Lucene search
K
CveMost viewed

368448 matches found

CVE
CVE
added 2023/03/08 5:14 p.m.558 views

CVE-2023-27898

CVE-2023-27898 affects Jenkins core (versions 2.270–2.393 and LTS 2.277.1–2.375.3) where an error message rendering vendor/plugin incompatibility fails to escape the Jenkins version context. This leads to a stored cross-site scripting (XSS) vulnerability that can be triggered by attackers who can...

9.6CVSS8.4AI score0.0184EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/22 12:0 a.m.558 views

CVE-2023-24056

CVE-2023-24056 affects pkgconf up to 1.9.3. The issue is a root cause in libpkgconf/tuple.c:pkgconf_tuple_parse where variable duplication can cause unbounded string expansion (e.g., a small .pc expanded to billions of bytes), leading to memory/resource exhaustion. IBM bulletins for Cloud Pak pro...

5.5CVSS5.1AI score0.00516EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.558 views

CVE-2022-26383

CVE-2022-26383 concerns a UI/UX issue in Firefox and Thunderbird where, after requesting fullscreen, resizing the popup prevented the fullscreen notification from displaying. Connected docs confirm the flaw affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird

4.3CVSS6AI score0.00655EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2022/05/16 2:30 p.m.558 views

CVE-2022-1386

CVE-2022-1386 : The WordPress Fusion Builder plugin (before 3.6.2) used with the Avada theme is vulnerable to a server-side request forgery (SSRF). The plugin does not validate a parameter in its forms, allowing an attacker to initiate arbitrary HTTP requests, with the response echoed back to the...

9.8CVSS9.2AI score0.71722EPSS
In wildExploits6References3Affected Software2
CVE
CVE
added 2022/05/16 1:28 p.m.558 views

CVE-2022-29353

Affected software: Graphql-upload v13.0.0 (Node.js middleware). Vulnerable component: file upload module; root cause: arbitrary file upload via crafted filename enables code execution. Impact: remote code execution with high/critical severity indicators (network vector, no authentication; confide...

9.8CVSS9.5AI score0.01615EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/04/01 2:20 p.m.558 views

CVE-2021-28165

The CVE-2021-28165 issue affects Eclipse Jetty versions 7.2.2–9.4.38, 10.0.0.alpha0–10.0.1, and 11.0.0.alpha0–11.0.1, where handling a large invalid TLS frame can cause CPU usage to reach 100%, leading to resource exhaustion. The underlying cause is described as abnormal processing after receivin...

7.8CVSS7.3AI score0.53861EPSS
Exploits1References107Affected Software1
CVE
CVE
added 2018/12/07 9:0 p.m.558 views

CVE-2018-18311

CVE-2018-18311 is a Perl vulnerability describing a buffer overflow caused by crafted regular expressions and an integer/offset issue in Perl’s environment setup (Perl before 5.26.3 and 5.28.x before 5.28.1). Connected advisories show multiple distributions releasing patches and updates to Perl p...

9.8CVSS9.6AI score0.11676EPSS
Exploits0References28Affected Software1
CVE
CVE
added 2023/10/24 11:48 p.m.557 views

CVE-2023-46136

CVE-2023-46136 affects Werkzeug (WSGI library). A crafted multipart upload starting with CR/LF followed by many data bytes can cause the parser to append to an internal buffer and exhaust CPU, leading to DoS. This has been patched in version 3.0.1. IBM/PowerVC and QRadar bulletins referencing the...

8CVSS6.8AI score0.01072EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/09/13 4:11 p.m.557 views

CVE-2023-4155

CVE-2023-4155 describes a vulnerability in the Linux kernel’s KVM AMD SEV implementation. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race that causes the VMGEXIT handler to be invoked recursively. If the handler is called multiple times, this can lead to a ...

5.6CVSS6.2AI score0.00158EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/14 12:0 a.m.557 views

CVE-2022-41715

CVE-2022-41715 concerns the Go regexp package. When er turning regular expressions from untrusted sources, parsing can exhaust memory and cause DoS, because the parsed representation is linear in input size and, in worst cases, the memory footprint can be very large. The available documents state...

