVE-2023-32004). The issue arises in environments...

9.8CVSS8.6AI score0.01819EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/07/14 5:54 p.m.794 views

CVE-2021-34529

Technical details about CVE-2021-34529 (affected product, root cause, impact, or fixes) are not publicly provided in the connected documents; monitor official advisories and updates for authoritative information.

7.8CVSS7.9AI score0.03862EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/04/21 1:45 p.m.794 views

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

7.5CVSS7.5AI score0.53336EPSS
Exploits2References32Affected Software1
CVE
CVE
added 2018/03/06 8:0 p.m.794 views

CVE-2018-6530

The CVE-2018-6530 entry describes an OS command injection in the D‑Link DIR series through soap.cgi (soapcgi_main in cgibin), allowing remote execution of arbitrary OS commands via the service parameter. Affected devices include DIR-880L (REVA firmware patches 1.08B04 and earlier), DIR-868L (DIR8...

10CVSS9.8AI score0.96626EPSS
In wildExploits1References6Affected Software1
CVE
CVE
added 2019/08/16 3:36 a.m.793 views

CVE-2018-20969

CVE-2018-20969 / CVE-2019-13638 (GNU patch) : The vulnerability resides in do_ed_script in pch.c of GNU patch up to version 2.7.6, where do_ed_script does not block strings starting with a ! character when using ed-style payloads. This is tied to an upstream commit shared with CVE-2019-13638 and ...

9.3CVSS7.4AI score0.02706EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2025/01/17 11:11 p.m.792 views

CVE-2018-9434

CVE-2018-9434 is evidenced by a Binder Parcel overlap flaw in Android: Parcel data can overlap binder-object metadata, causing kernel pointers to be inserted into attacker-controlled buffers during unmarshalling. This enables information disclosure and an ASLR bypass, potentially allowing local p...

7.8CVSS6.9AI score0.00096EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/12/23 12:0 a.m.792 views

CVE-2022-43551

CVE-2022-43551 is a vulnerability in curl’s HSTS check that could allow bypassing HSTS and forcing a cleartext HTTP transfer. The issue occurs when the URL hostname uses IDN characters that are later ASCII-encoded during IDN processing (e.g., U+3002 IDEOGRAPHIC FULL STOP instead of U+002E). Curl ...

7.5CVSS7.3AI score0.17011EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/02/25 2:36 p.m.792 views

CVE-2021-45977

CVE-2021-45977 affects JetBrains IDEs used as Remote Development backends where the affected products bound to the 0.0.0.0 address. The vulnerability description from connected sources notes exposure of the backend service due to binding to an all interfaces address. Fixed versions are provided: ...

9.8CVSS9.4AI score0.01067EPSS
Exploits0References2Affected Software7
CVE
CVE
added 2013/03/14 10:0 p.m.792 views

CVE-2013-2566

CVE-2013-2566 involves RC4 biases in TLS/SSL allowing plaintext-recovery via large volumes of sessions with the same plaintext. Multiple connected sources confirm this issue affecting products such as F5 BIG-IP (various modules) and IBM Proventia/SiteProtector family. Affected in some BIG-IP rele...

5.9CVSS5.7AI score0.84424EPSS
Exploits0References21Affected Software3
CVE
CVE
added 2003/09/17 4:0 a.m.792 views

CVE-2003-0693

CVE-2003-0693 describes a buffer management error in OpenSSH prior to 3.7, in buffer_append_space, where freeing the incorrect amount of memory can corrupt the heap and enable remote code execution. This is a remote, unauthenticated vulnerability with a high impact (CVE-2003-0693). Connected advi...

10CVSS9.6AI score0.09893EPSS
Exploits2References20Affected Software1
CVE
CVE
added 2025/03/04 11:56 a.m.791 views

CVE-2025-22226

CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...

7.1CVSS7.7AI score0.01676EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2024/10/08 5:35 p.m.791 views

CVE-2024-38124

CVE-2024-38124 is a Windows Netlogon Elevation of Privilege vulnerability. The provided exploitation context shows an attacker with network access on an AD domain can craft Netlogon messages to impersonate machines (including DCs), enabling privilege escalation and potential full AD compromise. A...

9CVSS9AI score0.01153EPSS
Exploits1References1Affected Software6
CVE
CVE
added 2023/01/20 12:0 a.m.791 views

CVE-2022-25631

CVE-2022-25631 affects Symantec Endpoint Protection (SEP) Client/Endpoint Protection before 14.3 RU6 (14.3.9210.6000). The vulnerability is described as a local elevation of privilege, arising from insufficient access control that could allow a privileged attacker to compromise the SEP client. Pu...

