Lucene search
K
CveMost viewed

368451 matches found

CVE
CVE
added 2025/12/10 4:50 p.m.590 views

CVE-2025-67642

The CVE-2025-67642 affects the Jenkins HashiCorp Vault Plugin versions 371.v884a_4dd60fb_6 and earlier. Root cause: the plugin does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials t...

4.3CVSS6.4AI score0.00194EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/04/01 9:7 a.m.590 views

CVE-2024-56325

Apache Pinot

9.8CVSS9.7AI score0.78668EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/06 6:3 p.m.590 views

CVE-2023-2801

Grafana (CVE-2023-2801) is affected by a vulnerability allowing a crash via mixed data-source queries in public dashboards or when calling the query API directly. The issue is tied to Grafana’s handling of mixed queries and could impact availability of the Grafana instance. Fixed versions per the...

7.5CVSS6.2AI score0.00745EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/28 5:19 p.m.590 views

CVE-2022-41725

CVE-2022-41725 affects Go’s net/http and mime/multipart form parsing. The vulnerability originated from ReadForm/ParseMultipartForm not fully accounting memory (map entries, names, headers) and not limiting disk-file creation, allowing large forms to exceed 10MB+maxMemory in memory and to generat...

7.5CVSS8.6AI score0.01231EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/01/06 10:50 p.m.590 views

CVE-2022-21661

WordPress CVE-2022-21661 is a WP_Query SQL injection vulnerability in WordPress core that can be triggered via plugins/themes using WP_Query in vulnerable ways. The initial entry notes improper sanitization in WP_Query allows SQL injection, with patches back through WordPress 3.7.37 and a fixed 5...

8CVSS8AI score0.97795EPSS
Exploits14References11Affected Software1
CVE
CVE
added 2018/03/13 4:0 p.m.590 views

CVE-2018-1050

CVE-2018-1050 is a NULL pointer dereference in Samba’s RPC external printer service that can crash the print spooler, affecting Samba releases from 4.0.0 onward. The issue arises from missing input validation in spoolss RPC calls, leading to a denial-of-service condition. Public advisories and pr...

4.3CVSS6.2AI score0.06691EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2025/03/27 2:57 p.m.589 views

CVE-2025-21877

CVE-2025-21877 (Linux kernel, usbnet gl620a) affects the usbnet implementation in the kernel where GenelInK_bind() fails to verify that the device actually provides the endpoints it requests. This can lead to a mismatch when an artificially manufactured endpoint is encountered, as Syzbot observed...

5.5CVSS6.7AI score0.002EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2025/02/21 12:0 a.m.589 views

CVE-2025-25875

Affected software: ITSourcecode Simple ChatBox (up to v1.0). Vulnerable component: /message.php. Root cause: SQL injection in the file as stated. Impact: Confidentiality and integrity are marked HIGH; availability LOW. Attack vector: Network; required privileges: HIGH; user interaction required. ...

6.4CVSS7.3AI score0.00348EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/27 6:40 p.m.589 views

CVE-2021-46950

The CVE-2021-46950 entry concerns a Linux kernel data corruption issue in md/raid1(bitmaps): when ending a failed write request, bitmap bits could be cleared, causing corruption. The vulnerability arises in the failure handling path of raid1_end_write_request, where the I/O might be retried (R1BI...

7.8CVSS7.6AI score0.00248EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/07/27 12:22 a.m.589 views

CVE-2023-38572

CVE-2023-38572 concerns WebKitGTK/WebKit components where a website may bypass the Same Origin Policy. The CVE is addressed with updated checks and is fixed in multiple Apple platforms: iOS 15.7.8 and iPadOS 15.7.8; iOS 16.6 and iPadOS 16.6; tvOS 16.6; macOS Ventura 13.5; Safari 16.6; watchOS 9.6...