7.5CVSS7.2AI score0.01339EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/05/09 12:0 a.m.557 views

CVE-2022-28739

CVE-2022-28739 describes a buffer over-read during String-to-Float conversion in Ruby. Affected are Ruby versions: 2.6 and earlier, 2.7.x prior to 2.7.6, 3.x prior to 3.0.4, and 3.1.x prior to 3.1.2. The flaw affects conversion paths such as Kernel#Float and String#to_f and can lead to memory saf...

7.5CVSS7.8AI score0.04127EPSS
Exploits0References15Affected Software1
CVE
CVE
added 2020/03/02 3:59 a.m.557 views

CVE-2020-9546

CVE-2020-9546 affects FasterXML jackson-databind 2.x before 2.9.10.4, where serialization gadgets and typing interactions involving org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig can lead to deserialization issues. The IBM/Cloudera bulletin references the same CVE and lists a high impact...

9.8CVSS9.2AI score0.04613EPSS
Exploits0References17Affected Software1
CVE
CVE
added 2015/01/09 2:0 a.m.557 views

CVE-2015-0204

CVE-2015-0204 affects OpenSSL client code and enables a Man‑in‑the‑Middle downgrade attack (FREAK) by negotiating an export‑grade RSA key. Affected OpenSSL versions: 0.9.8z d and earlier; 1.0.0 up to but not including 1.0.0p; 1.0.1 up to but not including 1.0.1k. The vulnerability allows brute‑fo...

4.3CVSS6.5AI score0.98685EPSS
Exploits0References66Affected Software1
CVE
CVE
added 2025/04/28 7:14 p.m.556 views

CVE-2025-31650

CVE-2025-31650 affects Apache Tomcat and describes a DoS due to DoS via malformed HTTP/2 PRIORITY_UPDATE frames arising from improper input handling. Affects Tomcat 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5 (including older EOL 8.5.x in discussions). Debian/AlmaLinux advisories refere...

7.5CVSS7.8AI score0.66933EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2025/01/17 11:17 p.m.556 views

CVE-2018-9405

CVE-2018-9405 describes a potential out-of-bounds write in BnDmAgent::onTransact (dm_agent.cpp) due to a missing bounds check, enabling local privilege escalation to System level without user interaction. Affected context shown in multiple sources (Android Pixel/Nexus bulletin references and vend...

6.7CVSS8.8AI score0.00103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/06/30 11:39 p.m.556 views

CVE-2023-30589

CVE-2023-30589 – Node.js (llhttp CRLF handling) – Technical summary The llhttp parser in Node.js’ http module does not strictly use CRLF to delimit HTTP header fields, potentially allowing HTTP Request Smuggling. The CR character alone (without LF) can delimit headers, contrary to RFC7230 which r...

7.5CVSS7.8AI score0.03906EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2022/09/05 12:0 a.m.556 views

CVE-2022-38751

CVE-2022-38751 affects SnakeYAML (Java YAML parser). Issue: denial-of-service when parsing untrusted YAML, potentially via stack overflow. Public details in multiple advisories confirm affected packages and urge upgrade. Remediation per sources includes upgrading SnakeYAML to newer releases (e.g....

6.5CVSS7.4AI score0.01453EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/06/14 9:40 p.m.556 views

CVE-2022-32230

CVE-2022-32230 affects Microsoft Windows SMBv3 prior to the April 2022 patch set. A malformed FileNormalizedNameInformation SMBv3 request sent over a named pipe can trigger a null pointer dereference in the Windows kernel, resulting in a Blue Screen of Death (BSOD) and reboot of the SMBv3 server....

7.8CVSS7.5AI score0.06977EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2022/03/24 12:0 a.m.556 views

CVE-2022-24769

CVE-2022-24769 affects Moby (Docker Engine) before 20.10.14. The bug starts containers with non-empty inheritable Linux process capabilities, enabling programs with inheritable file capabilities to elevate to the container’s permitted set during execve, potentially impacting containers using Linu...

