Lucene search
K
CveMost viewed

367997 matches found

CVE
CVE
added 2025/02/11 9:14 a.m.688 views

CVE-2025-26408

CVE-2025-26408 affects Wattsense Bridge devices where the JTAG interface is unprotected and accessible via physical access to the PCB, granting full device access (extract/modify firmware) across all known versions. Root cause per SEC Consult/PacketStorm analysis is an unprotected JTAG interface ...

6.1CVSS6.2AI score0.00276EPSS
Exploits1References3
CVE
CVE
added 2025/01/20 1:29 p.m.688 views

CVE-2024-13176

CVE-2024-13176 describes a timing side-channel in ECDSA signature computation that could potentially allow private-key recovery. The vulnerability is documented for OpenSSL and related packages (e.g., openssl and openssl-snapsafe in affected environments) with a notable timing signal (~300 ns) wh...

4.1CVSS4.1AI score0.00601EPSS
Exploits0References13
CVE
CVE
added 2022/05/20 2:15 p.m.688 views

CVE-2022-29165

CVE-2022-29165 affects Argo CD (GitOps tool for Kubernetes). Vulnerable in versions starting at 1.4.0 and prior to 2.1.15, 2.2.9, and 2.3.4. If anonymous access is enabled, unauthenticated attackers can impersonate any Argo CD user or role (including built‑in admin) by sending a crafted JWT, pote...

10CVSS9.7AI score0.01857EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/04/11 8:13 p.m.688 views

CVE-2022-24827

Elide (Java) SQL Injection vulnerability (CVE-2022-24827) affects analytic queries that use Parameterized Columns of type TEXT in the Elide Aggregation Data Store. The issue stems from the TEXT parameter handling that can be interpreted as SQL comments (–) after a patch in 6.1.2, allowing bypass ...

8.1CVSS8.3AI score0.01335EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/01/09 5:0 a.m.688 views

CVE-2018-20676

CVE-2018-20676 affects Bootstrap 3.x up to 3.4.0, where XSS is possible via the tooltip data-viewport attribute due to unsafe handling of input. Affected component: tooltip data-viewport. Impact stated: cross-site scripting with potential partial integrity impact; no exploitation details provided...

6.1CVSS6AI score0.03835EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2015/04/24 2:0 p.m.688 views

CVE-2012-5451

TVMOBiLi Media Server (HttpUtils.dll) contains a buffer-overflow DoS vulnerability (CVE-2012-5451) exploitable via long GET/HEAD requests to port 30888, affecting TVMOBiLi before version 2.1.0.3974. Public sources attribute the issue to improper handling of URI length, leading to stack-based over...

5CVSS6.7AI score0.03988EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2014/02/26 11:0 a.m.688 views

CVE-2013-4322

CVE-2013-4322 affects Apache Tomcat on multiple branches and is caused by improper handling of chunked transfer encoding trailing headers/extensions, allowing remote DoS by streaming data. Affects Tomcat 6.x up to 6.0.39, 7.x up to 7.0.50, and 8.x up to 8.0.0-RC10, and stems from an incomplete pr...

4.3CVSS9.1AI score0.09458EPSS
Exploits2References41Affected Software1
CVE
CVE
added 2024/05/01 12:49 p.m.687 views

CVE-2024-4058

CVE-2024-4058 involves a Type Confusion in ANGLE used by Google Chrome. The vulnerability allows remote attackers to potentially trigger heap corruption via a crafted HTML page, with impact described as code execution in the browser. Affected software is Google Chrome (ANGLE component) on desktop...

9CVSS8.4AI score0.08875EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/02/08 7:2 p.m.687 views

CVE-2023-0217

CVE-2023-0217 is an OpenSSL vulnerability: an invalid pointer dereference on read when validating a malformed DSA public key via EVP_PKEY_public_check(), likely crashing the application and enabling denial of service. Affected context in connected documents confirms OpenSSL-related advisories and...

7.5CVSS7.5AI score0.01846EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/05/22 2:9 p.m.687 views

CVE-2020-10711

The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...