7.5CVSS6.7AI score0.00967EPSS
Exploits0References11Affected Software6
CVE
CVE
added 2022/12/22 12:0 a.m.589 views

CVE-2022-28285

CVE-2022-28285 describes an incorrect AliasSet used during MLoadTypedArrayElementHole JIT codegen, enabling a potential out-of-bounds read when combined with another vulnerability. Affected products include Thunderbird < 91.8, Firefox < 99, and Firefox ESR

6.5CVSS7.2AI score0.00752EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2024/04/09 5:0 p.m.588 views

CVE-2024-26256

CVE-2024-26256 is a Libarchive remote code execution vulnerability. Multiple connected sources confirm a flaw in the libarchive library (notably in the rar e8 filter) that can lead to arbitrary code execution when processing crafted RAR archives. Public mitigations are version-specific: Debian li...

7.8CVSS7.9AI score0.87784EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/03/04 5:21 p.m.588 views

CVE-2024-27198

CVE-2024-27198 affects JetBrains TeamCity prior to 2023.11.4, where an authentication bypass enables attackers with no privileges to perform admin actions and potentially achieve remote code execution (RCE). Connected PoC/documentation detail a bypass that abuses a REST API routing flaw via an un...

9.8CVSS9.6AI score0.99938EPSS
In wildExploits24References3Affected Software1
CVE
CVE
added 2022/03/16 12:0 a.m.588 views

CVE-2022-24729

CVE-2022-24729 affects CKEditor4 prior to 4.18.0, where the dialog plugin has a vulnerability in the input validator regex that can cause a severe performance drop, leading to browser tab freeze (ReDoS). The issue is documented with a confirmed remediation: upgrade to CKEditor4 4.18.0 or newer. C...

7.5CVSS6.7AI score0.02448EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2019/07/30 4:13 p.m.588 views

CVE-2019-10130

CVE-2019-10130 affects PostgreSQL where statistics kept for columns can be consulted during query planning before row-level security is enforced, allowing an attacker with SELECT privilege to read the most common values or histograms of certain columns. Affected versions include PostgreSQL 11.x (...

4.3CVSS5.5AI score0.01085EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/04/29 9:0 p.m.588 views

CVE-2018-10547

CVE-2018-10547: Reflected XSS on PHAR 403/404 error pages due to an incomplete fix for CVE-2018-5712. Affected PHP versions are: 5.6 before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. Exploitation involves request data for a .phar file leading to XSS on error pages. ...

6.1CVSS7.2AI score0.0363EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2025/06/03 12:59 p.m.587 views

CVE-2025-4138

CVE-2025-4138 affects Python’s tarfile module when using TarFile.extractall() or TarFile.extract() with filter='data' or 'tar'. The extraction filter can be bypassed, allowing symlink targets to point outside the destination directory and enabling modification of some file metadata. This issue is...

7.5CVSS8.1AI score0.01109EPSS
Exploits7References12
CVE
CVE
added 2022/11/11 1:10 p.m.587 views

CVE-2022-41854

CVE-2022-41854: Denial of Service in Snakeyaml when parsing untrusted YAML, potentially via stack overflow causing availability impact. Affected component: Snakeyaml (Java); exact affected versions not clearly specified in the provided documents, but references discuss Snakeyaml usage and updates...

6.5CVSS6.3AI score0.01476EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/06/28 9:4 p.m.587 views

CVE-2022-31884

CVE-2022-31884 affects Marval MSM v14.19.0.12476 and is due to Improper Access Control. A low-privilege user can delete other users’ API Keys, including high-privilege and Administrator keys. The connected documents describe exploitation potential and real-world use; there is no publicly document...

6.5CVSS6.4AI score0.01103EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/03/23 5:6 p.m.587 views

CVE-2019-9947

CVE-2019-9947 is a CRLF injection vulnerability in urllib/urllib2. The issue affects Python 2.x up to 2.7.16 and Python 3.x up to 3.7.3, where an attacker controlling a URL parameter can insert CRLF sequences in the path (or query) component passed to urlopen/urlopen-like calls, potentially leadi...

6.1CVSS7.7AI score0.05406EPSS
Exploits1References21Affected Software1
CVE
CVE
added 2025/11/20 10:18 p.m.586 views

CVE-2025-64660

CVE-2025-64660 affects GitHub Copilot and Visual Studio Code with an improper access control flaw that enables an authorized attacker to execute code over a network. The vulnerability is described as a remote code execution issue due to access-control bypass, impacting Visual Studio Code and GitH...

