Lucene search
K
CveMost viewed

368521 matches found

CVE
CVE
added 2024/02/13 6:2 p.m.654 views

CVE-2024-21412

CVE-2024-21412 is a Windows SmartScreen security feature bypass that lets a downloaded file, marked by the Mark of the Web (MoTW), execute without SmartScreen prompts when dealing with Internet Shortcut files. Connected sources cite in-the-wild activity (Water Hydra) and exploitation via spearphi...

8.1CVSS8.3AI score0.95443EPSS
In wildExploits2References2Affected Software9
CVE
CVE
added 2024/01/09 5:56 p.m.654 views

CVE-2024-0056

CVE-2024-0056 affects Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider security feature bypass. CVSS v3.1 base score 8.7 (NETWORK, HIGH impact on confidentiality and integrity, no availability impact) per Microsoft, with CVSS v4 score 8.8 indicating high impact. Descriptions i...

8.7CVSS9.1AI score0.0118EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2023/10/10 5:7 p.m.654 views

CVE-2023-36584

CVE-2023-36584 concerns a Windows Mark of the Web (MOTW) security feature bypass vulnerability. The MOTW bypass can cause a limited loss of integrity and availability of security features, as described by CISA KEV entries. The vulnerability is listed among known exploited vulnerabilities catalog ...

5.4CVSS7.3AI score0.03055EPSS
In wildExploits0References2Affected Software11
CVE
CVE
added 2023/09/06 1:56 p.m.654 views

CVE-2023-4622

CVE-2023-4622 is a Linux kernel use-after-free in af_unix (unix_stream_sendpage) where the code accesses the peer’s skb without holding the queue lock, enabling a local privilege escalation through a race with garbage collection. Public analyses in connected advisories (e.g., Astra Linux, ALAS2 l...

7.8CVSS7.7AI score0.00549EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2023/06/13 11:26 p.m.654 views

CVE-2023-33144

CVE-2023-33144 affects Visual Studio Code (older than 1.79.1) and is described as a session spoofing vulnerability. The Nessus/plugin text states an attacker could exploit to perform actions with the privileges of another user, implying a local-authentication bypass related to how VS Code handles...

6.6CVSS6.6AI score0.01266EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/23 12:0 a.m.654 views

CVE-2023-26359

CVE-2023-26359 affects Adobe ColdFusion 2018 Update 15 and earlier, and 2021 Update 5 and earlier, via a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution in the current user context. Exploitation does not require user interaction. Publicly available deta...

9.8CVSS9.6AI score0.17937EPSS
In wildExploits1References2Affected Software1
CVE
CVE
added 2019/12/23 2:40 a.m.654 views

CVE-2019-11050

CVE-2019-11050 concerns the PHP EXIF extension: when parsing EXIF data via exif_read_data(), PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 allow data to read beyond the allocated buffer, leading to potential information disclosure or a crash. Connected advisories confirm the vuln...

6.5CVSS7.1AI score0.07624EPSS
Exploits1References13Affected Software1
CVE
CVE
added 2019/06/18 11:34 p.m.654 views

CVE-2019-11479

The CVE-2019-11479 family (SACK/MSS issues on the Linux kernel) stems from a hard-coded MSS of 48 bytes, enabling remote DoS via fragmented TCP handling. Public docs list CVE-2019-11477 (SACK Panic), CVE-2019-11478 (SACK Slowness/Excess Resource Usage), and CVE-2019-11479 (Low MSS) with kernel-wi...

7.5CVSS7.3AI score0.9166EPSS
Exploits1References28Affected Software1
CVE
CVE
added 2019/06/14 1:54 p.m.654 views

CVE-2019-11582

Atlassian SourceTree for Windows is affected by CVE-2019-11582. A remote code execution vulnerability exists in the URI handling component for Windows versions starting with 0.5a up to, but not including, 3.1.3. An unauthenticated attacker can exploit this by sending a crafted URI; user interacti...

