Lucene search
K
CveMost viewed

368264 matches found

CVE
CVE
added 2024/02/08 1:0 p.m.552 views

CVE-2024-0985

Summary: CVE-2024-0985 describes a late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL that lets an object creator execute arbitrary SQL as the command issuer. The attack targets untrusted materialized views and can affect multiple PostgreSQL branches before fixed versions...

8CVSS8.6AI score0.01465EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/01/24 12:0 a.m.552 views

CVE-2023-0414

Wireshark CVE-2023-0414 describes a crash in the EAP dissector in Wireshark 4.0.0–4.0.2, allowing denial of service via packet injection or crafted capture files. Connected sources confirm this exact CVE and list it among other Wireshark issues; advisories and vendor notes indicate remediation by...

6.5CVSS6.3AI score0.00809EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.552 views

CVE-2022-22747

Summary: CVE-2022-22747 describes a denial of service caused by incorrect parsing of empty PKCS#7 sequences after accepting an untrusted certificate, leading to a crash. The vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

6.5CVSS7.1AI score0.0063EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2022/01/24 6:10 p.m.552 views

CVE-2021-35005

CVE-2021-35005 relates to TeamViewer and is supported across multiple sources (NVD, Red Hat, ZDI, CNVD, etc.). The concrete technical detail: a local information-disclosure flaw in the TeamViewer service caused by improper validation of user-supplied data, leading to a read past the end of an all...

3.3CVSS3.5AI score0.00891EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/15 5:34 p.m.552 views

CVE-2020-14550

CVE-2020-14550 affects the MySQL Client (C API) in Oracle MySQL. Affected are 5.6.48 and earlier, 5.7.30 and earlier, and 8.0.20 and earlier. The vulnerability allows a low-privilege, network-accessible attacker via multiple protocols to cause a hang or a frequent, crashable DoS of the MySQL Clie...

5.3CVSS5.2AI score0.02221EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/11/17 5:3 p.m.551 views

CVE-2025-13193

Affects libvirt-based virtualization. CVE-2025-13193 causes external inactive snapshots for shut-down VMs to be world-readable, enabling information disclosure by unprivileged users. Public sources (Unity Linux UTSA-2025-993329; openSUSE openSUSE-SU-2025-20100-1; SUSE SUSE-SU-2026:0279-1) describ...

5.5CVSS5.6AI score0.00104EPSS
Exploits0References2
CVE
CVE
added 2023/03/24 12:0 a.m.551 views

CVE-2022-42948

CVE-2022-42948 affects Cobalt Strike 4.7.1, due to improper escaping of HTML in Swing components, enabling remote code execution in the Cobalt Strike UI when crafted HTML is injected. The NVD indicates a critical CVSS v3.1 score (9.8) with network attack vector and no privileges/user interaction ...

9.8CVSS9.4AI score0.02706EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2022/11/11 3:48 p.m.551 views

CVE-2021-33164

CVE-2021-33164 is an Intel NUC BIOS/firmware vulnerability described as improper access control in BIOS firmware for certain Intel NUCs prior to INWHL357.0046, potentially allowing a locally privileged user to escalate privileges. The Red Hat advisory and Intel security advisory confirm the affec...

8.2CVSS6.6AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/11 3:0 p.m.551 views

CVE-2022-3358

Summary: CVE-2022-3358 affects OpenSSL 3.0.0–3.0.5 and occurs when legacy custom ciphers are passed via EVP_CIPHER_meth_new() with NID_undef. The initialization functions EVP_EncryptInit_ex2()/EVP_DecryptInit_ex2()/EVP_CipherInit_ex2() may resolve to the NULL cipher from providers, causing plaint...

7.5CVSS7.3AI score0.02846EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2022/07/04 7:25 p.m.551 views

CVE-2022-34829

CVE-2022-34829 affects Zoho ManageEngine ADSelfService Plus (before 6203). A DoS can be triggered by a crafted payload to the Mobile App Deployment API, due to an input validation issue, leading to an application restart and partial availability impact. Public details across NVD/Red Hat/CNNVD ind...