5.9CVSS6.5AI score0.00492EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2021/12/07 6:25 p.m.556 views

CVE-2021-43798

Grafana CVE-2021-43798 is a directory traversal vulnerability affecting Grafana 8.0.0-beta1 through 8.3.0 (excluding patched versions). The flaw allows access to local files via the vulnerable URL path /public/plugins/ and related API paths described in the advisories. Upstream fixes were release...

7.5CVSS7.5AI score0.88849EPSS
In wildExploits44References9Affected Software1
CVE
CVE
added 2021/06/24 1:17 p.m.556 views

CVE-2021-29956

CVE-2021-29956 affects Thunderbird prior to 78.10.2. OpenPGP secret keys imported with Thunderbird 78.8.1–78.10.1 were stored unencrypted on the local disk, with master password protection inactive for those keys. Version 78.10.2 restores the master-password protection for newly imported keys and...

4.3CVSS5.7AI score0.0081EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/03/19 4:8 a.m.556 views

CVE-2020-25097

CVE-2020-25097 affects Squid proxy (versions 4.13 and 5.x up to 5.0.4) due to improper input validation while parsing request URIs, enabling HTTP request smuggling by a trusted client and access to services otherwise restricted. The issue is activated for certain uri_whitespace configurations. Pu...

8.6CVSS8.4AI score0.08161EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2025/05/27 8:43 p.m.555 views

CVE-2025-5064

CVE-2025-5064 relates to an inappropriate implementation in Chrome's Background Fetch API that could leak cross-origin data via a crafted HTML page. Affected product: Google Chrome (Chromium base). The issue is mitigated by upgrading to Chrome 137.0.7151.55 or later (Chromium fix referenced by Ch...

5.4CVSS6AI score0.00307EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/10 9:57 p.m.555 views

CVE-2025-24970

CVE-2025-24970 (Netty) affects Netty 4.1.91.Final through 4.1.118.Final. A crafted packet via SslHandler can fail validation, causing a native crash. A patch exists in 4.1.118.Final. Workarounds include disabling the native SSLEngine or applying code-level changes as noted by advisories. IBM bull...

7.5CVSS7.4AI score0.01966EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/02/05 12:0 a.m.555 views

CVE-2024-57075

CVE-2024-57075 affects eazy-logger v4.0.1: prototype pollution in the lib.Logger function can load a crafted payload to modify Object.prototype, enabling denial of service (DoS). Public docs include a PoC that injects into the global prototype chain (e.g., via proto ), with outcomes ranging from ...

7.5CVSS6.8AI score0.0053EPSS
Exploits0References1
CVE
CVE
added 2024/05/27 2:0 p.m.555 views

CVE-2024-34477

Summary (CVE-2024-34477) : In FOG projects, the function configureNFS in lib/common/functions.sh up to version 1.5.10 allows local privilege escalation by mounting a crafted NFS share, due to insecure settings (no_root_squash). To exploit, an attacker must mount an NFS share, place an executable ...

7.8CVSS6.6AI score0.00266EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/05/23 11:2 a.m.555 views

CVE-2024-5258

CVE-2024-5258 is an authorization bypass in GitLab. The vulnerability affects GitLab releases: 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1, where an authenticated attacker could exploit a crafted naming convention to bypass pipeline authorization logic. The issue impacts th...

4.4CVSS6.1AI score0.00275EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/10/03 2:33 a.m.555 views

CVE-2023-5345

CVE-2023-5345 : A use-after-free in the Linux kernel kernel’s fs/smb/client component can enable local privilege escalation. Specifically, an error in smb3_fs_context_parse_param frees ctx->password but does not set it to NULL, risking a double-free scenario. The issue is documented in the CVE...

7.8CVSS7.7AI score0.0047EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/08/23 10:49 a.m.555 views

CVE-2023-3899

CVE-2023-3899 affects subscription-manager. The vulnerability stems from the D-Bus interface com.redhat.RHSM1 exposing many methods to all users, allowing a low-privileged local user to tamper with registration state via Config.SetAll(). This enables arbitrary directives to /etc/rhsm/rhsm.conf, l...