9.3CVSS9AI score0.04936EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/21 11:4 p.m.653 views

CVE-2024-49733

CVE-2024-49733 affects Google Android, describing a logic error in ServiceListing.java that could allow a malicious app to hide an NLS from Settings, leading to local information disclosure without additional privileges and with no user interaction required. The records from multiple sources (NVD...

5.5CVSS5.9AI score0.0008EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/27 6:40 p.m.653 views

CVE-2020-36776

In the Linux kernel, CVE-2020-36776 concerns the slab OOB issue in thermal/cpufreq_cooling. The vulnerability is triggered in cpu_power_to_freq() when the EM table does not contain a suitable power entry (power below OPP0), leading to a negative index read. The documented fix returns the lowest a...

5.5CVSS5.9AI score0.00232EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/10/12 4:13 p.m.653 views

CVE-2023-5072

CVE-2023-5072 relates to a Denial of Service in JSON-Java (org.json: JSON-Java) where the parser can exhaust memory on inputs of modest size in versions up to 20230618. Connected sources corroborate a DoS caused by a parser bug in JSON-Java, affecting multiple products that bundle this library. T...

7.5CVSS7.5AI score0.01449EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/04/05 5:55 p.m.653 views

CVE-2022-28651

Vulnerability: JetBrains IntelliJ IDEA prior to 2021.3.3 allowed retrieving passwords from protected fields. Affected product/versions: IntelliJ IDEA before 2021.3.3. Root cause details are not specified in the provided documents. Impact: confidentiality of passwords may be exposed; CVSS data ind...

8.4CVSS5.5AI score0.00318EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/04 4:0 a.m.653 views

CVE-2021-21704

CVE-2021-21704 involves PHP’s Firebird PDO driver extension. When using affected PHP versions, a malicious server can cause crashes in database functions (e.g., getAttribute(), execute(), fetch()) by returning invalid response data not parsed correctly by the driver, leading to crashes, denial of...

5.9CVSS5.6AI score0.01724EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2021/04/12 1:10 p.m.653 views

CVE-2021-23369

CVE-2021-23369 affects handlebars.js prior to 4.7.7. It allows remote code execution when compiling templates from untrusted sources due to how certain compiling options are handled. The vulnerability is described in vendor advisories (e.g., IBM bulletin referencing Node.js handlebars module) and...

9.8CVSS7.5AI score0.07028EPSS
Exploits2References7Affected Software1
CVE
CVE
added 2019/07/26 4:40 a.m.653 views

CVE-2018-20856

CVE-2018-20856 : Linux kernel before 4.18.7 contains a use-after-free in block/blk-core.c__blk_drain_queue() when an error case is mishandled. This could allow a local attacker to cause a denial of service or, potentially, execute arbitrary code. The issue was addressed in the 4.18.7 patch releas...

7.8CVSS7.2AI score0.00707EPSS
Exploits0References24Affected Software1
CVE
CVE
added 2019/01/16 8:0 p.m.653 views

CVE-2017-3143

The CVE-2017-3143 issue is a TSIG authentication bypass in ISC BIND that could allow an attacker who can communicate with an authoritative DNS server and knows a valid TSIG key name to manipulate BIND into accepting an unauthorized dynamic update. The vulnerability affects multiple BIND releases ...

7.5CVSS6.1AI score0.18157EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2023/09/14 11:6 p.m.652 views

CVE-2023-4680

CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/21 5:0 a.m.652 views

CVE-2022-25883

CVE-2022-25883 (semver ReDoS) affects the npm package semver prior to 7.5.2. The vulnerability arises in the creation of a new Range when untrusted user data is supplied, enabling a Regular Expression Denial of Service (ReDoS). The issue is documented in the IBM Security Bulletin for CVE-2022-258...

7.5CVSS8.3AI score0.02761EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2023/01/31 5:0 a.m.652 views

CVE-2022-25881

CVE-2022-25881 affects the http-cache-semantics package, specifically versions before 4.1.1. The issue can be exploited by sending malicious request header values to a server that reads the cache policy from the request using this library. This is a header/input handling vulnerability in the clie...