5.9CVSS6.5AI score0.03097EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2020/04/17 3:31 a.m.687 views

CVE-2020-11868

NTOP vulnerability CVE-2020-11868 affects ntp in ntp (before 4.2.8p14 and 4.3.x before 4.3.100). An off-path attacker can block unauthenticated synchronization by sending a server-mode packet with a spoofed source IP, because transmissions can be rescheduled even when the origin timestamp is inva...

7.5CVSS7.3AI score0.02081EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2025/10/05 3:17 a.m.686 views

CVE-2025-61882

Oracle E‑Business Suite (EBS) BI Publisher Integration in the Concurrent Processing component (versions 12.2.3–12.2.14) is affected by CVE-2025-61882, a pre‑auth remote code execution (RCE) vulnerability exploitable over HTTP with no authentication. Public details describe server‑side template/XS...

9.8CVSS6.7AI score0.99722EPSS
In wildExploits14References4Affected Software1
CVE
CVE
added 2024/12/11 6:55 p.m.686 views

CVE-2024-45337

CVE-2024-45337: Affects Go's crypto/ssh usage where ServerConfig.PublicKeyCallback can be invoked multiple times with different keys. An attacker could cause a vulnerable application to make authorization decisions based on a key the attacker does not control, enabling an authorization bypass. Th...

9.1CVSS9.2AI score0.03092EPSS
Exploits2References7
CVE
CVE
added 2023/04/06 3:50 p.m.686 views

CVE-2023-24536

CVE-2023-24536 affects Go’s mime/multipart and related net/http form parsing. The issue stems from memory accounting and allocations when processing multipart forms, enabling potential denial of service through high CPU/memory usage. The fix improves memory estimation in ReadForm and enforces lim...

7.5CVSS8.8AI score0.01479EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2022/08/25 6:40 p.m.686 views

CVE-2022-20921

CVE-2022-20921 describes a privilege-escalation flaw in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO). The issue arises from improper API authorization, enabling an authenticated user with non-Administrator privileges to elevate to Administrator by sending crafted HTTP request...

8.8CVSS8.6AI score0.01018EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/30 5:48 p.m.686 views

CVE-2022-34804

CVE-2022-34804 affects Jenkins OpsGenie Plugin 1.9 and earlier. The vulnerability described across multiple sources states that API keys are transmitted in plain text via the global Jenkins configuration form and job configuration forms, potentially exposing them. It also notes that API keys are ...

4.3CVSS5AI score0.00393EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/18 10:17 p.m.685 views

CVE-2025-68390

Elasticsearch is affected by CVE-2025-68390 (CWE-770): authenticated users with snapshot restore privileges can trigger uncontrolled memory allocation, causing memory exhaustion and DoS via a crafted HTTP request. CVSSv3.1 base score 4.9 (Medium); attack vector NETWORK, privilege requirement HIGH...

4.9CVSS6.2AI score0.00329EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/25 12:0 a.m.685 views

CVE-2023-28771

CVE-2023-28771 is an OS command injection in Zyxel devices (ZyWALL/USG, VPN, USG FLEX, ATP) due to improper error message handling. A unauthenticated attacker can remotely execute commands by sending crafted UDP/IKE-related packets to affected firmware: Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG li...

9.8CVSS9.6AI score0.99284EPSS
In wildExploits8References3Affected Software1
CVE
CVE
added 2023/01/25 9:34 p.m.685 views

CVE-2022-3094

CVE-2022-3094 affects ISC BIND and allows denial of service by flooding dynamic DNS UPDATE requests. A memory allocation occurs before ACL checks, and memory retained for accepted clients can exhaust resources; memory for non-permitted clients is released on rejection. The impact is a DoS (availa...

7.5CVSS7.2AI score0.13108EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/18 6:3 a.m.685 views

CVE-2022-27191

CVE-2022-27191 affects the golang.org/x/crypto/ssh package. Exploitable impact described in connected advisories: an attacker could crash a server under certain AddHostKey conditions. The vulnerability is tied to the x/crypto/ssh code path, with older Go crypto/ssh releases prior to 0.0.0-2022031...