8CVSS7AI score0.00486EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/17 9:2 p.m.586 views

CVE-2023-22070

CVE-2023-22070 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.34 and earlier and 8.1.0. Exploitation via network could cause high-availability impact (hang or crash). Remediation: upgrade to patched version (e.g., 8.0.35-1 or newer as referenced by Debian/Mariner advisories)...

4.9CVSS5.1AI score0.00871EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/05 6:25 p.m.586 views

CVE-2023-42754

CVE-2023-42754 is a vulnerability in the Linux kernel IPv4 stack: a NULL pointer dereference where skb may not be bound to a device before __ip_options_compile if the skb is re-routed by ipvs. The impact is a local crash under CAP_NET_ADMIN. Public details in connected advisories reaffirm the iss...

5.5CVSS6.8AI score0.00406EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2023/08/07 1:19 p.m.586 views

CVE-2023-4194

CVE-2023-4194 affects the Linux kernel TUN/TAP network devices. A type confusion in initialization of tun/tap sockets could let a local user bypass network filters and access resources. The description notes patches for CVE-2023-1076 were incomplete; upstream commits (tun_chr_open/tun_open and re...

5.5CVSS6.7AI score0.00274EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2023/01/31 3:54 p.m.586 views

CVE-2022-25147

CVE-2022-25147 is an out-of-bounds write vulnerability in APR-util’s apr_base64 functions, affecting APR-util versions up to 1.6.1 (and prior). Multiple advisories note the issue and list updates to APR-util as the mitigation (e.g., RHSA-2023:3145, ALSA/ALAS advisories for AlmaLinux/Amazon Linux,...

6.5CVSS7AI score0.01417EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/06/03 3:15 p.m.586 views

CVE-2020-28469

CVE-2020-28469 affects the glob-parent package prior to v5.1.2. The flaw arises from the enclosure-regex used to validate strings ending in an enclosure that contains a path separator. The described effect is a Regular Expression Denial of Service (ReDoS) scenario. Affected software/component: gl...

7.5CVSS7.2AI score0.04456EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2021/03/01 9:49 p.m.586 views

CVE-2021-27877

CVE-2021-27877 affects Veritas Backup Exec before 21.2, where SHA authentication remains supported but not disabled. This allows a remote attacker to gain unauthorized access to a Backup Exec Agent and execute privileged commands. The vulnerability excerpt notes the issue is exploitable over the ...

9.8CVSS9.6AI score0.6491EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2017/10/02 9:0 p.m.586 views

CVE-2017-14492

CVE-2017-14492 is a heap-based buffer overflow in dnsmasq’s IPv6 router advertisement (RA) handling. Affected configurations include enabling RA-related options (enable-ra, ra-only, slaac, ra-names, ra-advrouter, ra-stateless). Impact per the sources: remote code execution or crash on the local n...

9.8CVSS9AI score0.93307EPSS
Exploits5References20Affected Software5
CVE
CVE
added 2015/11/09 4:0 p.m.586 views

CVE-2015-8096

CVE-2015-8096 affects Google Picasa 3.9.140.239 and 3.9.140.248, with a heap-based buffer overflow exploitable via Phase One tag 0x412 that enables remote code execution. OpenVAS entries corroborate a buffer overflow condition across Windows and macOS builds; CNVD/NVD entries align on the same ve...

10CVSS8.2AI score0.04017EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2006/10/25 10:0 a.m.586 views

CVE-2006-5494

CVE-2006-5494 / CVE-2006-6795 describe remote file inclusion flaws in the pandaBB module for PHP-Nuke and the My_eGallery 2.5.6 module for myPHPNuke, both allowing an attacker to execute arbitrary PHP code via a URL parameter. The core issue is PHP remote file inclusion in the gallery/displayCate...