7.5CVSS7AI score0.01613EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/09/22 12:43 a.m.652 views

CVE-2022-39197

CVE-2022-39197 affects HelpSystems Cobalt Strike Team Server up through version 4.7, where a cross-site scripting vulnerability in the Teamserver enables an attacker to influence the Beacon configuration by supplying a malformed username in payloads. The public data describe several PoCs and expl...

6.1CVSS6AI score0.46446EPSS
In wildExploits6References3Affected Software1
CVE
CVE
added 2021/04/05 9:31 p.m.652 views

CVE-2021-20305

CVE-2021-20305 affects Nettle prior to 3.7.2 where signature verification (GOST DSA, EDDSA, ECDSA) calls ECC multiply with out-of-range scalars, potentially producing incorrect results and allowing an attacker to force an invalid signature (leading to assertion failure or validation issues). Docu...

8.1CVSS6.7AI score0.01607EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/01/27 7:18 p.m.651 views

CVE-2026-24858

CVE-2026-24858 is a high-severity authentication bypass affecting Fortinet FortiAnalyzer, FortiManager, FortiOS, FortiProxy, and FortiWeb (various 7.x versions) via FortiCloud SSO. The issue allows an attacker with a FortiCloud account and a registered device to log into other devices registered ...

9.8CVSS7AI score0.85844EPSS
In wildExploits0References4Affected Software6
CVE
CVE
added 2023/03/22 8:44 p.m.651 views

CVE-2023-28434

CVE-2023-28434 (MinIO) affects MinIO’s object storage framework. A security feature bypass allows an attacker with credentials for arn:aws:s3:::* and Console API access to bypass metadata bucket name checking during PostPolicyBucket and place objects into arbitrary buckets. This can impact confid...

8.8CVSS8.3AI score0.06736EPSS
In wildExploits2References4Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.651 views

CVE-2022-29917

CVE-2022-29917 involves memory-safety bugs in Firefox 99 and Firefox ESR 91.8 (Mozilla Fuzzing Team). Some bugs showed memory corruption and, with enough effort, could be exploited to run arbitrary code. affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox

9.8CVSS9.9AI score0.01005EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2022/09/30 6:46 p.m.651 views

CVE-2022-20851

CVE-2022-20851 affects Cisco IOS XE Software, specifically the Web UI command-injection path. The vulnerability arises from insufficient input validation in the Web UI API, allowing an authenticated attacker with Administrator privileges to craft input that can be processed by the underlying OS, ...

7.2CVSS6.8AI score0.00896EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/27 9:30 p.m.651 views

CVE-2022-31093

NextAuth.js (for Next.js) contains a vulnerability where an invalid callbackUrl query parameter can be passed, causing the URL constructor to throw an unhandled error and leading to API route timeouts and login failures. This issue has concrete fixes: upgrading to versions 3.29.5 or 4.5.0 resolve...

7.5CVSS7.5AI score0.01571EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/03/18 1:0 a.m.651 views

CVE-2014-2532

OpenSSH CVE-2014-2532 affects sshd prior to 6.6, where AcceptEnv lines with wildcards can be bypassed by using a substring before the wildcard, allowing remote attackers to bypass environment restrictions. Affected component: sshd in OpenSSH. Impact cited: potential info disclosure and environmen...

5.8CVSS5.2AI score0.04751EPSS
Exploits1References23Affected Software1
CVE
CVE
added 2008/11/21 2:0 a.m.651 views

CVE-2008-5184

CVE-2008-5184 affects CUPS prior to 1.3.8, where the web interface (cgi-bin/admin.c) uses a guest user when no user is logged in, enabling CSRF attacks on RSS subscription management (add and cancel) by remote attackers. Multiple connected advisories note the issue as part of broader CUPS updates...

10CVSS7.4AI score0.03669EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2007/06/13 10:0 a.m.651 views

CVE-2007-3205

Summary: CVE-2007-3205 affects the parse_str function in PHP, Hardened-PHP, and Suhosin when called without a second parameter. The vulnerability allows a remote attacker to overwrite arbitrary variables by supplying variable names and values in the string to be parsed. The description notes unce...