7.8CVSS7.7AI score0.00253EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.555 views

CVE-2022-22751

CVE-2022-22751 relates to memory-safety bugs in Firefox 95 and Firefox ESR 91.4, with evidence of memory corruption and a presumption that some could be exploited to run arbitrary code. Affected: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS9.6AI score0.0087EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2022/08/18 12:0 a.m.555 views

CVE-2022-2625

CVE-2022-2625 affects PostgreSQL and allows an attacker with permission to create non-temporary objects in a schema to trick an admin into creating/updating an affected extension and lure a victim to use a targeted object via CREATE OR REPLACE or CREATE IF NOT EXISTS, enabling arbitrary code exec...

8CVSS7.9AI score0.0152EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/10/17 1:0 a.m.555 views

CVE-2018-3282

CVE-2018-3282 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Affected versions include 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, and 8.0.12 and earlier, with an attack surface that enables a network-accessing, high-privileged attacker...

4.9CVSS5.8AI score0.03968EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2013/07/18 1:0 a.m.555 views

CVE-2013-2070

The CVE concerns nginx proxying behavior and chunked transfer handling. Affected product: nginx with the proxy module/http parsing paths noted in CVE-2013-2070 (versions 1.1.4–1.2.8 and 1.3.0–1.4.0) when proxy_pass is used to untrusted upstream HTTP servers. Root cause: crafted proxy responses ca...

5.8CVSS6.2AI score0.11925EPSS
Exploits3References11Affected Software1
CVE
CVE
added 1999/09/29 4:0 a.m.555 views

CVE-1999-0236

The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...

7.5CVSS7.2AI score0.25788EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/02/27 6:46 p.m.554 views

CVE-2021-46954

CVE-2021-46954 affects the Linux kernel net/sched IPv4 path. When act_mirred attempts to fragment IPv4 packets that were previously reassembled by act_ct, sch_frag used a temporary dst_entry, which was later treated as an rtable pointer in the fragment/MTU flow. This caused a stack out-of-bounds ...

7.1CVSS6.7AI score0.0023EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/08 1:0 p.m.554 views

CVE-2024-0985

Summary: CVE-2024-0985 describes a late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL that lets an object creator execute arbitrary SQL as the command issuer. The attack targets untrusted materialized views and can affect multiple PostgreSQL branches before fixed versions...

8CVSS8.6AI score0.01465EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/10/31 2:30 p.m.554 views

CVE-2023-22518

CVE-2023-22518 (Confluence DC/Server): An improper authorization vulnerability allowed an unauthenticated attacker to reset Confluence and create an instance administrator, enabling full admin control and potential data loss. Affected products include Confluence Data Center (all versions) and Con...

10CVSS9.4AI score0.99999EPSS
In wildExploits14References4Affected Software1
CVE
CVE
added 2023/02/23 12:0 a.m.554 views

CVE-2023-23914

CVE-2023-23914 affects curl before 7.88.0, related to cleartext transmission and HSTS handling. The issue occurs when multiple URLs are requested serially on the same command line, where the HSTS state may not be carried forward, causing curl to unexpectedly use insecure HTTP despite HTTPs in the...

9.1CVSS8.8AI score0.00858EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.554 views

CVE-2022-29909

CVE-2022-29909 is a Firefox/Thunderbird vulnerability described as privilege escalation via deeply-nested cross-origin browsing contexts that could inherit top-level permissions. Affected products and versions from connected advisories: Thunderbird < 91.9 and Firefox (including ESR)

8.8CVSS8.7AI score0.00848EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2019/08/13 8:50 p.m.554 views

CVE-2019-9515

CVE-2019-9515 concerns an HTTP/2 settings flood that can cause memory/CPU exhaustion. Arista’s security advisory (Security Advisory 0043) states the vulnerability is in Go’s gRPC HTTP/2 usage and can affect TerminAttr, OpenConfig, CVP, and certain Wi‑Fi OpenConfig-enabled components when enabled....