7.5CVSS7.6AI score0.03124EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2023/08/02 7:47 p.m.585 views

CVE-2023-29409

CVE-2023-29409 affects the Go language runtime/package (golang) across multiple distributions. The issue arises from extremely large RSA keys in certificate chains causing excessive signature verification CPU usage; the fix restricts RSA key sizes in handshakes to 8192 bits. Public advisories ind...

5.3CVSS6.9AI score0.01328EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/05/04 12:0 a.m.585 views

CVE-2023-21492

CVE-2023-21492 is a Samsung Mobile devices vulnerability where kernel pointers are printed to the log file, enabling a privileged, local attacker to bypass ASLR. Affected software relates to Samsung Mobile devices with the SMR May-2023 Release 1 context. The root cause is the insertion of sensiti...

4.4CVSS4.9AI score0.02554EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2021/05/26 10:30 a.m.585 views

CVE-2021-22543

CVE-2021-22543 is described in connected advisories as a local privilege-escalation through KVM and improper handling of VM_IO|VM_PFNMAP VMAs, which can bypass RO checks and allow reading/writing guest memory by a privileged VM operator. Technical details across sources indicate the vulnerability...

8.7CVSS7.6AI score0.0066EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2020/10/21 2:4 p.m.585 views

CVE-2020-14812

CVE-2020-14812 affects Oracle MySQL Server (component: Server: Locking) with affected versions 5.6.49 and prior, 5.7.31 and prior, and 8.0.21 and prior. Exploitation can lead to a hang or frequent crashes (DoS) with network access. Remediation status varies by distribution; Debian LTS notes a fix...

6.8CVSS5.1AI score0.0288EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2019/12/04 4:25 p.m.585 views

CVE-2019-11936

CVE-2019-11936 affects HHVM: various APC functions accept keys containing null bytes, causing input truncation. Affected versions include HHVM before 3.30.12, 4.0.0–4.8.5, 4.9.0–4.23.1, and 4.24.0–4.28.1. The Connected documents corroborate the same affected version ranges and input-truncation be...

9.8CVSS9.4AI score0.01476EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/07/26 12:0 a.m.585 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
Exploits0References17Affected Software1
CVE
CVE
added 2025/12/19 10:23 p.m.584 views

CVE-2025-68613

CVE-2025-68613 (n8n) : Affects n8n open source workflow automation prior to patched versions 1.120.4, 1.121.1, 1.122.0. Root cause is insufficient isolation in the workflow expression evaluation system, allowing authenticated users to cause the n8n process to execute arbitrary code in the runtime...

9.9CVSS7.5AI score0.97875EPSS
In wildExploits29References6Affected Software1
CVE
CVE
added 2025/11/21 10:50 p.m.584 views

CVE-2025-12888

CVE-2025-12888 affects X25519 constant-time implementations, with timing side channels arising from compiler optimizations and CPU architecture constraints on Xtensa-based ESP32 chips. The issue is tied to the X25519 code path and may impact confidentiality (per CVSS data, base score high in some...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/11 9:21 a.m.584 views

CVE-2025-26411

Wattsense Bridge devices are affected by CVE-2025-26411 through the web interface Plugin Manager. An authenticated attacker with a valid Wattsense web account can upload malicious Python files to the device, enabling remote root access. The vulnerability is tied to the Plugin Manager functionalit...

8.8CVSS8.5AI score0.00649EPSS
Exploits1References3
CVE
CVE
added 2024/02/27 6:40 p.m.584 views

CVE-2021-46945

CVE-2021-46945 concerns the Linux kernel ext4 filesystem. The vulnerability causes a kernel panic when the filesystem is mounted with errors=panic, prior to a specific commit. After the patch 014c9caa29d3, remounting a filesystem with abort no longer panics, and the behavior is restored to what i...

5.5CVSS6AI score0.00222EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/07/11 8:55 p.m.584 views

CVE-2022-31080

KubeEdge’s Websocket Client (Viaduct) in versions prior to 1.11.1, 1.10.2, and 1.9.4 is vulnerable to a DoS through memory exhaustion. The issue arises when a large response is read fully into memory, allowing an attacker to trigger a request that returns a large body and exhausts memory, potenti...