5CVSS6.7AI score0.02075EPSS
Exploits0References7Affected Software3
CVE
CVE
added 2025/03/21 2:34 p.m.650 views

CVE-2025-29927

CVE‑2025‑29927 affects Next.js before patches: versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3. The issue is an authorization bypass that can occur if the check runs in middleware. Fixed in the specified versions; patching to a safe version is recommended. If patching is infeasible, block external r...

9.1CVSS6.9AI score0.99621EPSS
In wildExploits58References8Affected Software1
CVE
CVE
added 2024/01/16 9:41 p.m.649 views

CVE-2024-20918

CVE-2024-20918 affects Oracle Java SE (8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1), Oracle GraalVM for JDK (17.0.9, 21.0.1), and Oracle GraalVM Enterprise Edition (20.3.12, 21.3.8, 22.3.4). The vulnerability, which is network-accessible via multiple protocols, can allow an unauthenticated attacke...

7.4CVSS7.1AI score0.00911EPSS
Exploits0References4Affected Software4
CVE
CVE
added 2023/10/18 3:55 a.m.649 views

CVE-2023-38552

CVE-2023-38552 affects Node.js where the experimental policy/ integrity-check mechanism can be bypassed by forging a checksum during policy validation. The root issue is interception of the integrity verification against a trusted manifest, enabling an attacker to disable the integrity check for ...

7.5CVSS7.3AI score0.01107EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2018/10/06 2:0 p.m.649 views

CVE-2018-17456

CVE-2018-17456 is a remote code execution in Git triggered when processing a recursive clone of a superproject if a .gitmodules URL starts with a dash. Affected Git versions include 2.14.5 and later 2.15.x/2.16.x/2.17.x/2.18.x/2.19.x before the fixed releases listed (e.g., 2.14.5 and subsequent u...

9.8CVSS9.3AI score0.97356EPSS
Exploits12References18Affected Software1
CVE
CVE
added 2018/02/16 5:0 p.m.649 views

CVE-2017-18190

CVE-2017-18190 affects the CUPS printing system. Connected sources confirm a vulnerability where a localhost.localdomain whitelist entry in valid_host() (scheduler/client.c) in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon ...

7.5CVSS7.8AI score0.02979EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2016/07/06 2:0 p.m.649 views

CVE-2016-4979

CVE-2016-4979 affects Apache HTTP Server 2.4.18–2.4.20 when mod_http2 and mod_ssl are enabled; it fails to recognize the SSLVerifyClient require directive for HTTP/2 request authorization, enabling bypass of access restrictions by abusing multiple requests on a single connection and renegotiation...

7.5CVSS7.5AI score0.18802EPSS
Exploits0References25Affected Software1
CVE
CVE
added 2024/01/09 5:56 p.m.648 views

CVE-2024-0057

CVE-2024-0057 is a security feature bypass in components used by .NET Framework-based apps when building X.509 chains. The root cause is a logic flaw that can cause the framework to report a failed chain build but return an incorrect reason code, which may lead an application to treat an untruste...

9.8CVSS9.3AI score0.02778EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2023/02/14 7:32 p.m.648 views

CVE-2023-21718

Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.

7.8CVSS8AI score0.0074EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/24 12:0 a.m.648 views

CVE-2022-27508

CVE-2022-27508 is an unauthenticated denial-of-service vulnerability affecting Citrix ADC and Citrix Gateway, specifically the 12.1-64.16 release. The CVE is detailed in Citrix Security Bulletin CTX457048, which confirms the DoS impact and that Citrix has published fixes. Other connected sources ...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/05/02 9:49 p.m.648 views

CVE-2022-24897

CVE-2022-24897 affects XWiki Commons/Velocity integration. The Velocity scripting feature allowed scripts to access the Java File API, enabling read/write operations on the filesystem when scripts ran with Script rights. Vulnerable versions include 2.3 prior to 12.6.7, 12.10.3, and 13.0. The root...

7.5CVSS7.4AI score0.01476EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/09/03 5:52 p.m.648 views

CVE-2019-1125

CVE-2019-1125 is a Linux kernel local information-disclosure vulnerability related to SWAPGS speculation (Spectre variant 1). The issue allows a local attacker to read kernel/privileged memory through speculative execution on most x86 processors; mitigation relies on memory barriers to limit spec...