7.5CVSS7.3AI score0.03879EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/05 4:45 p.m.551 views

CVE-2022-29474

Summary of CVE-2022-29474 (F5 BIG-IP iControl SOAP directory traversal) Vulnerability: A directory traversal in iControl SOAP allows an authenticated user with at least guest privileges to read wsdl files from the BIG-IP filesystem. Affected products/versions (as cited by multiple sources): BIG-I...

4.3CVSS4.7AI score0.01469EPSS
Exploits0References1Affected Software11
CVE
CVE
added 2022/03/17 1:5 p.m.551 views

CVE-2021-44906

CVE-2021-44906 affects the minimist library, with versions listed as ≤ 1.2.5. The vulnerability is described as a Prototype Pollution issue via the file index.js, function setKey() (lines 69-95). The connected documents confirm this issue across multiple sources (e.g., Astra Linux advisory, CIRCL...

9.8CVSS9.3AI score0.04581EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2021/12/07 6:25 p.m.551 views

CVE-2021-43798

Grafana CVE-2021-43798 is a directory traversal vulnerability affecting Grafana 8.0.0-beta1 through 8.3.0 (excluding patched versions). The flaw allows access to local files via the vulnerable URL path /public/plugins/ and related API paths described in the advisories. Upstream fixes were release...

7.5CVSS7.5AI score0.88849EPSS
In wildExploits44References9Affected Software1
CVE
CVE
added 2019/10/29 1:15 p.m.551 views

CVE-2019-10211

CVE-2019-10211 affects PostgreSQL Windows installers prior to 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24. Root cause: bundled OpenSSL (libeay32.dll) loads configuration from a hardcoded directory during SSL initialization, enabling a local attacker to execute arbitrary code with the calling process’s pr...

9.8CVSS9.2AI score0.01866EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/02/28 12:0 a.m.551 views

CVE-2017-5982

CVE-2017-5982 : Kodi Chorus2 add-on for Kodi (Chorus2 2.4.2) is affected by a directory traversal vulnerability. An unauthenticated remote attacker can read arbitrary files by supplying a crafted image path containing encoded traversal sequences (for example, image/image%3A//..%252fetc%252fpasswd...

7.5CVSS5.8AI score0.7763EPSS
Exploits5References5Affected Software1
CVE
CVE
added 2023/10/09 5:57 p.m.550 views

CVE-2023-39192

CVE-2023-39192 : A flaw in the Linux kernel Netfilter xt_u32 module allows a local privileged attacker to trigger an out-of-bounds read by crafting improper values in the xt_u32 structure. The root cause is missing validation of fields in xt_u32, leading to crash or information disclosure. Impact...

6.7CVSS6.9AI score0.00397EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/07/27 12:31 a.m.550 views

CVE-2023-38595

CVE-2023-38595 is a WebKitGTK+ related vulnerability: processing web content may lead to arbitrary code execution. Connected advisories show affected packages as WebKitGTK/WebKitGTK+ (webkitgtk or webkitgtk4) across Linux distributions. Fixed versions vary by distro: Debian lists fixes in webkit2...

8.8CVSS8.3AI score0.0115EPSS
Exploits0References10Affected Software6
CVE
CVE
added 2023/05/25 12:0 a.m.550 views

CVE-2023-28370

CVE-2023-28370 is an open redirect vulnerability in Tornado up to version 6.3.1 (and earlier) that can allow a remote unauthenticated user to redirect a victim to an arbitrary site via a crafted URL. Connected sources specify affected package Python-tornado and Tornado’s StaticFileHandler in cert...

6.1CVSS6.2AI score0.01132EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/04/18 7:54 p.m.550 views

CVE-2023-21967

CVE-2023-21967 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE, Swing, Hotspot, Libraries) with multiple vulnerable versions including Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. Root cause is unresolved issues in the Java components allowing unauthenticated netw...