7.5CVSS9.3AI score0.03931EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2021/05/14 10:57 p.m.685 views

CVE-2021-33033

The connected sources confirm CVE-2021-33033 affects the Linux kernel up to 5.11.14, with a use-after-free in cipso_v4_genopt (net/ipv4/cipso_ipv4.c) due to mishandled CIPSO/CALIPSO DOI refcounting, enabling writing an arbitrary value. Exploitation would be local. Remediation is to upgrade to a f...

7.8CVSS7.5AI score0.00571EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2020/08/31 5:11 p.m.685 views

CVE-2020-14364

Vulnerability: CVE-2020-14364 affects the USB emulator in QEMU before 5.2.0. Root cause: an out-of-bounds read/write when processing USB packets, specifically if USBDevice 'setup_len' exceeds data_buf[4096] in do_token_in/do_token_out. Impact: a guest user could crash the QEMU process (DoS) or po...

5CVSS6.6AI score0.05447EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2025/01/21 11:4 p.m.684 views

CVE-2024-49735

CVE-2024-49735 affects Google Android (Framework component) with an elevation-of-privilege issue caused by a failure to persist permissions settings due to resource exhaustion. The impact is local privilege escalation with no extra privileges required; exploitation is described as requiring no us...

7.8CVSS6.8AI score0.00073EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/26 7:55 p.m.684 views

CVE-2022-29632

CVE-2022-29632 affects Roncoo Education v9.0.0. The vulnerability is an arbitrary file upload in the component /course/api/upload/pic, enabling attackers to execute arbitrary code via a crafted file. According to NVD, the CVSS-3.1 base score is 9.8 (CRITICAL) with network access, no privileges re...

9.8CVSS9.5AI score0.16113EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/27 9:43 a.m.683 views

CVE-2021-46929

CVE-2021-46929 describes a Linux kernel SCTP use-after-free related issue in endpoint destruction, resolved by delaying endpoint free with call_rcu() and moving sock_put/ep free into sctp_endpoint_destroy_rcu(). The patch ensures the endpoint (ep) remains alive under rcu_read_lock during certain ...

5.5CVSS6.2AI score0.00248EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/02/14 7:33 p.m.683 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wildExploits11References1Affected Software8
CVE
CVE
added 2022/04/18 7:0 p.m.683 views

CVE-2022-24863

CVE-2022-24863 affects the http-swagger package (wrapper for Swagger 2.0 docs). Versions prior to 1.2.6 are vulnerable due to improper handling of HTTP methods, enabling a denial-of-service via memory exhaustion on the host. The issue is mitigated by upgrading to 1.2.6 or by restricting the path ...

7.8CVSS7.3AI score0.02333EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2019/10/17 5:3 p.m.683 views

CVE-2019-14287

CVE-2019-14287 affects sudo before 1.8.28. An attacker with a Runas ALL sudoer account can bypass policy blacklists and session PAM modules and cause incorrect logging by invoking sudo with a crafted user ID (example: sudo -u $((0xffffffff))). This corresponds to a local privilege-escalation flaw...

9CVSS8.7AI score0.63917EPSS
Exploits10References37Affected Software1
CVE
CVE
added 2021/03/26 6:23 p.m.682 views

CVE-2021-25370

CVE-2021-25370 is a Samsung-internal chain of three vulnerabilities fixed in SMR Mar-2021 Release 1. The final issue is a use-after-free in the Display Processing Unit (DPU) driver that allows memory corruption leading to kernel panic when a file descriptor is mishandled in the DPU path. The thre...

6.1CVSS5AI score0.0089EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2024/07/31 8:8 a.m.681 views

CVE-2024-7264

CVE-2024-7264 affects libcurl’s ASN.1 parser (GTime2str): if parsing a syntactically incorrect Generalized Time field, the code may set the time fraction length to -1, causing strlen() to operate on a non-null-terminated heap buffer. This can cause a crash and potentially leak heap contents to th...

6.5CVSS7.3AI score0.16212EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2023/10/17 9:2 p.m.680 views

CVE-2023-22028

CVE-2023-22028 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.x up to 5.7.43 and 8.0.x up to 8.0.31. Exploitation can lead to a high-privilege attacker over network causing a hang or frequent crash (DoS) of MySQL Server. Connected sources indicate Oracle CPU advisory and ven...