7.8CVSS7.8AI score0.00166EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/11 12:0 a.m.791 views

CVE-2023-22952

SugarCRM is affected by CVE-2023-22952, a remote code execution in the EmailTemplates flow before 12.0, hotfix 91155. An attacker can upload a crafted PNG with embedded PHP to /index.php?module=EmailTemplates&action=AttachFiles (no input validation) and execute code on the server. Some sources in...

8.8CVSS8.9AI score0.80274EPSS
In wildExploits4References3Affected Software1
CVE
CVE
added 2022/12/13 12:0 a.m.791 views

CVE-2022-27518

CVE-2022-27518 affects Citrix ADC and Citrix Gateway when configured as a SAML SP or SAML IdP. The vulnerability allows unauthenticated remote arbitrary code execution. Citrix’s security bulletin CTX474995 lists affected versions: ADC/Gateway 13.0 before 13.0-58.32; 12.1 before 12.1-65.25; 12.1-F...

9.8CVSS9.8AI score0.06931EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2019/08/13 8:50 p.m.791 views

CVE-2019-9512

CVE-2019-9512 is a HTTP/2 denial-of-service issue caused by ping floods that can trigger unbounded memory/CPU growth. Connected advisories confirm concrete remediation paths across environments: for Go-based HTTP/2 stacks, upgrading Go to 1.12.8 or newer (addresses CVE-2019-9512/9514 and related ...

7.8CVSS7.8AI score0.83433EPSS
Exploits1References65Affected Software1
CVE
CVE
added 2011/11/30 2:0 a.m.791 views

CVE-2011-3639

CVE-2011-3639 affects the Apache HTTP Server mod_proxy when using reverse proxy configurations (RewriteRule/ProxyPassMatch). The initial fix for CVE-2011-3368 did not fully address the issue, allowing a remote attacker to connect to an intranet/hidden server by sending HTTP/0.9 with a malformed U...

4.3CVSS9.4AI score0.52531EPSS
Exploits2References4Affected Software10
CVE
CVE
added 2025/04/24 4:50 p.m.790 views

CVE-2025-31324

CVE-2025-31324 affects SAP NetWeaver Visual Composer Metadata Uploader (VCFRAMEWORK). Unauthenticated uploads to /developmentserver/metadatauploader allow remote code execution with SAP service user privileges (RCE in VCFRAMEWORK) and can compromise confidentiality, integrity, and availability. C...

10CVSS7AI score0.99359EPSS
In wildExploits18References6Affected Software1
CVE
CVE
added 2024/03/01 8:48 p.m.790 views

CVE-2024-20328

CVE-2024-20328 affects the ClamAV VirusEvent feature, where unsafe handling of file names can allow a local attacker to inject and execute arbitrary commands with the privileges of the application service account (local vector, low complexity). The root cause is command-line sequence processing s...

5.3CVSS6AI score0.84841EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/06/18 11:34 p.m.790 views

CVE-2019-11477

CVE-2019-11477 (SACK Panic) is a Linux kernel TCP vulnerability where crafted SACK blocks can trigger an integer overflow, potentially causing a kernel crash and DoS. CVE-2019-11478/11479 describe related DoS via SACK handling and low MSS. In practice, Arista discloses affected products (EOS, Clo...

7.8CVSS7.5AI score0.98745EPSS
Exploits4References29Affected Software1
CVE
CVE
added 2013/01/24 9:0 p.m.790 views

CVE-2012-6095

CVE-2012-6095 affects ProFTPD prior to 1.3.5rc1. When using the UserOwner directive, a race condition with a symlink attack on the MKD or XMKD commands lets a local user modify ownership of arbitrary files. The vulnerability arises from insecure handling of temporary files during directory creati...

1.2CVSS6.1AI score0.00693EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/01/27 9:46 p.m.789 views

CVE-2025-24146

CVE-2025-24146 affects macOS Messages where deleting a conversation may expose user contact information in system logs. The issue is tied to insufficient redaction of sensitive data and is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. CVSSv3.1 metrics in the initial ...

9.8CVSS5.8AI score0.00803EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/06/23 12:0 a.m.789 views

CVE-2023-32435

CVE-2023-32435 is a memory corruption vulnerability in WebKit-based components affecting Apple platforms. The connected sources specify that processing web content could lead to arbitrary code execution and that the issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, and ...

8.8CVSS8.8AI score0.22951EPSS
In wildExploits1References5Affected Software4
CVE
CVE
added 2022/04/14 9:25 p.m.789 views

CVE-2022-24849

DisCatSharp (Discord API wrapper for .NET) versions 9.8.5–9.9.0 and prereleases of 10.0.0 may have sent bot tokens to a DisCatSharp-owned web server when using either the two RequireDisCatSharpDeveloperAttribute attributes or BaseDiscordClient.LibraryDeveloperTeam. The issue was addressed in 9.9....

6.5CVSS6.5AI score0.00822EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000