5.9CVSS6.3AI score0.01523EPSS
Exploits0References7Affected Software3
CVE
CVE
added 2020/12/14 7:39 p.m.550 views

CVE-2020-8286

The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...

7.5CVSS7.6AI score0.04575EPSS
Exploits1References19Affected Software1
CVE
CVE
added 2019/08/23 4:43 p.m.550 views

CVE-2019-10746

CVE-2019-10746 affects the nodejs mixin-deep module (versions before 1.3.2 and 2.0.0) and is due to prototype pollution: an attacker can use a constructor payload to add or modify properties on Object.prototype. Inffected ecosystems include applications reporting this vulnerability via Nessus/Mir...

9.8CVSS9.1AI score0.03508EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2016/03/09 11:0 p.m.550 views

CVE-2016-1286

CVE-2016-1286 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). A remote attacker can trigger a denial of service by sending a crafted DNS signature for a DNAME record, leading to an assertion failure in resolver.c or db.c and a named process crash. The issue is documented with ...

8.6CVSS8.2AI score0.621EPSS
Exploits0References29Affected Software1
CVE
CVE
added 2009/09/08 6:0 p.m.550 views

CVE-2009-3095

CVE-2009-3095 is a vulnerability in Apache httpd’s mod_proxy_ftp that allows remote authenticated attackers to bypass access restrictions and send arbitrary commands to an FTP server via crafted HTTP Authorization header vectors. The issue is part of a set of fixes for mod_proxy_ftp in the same a...

5CVSS9.4AI score0.1256EPSS
Exploits2References39Affected Software1
CVE
CVE
added 2024/07/09 5:2 p.m.549 views

CVE-2024-38077

CVE-2024-38077 is a heap-based buffer overflow in the Windows Remote Desktop Licensing Service. The vulnerability occurs in CDataCoding::DecodeData() due to an incorrect calculation of the buffer size for Base64 data, enabling a remote attacker to trigger a heap overflow and achieve remote code e...

9.8CVSS9.6AI score0.75365EPSS
Exploits5References1Affected Software6
CVE
CVE
added 2024/06/11 4:59 p.m.549 views

CVE-2024-30088

CVE-2024-30088 is a Windows Kernel TOCTOU race condition that can lead to local privilege escalation via AuthzBasepCopyoutInternalSecurityAttributes. Publicly discussed exploits and PoCs exist (Windows kernel LPE PoCs and Metasploit module), and CISA lists it as a known-exploited vulnerability; a...

7CVSS6.9AI score0.68202EPSS
In wildExploits7References2Affected Software12
CVE
CVE
added 2023/10/10 12:26 p.m.549 views

CVE-2023-43788

CVE-2023-43788 affects libXpm. The vulnerability stems from a boundary condition in XpmCreateXpmImageFromBuffer(), enabling a local attacker to trigger an out-of-bounds read and read memory contents. Connected advisories confirm the issue across multiple distributions (e.g., AlmaLinux and related...

5.5CVSS5.7AI score0.00365EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2022/06/30 7:5 p.m.549 views

CVE-2022-33328

Robustel R1510 Web Server (3.3.0) suffers OS command injection in multiple AJAX endpoints. The TALOS summary details unsafe code paths using user-supplied parameters (e.g., /ajax/remove/, /ajax/config_rollback/, /ajax/remove_sniffer_raw_log/, /ajax/clear_tools_log/, /ajax/set_sys_time/), where fo...

9.8CVSS9.8AI score0.04251EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/20 11:45 p.m.549 views

CVE-2022-29214

CVE-2022-29214 affects NextAuth.js (next-auth). The vulnerability is an open redirect when implementing an OAuth 1 provider, present in versions prior to 3.29.3 (v3) and 4.3.3 (v4). A patch exists in those respective versions (3.29.3 and 4.3.3). If upgrading is not possible, a workaround is docum...