4.9CVSS4.8AI score0.00891EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/12 4:58 p.m.680 views

CVE-2023-38142

CVE-2023-38142 is a Windows kernel elevation-of-privilege vulnerability that can be exploited locally by an attacker with low privileges and no user interaction, with a high impact on confidentiality, integrity and availability (CVSS 3.1 base score 7.8). The provided documents confirm the vulnera...

7.8CVSS8.1AI score0.06519EPSS
Exploits0References1Affected Software12
CVE
CVE
added 2020/04/27 8:38 p.m.680 views

CVE-2020-7067

CVE-2020-7067 describes an out-of-bounds read in PHP’s urldecode() when PHP is built with EBCDIC support. Affected versions are PHP 7.2.x < 7.2.30, 7.3.x < 7.3.17, and 7.4.x

7.5CVSS7.5AI score0.04311EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2019/10/16 5:40 p.m.680 views

CVE-2019-2974

CVE-2019-2974 affects Oracle MySQL Server, component Server: Optimizer. Affected versions are 5.6.45 and prior, 5.7.27 and prior, and 8.0.17 and prior. The flaw is exploitable over the network by a low-privileged attacker and can lead to a hang or frequent, repeatable crash (DoS) of MySQL Server....

6.5CVSS6.3AI score0.03726EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2019/06/18 11:28 p.m.680 views

CVE-2019-11038

CVE-2019-11038 affects the GD Graphics Library (LibGD) 2.2.5 as used in the PHP gd extension. The flaw arises in gdImageCreateFromXbm(), where input data can cause the function to use an uninitialized variable, potentially leaking contents from stack memory. Affected PHP branches are 7.1.x below ...

5.3CVSS5.5AI score0.04332EPSS
Exploits1References18Affected Software2
CVE
CVE
added 2025/01/27 9:46 p.m.679 views

CVE-2025-24102

CVE-2025-24102 affects Apple platforms; an app may be able to determine a user’s current location. Patched in iPadOS 17.7.4, macOS Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3. CVSS v3.1 base score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Connected sources confirm updates and affected OS ver...

9.8CVSS5.8AI score0.00922EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2024/02/27 6:40 p.m.679 views

CVE-2021-46940

CVE-2021-46940 is a Linux kernel vulnerability in the perf/turbostat timer path. The bug stems from index conversion in tools/power turbostat where idx_to_offset() returns a 32-bit int while MSR_PKG_ENERGY_STAT is a 32-bit unsigned value, causing negative interpretation and triggering a guard in ...

5.5CVSS5.2AI score0.00222EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/11/28 7:15 p.m.679 views

CVE-2023-30590

CVE-2023-30590 concerns Node.js: the generateKeys() API of crypto.createDiffieHellman() only generates a private key when none is set, yet docs claim it generates both private and public DH keys. Multiple advisories (Debian DLA/DSA, Gentoo GLSA, AlmaLinux errata) reference this vulnerability and ...

7.5CVSS7.6AI score0.01462EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/07/18 12:0 a.m.679 views

CVE-2022-33891

Summary: CVE-2022-33891 is a command-injection vulnerability in the Apache Spark UI when ACLs are enabled. A code path in HttpSecurityFilter can impersonate by supplying an arbitrary username, leading to an arbitrary shell command being executed as the Spark process user. Affected versions includ...

8.8CVSS8.9AI score0.92984EPSS
In wildExploits12References4Affected Software1
CVE
CVE
added 2022/02/25 2:34 p.m.679 views

CVE-2022-24327

Summary: CVE-2022-24327 affects JetBrains Hub prior to 2021.1.13890, where the JetBrains Account integration exposed an API key with excessive permissions. The vulnerability stems from improper access controls during account integration, enabling an attacker who could exploit the exposed key to a...

7.5CVSS7.5AI score0.00924EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/10/14 5:1 p.m.678 views

CVE-2025-59287

CVE-2025-59287 is a deserialization vulnerability in Windows Server Update Services (WSUS) that enables unauthenticated, remote code execution over the network via crafted data (notably SOAP requests to WSUS endpoints such as Client.asmx). Connected exploit analyses confirm the root cause as unsa...