5.6CVSS7AI score0.04521EPSS
Exploits4References17Affected Software8
CVE
CVE
added 2024/04/17 10:27 a.m.647 views

CVE-2024-26875

The CVE-2024-26875 entry affects Linux kernel media: pvrusb2, where risk came from a use-after-free in pvr2_context_set_notify due to a race with pvr2_context_disconnect involving a disconnect_flag. The provided fix moves the disconnect_flag assignment to after all code in pvr2_context_disconnect...

6.4CVSS6.5AI score0.00245EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2023/06/28 12:0 a.m.647 views

CVE-2023-20006

CVE-2023-20006 affects Cisco ASA/FTD on Cisco Firepower 2100 Series appliances, where the hardware SSL/TLS offload cryptography implementation error can cause an unauthenticated attacker to trigger a device reload and DoS. The root cause is an implementation flaw in hardware-based SSL/TLS process...

8.6CVSS7.5AI score0.00919EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/12/23 12:0 a.m.647 views

CVE-2022-40011

CVE-2022-40011 affects Typora up to version 1.3.8. The vulnerability is an XSS where exporting a document containing an SVG element with an attacker-controlled onload attribute can be used at a victim’s origin, enabling script execution in the victim context. The available connected documents con...

6.1CVSS6AI score0.00587EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/06/19 10:24 p.m.647 views

CVE-2019-2729

CVE-2019-2729 affects Oracle WebLogic Server (Web Services component) with unauthenticated remote code execution via deserialization. Affected versions are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability stems from improper deserialization (WebLogic Web Services / XMLDecoder context) an...

9.8CVSS9.4AI score0.8883EPSS
In wildExploits11References7Affected Software9
CVE
CVE
added 2024/09/16 6:25 p.m.646 views

CVE-2024-45801

CVE-2024-45801 – DOMPurify prototype pollution/XSS issue : DOMPurify can bypass depth checks via special nesting and, separately, through prototype pollution weakening depth validation. The GHSA advisory details a prototype-pollution chain where Object.prototype.tagNameCheck and Object.prototype....

7.3CVSS6.7AI score0.00844EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/11/15 12:0 a.m.646 views

CVE-2021-43618

CVE-2021-43618 affects GMP up to version 6.2.1. The issue is an integer overflow in mpz/inp_raw.c that can cause a buffer overflow, leading to a segmentation fault on 32‑bit platforms. Public advisories in multiple distributions confirm a patched release is available (e.g., GMP 6.2.1-2 and newer;...

7.5CVSS7.7AI score0.03425EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2021/01/26 8:39 p.m.646 views

CVE-2021-26272

CVE-2021-26272 is a ReDoS in CKEditor 4 Autolink: by pasting crafted URL-like text and pressing Enter/Space, a victim can trigger a denial-of-service. The publicly documented detail confirms CKEditor 4.x up to before 4.16 is affected; remediation is to upgrade to CKEditor 4.16+ or apply a fix as ...

6.5CVSS6.6AI score0.02223EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/06/06 12:0 a.m.645 views

CVE-2023-33460

CVE-2023-33460 involves a memory leak in the yajl JSON library (yajl_tree_parse) that can cause out-of-memory conditions and server crashes for the affected 2.1.0 release. Connected advisories confirm patches by various distributions (e.g., Debian, AlmaLinux, Amazon Linux, CBL-Mariner, Astra Linu...

6.5CVSS6.5AI score0.01129EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2023/04/25 8:9 p.m.645 views

CVE-2023-29007

Git CVE-2023-29007 affects multiple Git versions prior to 2.30.9–2.40.1. A bug in config.c (git_config_copy_or_rename_section_in_file) allows injection of arbitrary configuration via a long .gitmodules submodule URL, enabling execution of user-controlled executables when removing a submodule sect...

7.8CVSS7.8AI score0.06079EPSS
Exploits2References9Affected Software1
Total number of security vulnerabilities5000