6.5CVSS5.3AI score0.00618EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/06 11:5 p.m.584 views

CVE-2022-21662

CVE-2022-21662 affects WordPress core; vulnerability allows low-privileged authenticated users (e.g., authors) to execute JavaScript via stored XSS, potentially impacting high-privilege users. It has been patched in WordPress 5.8.3, with older affected versions fixed via security releases back to...

8CVSS6.4AI score0.63418EPSS
In wildExploits0References6Affected Software1
CVE
CVE
added 2021/07/14 6:20 a.m.584 views

CVE-2021-36374

CVE-2021-36374 affects Apache Ant and causes denial of service via memory allocation when parsing specially crafted ZIP-based archives (and derived formats such as JARs and certain Office files). The vulnerability stems from how Ant reads these archives, enabling large memory use and out-of-memor...

5.5CVSS6.2AI score0.0262EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2020/06/08 4:45 p.m.584 views

CVE-2020-12695

CVE-2020-12695 (CallStranger) concerns UPnP SUBSCRIBE handling in the Open Connectivity Foundation specification prior to 2020-04-17. The root cause is a controllable Callback header that can trigger HTTP connections to arbitrary URLs, enabling SSRF-like behavior and potentially leading to amplif...

7.8CVSS7.6AI score0.15193EPSS
Exploits3References17Affected Software1
CVE
CVE
added 2019/04/09 3:18 p.m.584 views

CVE-2019-3880

CVE-2019-3880 affects Samba where an RPC endpoint emulating Windows registry API can be abused by an unprivileged user to save a registry hive file outside the share, potentially creating a new file in the Samba share. Affected versions are pre-4.8.11, pre-4.9.6 and pre-4.10.2. Red Hat/CentOS and...

5.5CVSS5.6AI score0.03392EPSS
Exploits0References16Affected Software1
CVE
CVE
added 2024/12/02 7:29 a.m.583 views

CVE-2024-53104

CVE-2024-53104 affects the Linux kernel USB Video Class (UVC) driver, specifically the uvc_parse_format logic which should skip frames of type UVC_VS_UNDEFINED. The fix prevents an out-of-bounds write in uvc_parse_streaming caused by mis-sized frame buffers, addressing an out-of-bounds write vuln...

7.8CVSS6.7AI score0.03301EPSS
In wildExploits1References12Affected Software1
CVE
CVE
added 2023/09/25 7:3 p.m.583 views

CVE-2023-43642

CVE-2023-43642 (snappy-java) : The SnappyInputStream lacks an upper bound check on chunk length, enabling a DoS with large chunks. All versions up to 1.1.10.3 are vulnerable; a fix was added in commit 9f8c3cf74 and will be included in 1.1.10.4. Affected products/versions are Snappy Java releases ...

7.5CVSS7.4AI score0.0104EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/03/28 12:0 a.m.583 views

CVE-2022-23125

Netatalk CVE-2022-23125 is a remote, unauthenticated code execution flaw in the copyapplfile function where len validation for user data can overflow a fixed-size stack buffer. Affected product: Netatalk (AFP) 3.1.x. Root context: multiple sources confirm root-level impact and disclosure of this ...

9.8CVSS9.5AI score0.04354EPSS
In wildExploits0References6Affected Software1
CVE
CVE
added 2022/04/20 11:23 p.m.583 views

CVE-2022-27926

Zimbra Collaboration (ZCS) 9.0 is affected by a reflected XSS in /public/launchNewWindow.jsp that allows unauthenticated attackers to execute arbitrary script or HTML via request parameters. The issue is confirmed across multiple sources (NVD/Nuclei/CISA KEV/CNVD) with the impact described as cli...

6.1CVSS6AI score0.17252EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2020/06/12 12:0 a.m.583 views

CVE-2020-10732

CVE-2020-10732 describes a Linux Kernel flaw in the Userspace core dumps implementation. According to connected IBM bulletin entries, the issue: allows a local authenticated attacker to obtain sensitive information or cause a program crash by exploiting the core-dump handling path. The vulnerabil...

4.4CVSS5.6AI score0.00617EPSS
Exploits0References14Affected Software1
Total number of security vulnerabilities5000