9.8CVSS7AI score0.99962EPSS
In wildExploits24References7Affected Software6
CVE
CVE
added 2025/01/21 8:52 p.m.678 views

CVE-2025-21502

CVE-2025-21502 affects Oracle Java SE and related GraalVM packages (Hotspot) across multiple supported versions (Java SE 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; GraalVM JDK 17.0.13/21.0.5/23.0.1; GraalVM EE 20.3.16/21.3.12). The described vulnerability allows an unauthenticated, network-acc...

4.8CVSS4.1AI score0.00971EPSS
Exploits0References5Affected Software4
CVE
CVE
added 2023/08/15 3:10 p.m.678 views

CVE-2023-32004

CVE-2023-32004 concerns Node.js 20, specifically its experimental permission model. Available sources describe a vulnerability in the file-system APIs where improper handling of Buffers can cause a traversal path to bypass file permission checks. The issue affects users operating under the experi...

8.8CVSS8.8AI score0.01817EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/01/11 5:57 a.m.678 views

CVE-2021-3121

CVE-2021-3121 affects GoGo Protobuf prior to 1.3.2, where plugin/unmarshal/unmarshal.go lacks certain index validation (the “skippy peanut butter” issue). The vulnerability is tied to insufficient input/index validation in the unmarshal path, with CVSS indications in the sources, but exploitation...

8.6CVSS8.2AI score0.03478EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/01/31 12:0 a.m.677 views

CVE-2024-47857

CVE-2024-47857 affects SSH Communication Security PrivX versions 18.0–36.0, where insufficient validation of public key signatures during native SSH connections via a proxy port allows an account (A) to impersonate another account (B) and access SSH targets that B can reach. This is documented ac...

9.8CVSS6.6AI score0.00439EPSS
Exploits0References2
CVE
CVE
added 2023/10/17 9:2 p.m.677 views

CVE-2023-22025

CVE-2023-22025 affects multiple Java runtimes (Oracle Java SE, GraalVM for JDK, GraalVM Enterprise) with vulnerable components in Hotspot. Affected versions listed include Oracle Java SE 8u381-perf, 17.0.8, 21; GraalVM for JDK 17.0.8 and 21; GraalVM EE 21.3.7/22.3.3. The connected Broadcom Azul Z...

3.7CVSS3.7AI score0.00883EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2017/07/17 9:0 p.m.677 views

CVE-2017-6742

CVE-2017-6742 is a Cisco SNMP remote code execution vulnerability in the SNMP stack of IOS/IOS XE. A stack-based overflow could allow an authenticated attacker to run arbitrary code or cause a reload by sending crafted SNMP packets (targets SNMP v1/v2c/v3; needs read-only community string or v3 c...

9CVSS8.9AI score0.21424EPSS
In wildExploits1References5Affected Software2
CVE
CVE
added 2014/01/24 3:0 p.m.677 views

CVE-2014-1252

CVE-2014-1252 corresponds to a double-free in Apple's Office Viewer when processing Microsoft Word documents. Affected product: macOS/iOS Apple Office components (Office Viewer/Word handling). Root cause: memory management error (double free) in Word document handling. Impact: remote code executi...

7.5CVSS7.6AI score0.04165EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/01/26 8:57 a.m.676 views

CVE-2024-0727

CVE-2024-0727 affects OpenSSL via processing of PKCS12 files from untrusted sources, causing a NULL pointer dereference that can crash the library and trigger DoS. Affected APIs include PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpas...

5.5CVSS5.8AI score0.03174EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2019/08/05 11:53 a.m.676 views

CVE-2017-18468

CVE-2017-18468 affects cPanel prior to 62.0.17. The vulnerability arises in the Htaccess::setphppreference API (SEC-232), enabling code execution by demo accounts. No exploitation details are provided in the documents. Affected software: cPanel before 62.0.17. Impact: remote code execution by una...

6.5CVSS6.5AI score0.00982EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000