7.8CVSS7.7AI score0.87806EPSS
Exploits0References38Affected Software1
CVE
CVE
added 2019/05/24 6:45 p.m.554 views

CVE-2019-7093

CVE-2019-7093 affects Adobe Creative Cloud Desktop Application installer (Windows) versions 4.7.0.400 and earlier, due to insecure DLL loading (DLL hijacking) in the installer. Exploitation could lead to privilege escalation. Remediation: update to 4.8.0.410 or newer per APSB19-11. If details var...

7.8CVSS7.4AI score0.03279EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/11/25 8:0 p.m.554 views

CVE-2015-5317

CVE-2015-5317 affects Jenkins CloudBees Jenkins Fingerprints pages. Affected products: Jenkins before 1.638 and LTS before 1.625.2. The vulnerability is an information disclosure in the Fingerprints UI that allows remote attackers to obtain sensitive job and build names via a direct request. The ...

7.5CVSS8AI score0.22429EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2007/05/14 9:0 p.m.554 views

CVE-2007-2447

CVE-2007-2447 concerns Samba’s MS-RPC handling in the SMB/CIFS server. According to the provided documents, Samba versions 3.0.0 through 3.0.25rc3 are affected by a remote command-execution vulnerability triggered when the username map script smb.conf option is enabled, allowing remote attackers ...

6CVSS7.2AI score0.49759EPSS
Exploits15References56Affected Software1
CVE
CVE
added 2024/12/12 12:2 p.m.553 views

CVE-2024-8647

CVE-2024-8647 affects GitLab self-hosted installations, from versions 15.2 through 17.4.6, with 17.5 before 17.5.4 and 17.6 before 17.6.2. The issue enables leaking the anti-CSRF token to an external site when Harbor integration is enabled, indicating a cross-origin exposure vulnerability present...

5.4CVSS5.2AI score0.00414EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/02/27 6:40 p.m.553 views

CVE-2021-46942

CVE-2021-46942 relates to the Linux kernel io_uring shared sqpoll cancellation hang. The root cause is an incorrect accounting of inflight requests when cancelling sqpoll contexts that share a sqpoll, caused by per-task counters that can count more requests than are present in the io_uring contex...

5.5CVSS5.3AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/11 5:2 p.m.553 views

CVE-2023-32049

CVE-2023-32049 is a Windows SmartScreen Security Feature Bypass vulnerability. The issue allows an attacker to bypass the Open File - Security Warning prompt by convincing a user to click a specially crafted URL, enabling potential code execution on the affected system. Public sources indicate ac...

8.8CVSS9.3AI score0.04401EPSS
In wildExploits0References2Affected Software9
CVE
CVE
added 2023/04/18 8:35 p.m.553 views

CVE-2023-26049

Jetty cookie parsing vulnerability CVE-2023-26049 affects Jetty’s cookie handling where a cookie VALUE starting with a double quote can cause the parser to read past semicolons, effectively merging multiple cookies into one. This can enable cookie smuggling (e.g., exfiltrating HttpOnly cookies li...

5.3CVSS5.1AI score0.013EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2023/01/18 5:47 p.m.553 views

CVE-2022-20964

Cisco Identity Services Engine (ISE) web-based management interface vulnerability CVE-2022-20964 allows an authenticated, remote attacker to inject arbitrary OS commands due to improper input validation. Exploitation would run commands with the web services user’s privileges. The primary CVE reco...

8.8CVSS8.8AI score0.30649EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/19 7:59 p.m.553 views

CVE-2022-28948

CVE-2022-28948 affects Go-Yaml v3 Unmarshal; a crash can occur when deserializing invalid input. Connected sources corroborate a Go-Yaml Unmarshal issue across advisories (e.g., Astra Linux, Debian, GHSA), with no explicit patch version in the provided documents. Exploitation status is not stated...

7.5CVSS7.2AI score0.035EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/19 5:7 p.m.553 views

CVE-2022-30617

The CVE-2022-30617 issue affects Strapi where an authenticated admin-panel user can read private data (e.g., emails, password reset tokens) for other admin users via related content in the JSON response. This leakage occurs across relationships (e.g., content created/updated by another user) and ...

9CVSS8.5AI score0.01343EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities5000