6.1CVSS6.2AI score0.00612EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/25 3:50 a.m.549 views

CVE-2022-29603

CVE-2022-29603 affects UniverSIS UniverSIS-API up to version 1.2.1. The SQL Injection is triggered via the $select parameter across multiple API endpoints (e.g., /api/students/me/messages/). A remote authenticated attacker could craft SQL statements to retrieve personal information or change grad...

8.1CVSS8AI score0.01386EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/11/10 5:55 p.m.549 views

CVE-2021-3572

The CVE-2021-3572 issue affects python-pip and stems from how it handles Unicode separators in git references, with the potential to cause a different revision to be installed in a repository. The vulnerability affects data integrity and is mitigated by upgrading to python-pip version 21.1, which...

5.7CVSS5.8AI score0.01687EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2021/05/06 2:58 a.m.549 views

CVE-2020-28007

Exim 4.x prior to 4.94.2 is affected by CVE-2020-28007, which allows local privilege escalation by exploiting a symlink/hard-link attack in the log directory where Exim runs as root and the directory is owned by a non-root user. The root-owned files can be overwritten from a local attacker, enabl...

7.8CVSS7.4AI score0.0053EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2020/07/09 3:34 p.m.549 views

CVE-2020-10756

CVE-2020-10756 is a concrete vulnerability in the QEMU SLiRP networking (libslirp) implementation. The issue is an out-of-bounds read in icmp6_send_echoreply() when replying to ICMP echo requests, enabling a guest to leak host memory and cause information disclosure. Affected component/version: l...

6.5CVSS5.9AI score0.0051EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2018/10/08 3:0 p.m.549 views

CVE-2018-1000808

CVE-2018-1000808 affects Python Cryptographic Authority pyopenssl prior to 17.5.0, describing a CWE-401 use-after-free in PKCS#12 Store handling that can lead to a Denial of Service when memory is constrained. The issue arises when loading/reloading certificates from PKCS#12, potentially triggere...

5.9CVSS6.5AI score0.01895EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2006/03/07 11:0 a.m.549 views

CVE-2006-1040

CVE-2006-1040 affects vBulletin versions 3.0.12 and 3.5.3. The vulnerability is a cross-site scripting (XSS) flaw where user-supplied content placed in the email field is injected into profile.php but not sanitized in sendmsg.php, enabling remote attackers to inject arbitrary web script or HTML t...

4.3CVSS5.7AI score0.02543EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2025/05/27 8:43 p.m.548 views

CVE-2025-5283

CVE-2025-5283 is a use-after-free in libvpx used by Google Chrome prior to 137.0.7151.55, enabling potential heap corruption via a crafted HTML page. The connected advisories confirm affected libraries and advise updating libvpx to a fixed release across affected distributions (e.g., library upda...

5.4CVSS7.1AI score0.00493EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/08/22 12:0 a.m.548 views

CVE-2022-48564

CVE-2022-48564 affects Python up to 3.9.1: read_ints in plistlib.py is vulnerable to a DoS via CPU/RAM exhaustion when processing malformed binary Apple Property List files. The impact is denial of service; exploitation details are not provided in the documents. Remediation is to apply the approp...

6.5CVSS6AI score0.01447EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/07/26 11:55 p.m.548 views

CVE-2023-38597

CVE-2023-38597 describes a vulnerability in processing web content that may lead to arbitrary code execution. The initial CVE page notes it is fixed in macOS Ventura 13.5 and Safari 16.6, iOS 15.7.8/iPadOS 15.7.8, and iOS 16.6/iPadOS 16.6. Connected documents corroborate broad WebKit/Kit GTK expo...

8.8CVSS8.3AI score0.01102EPSS
Exploits0References9Affected Software4
CVE
CVE
added 2020/05/28 1:5 p.m.548 views

CVE-2019-20807

CVE-2019-20807 affects Vim prior to 8.1.0881, where a user can bypass the rvim restricted mode and run arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, Lua). Affected product: Vim (Unix/Linux environments). Root cause: restricted-mode bypass enabling execution of external comma...

5.3CVSS6AI score0.00488EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2019/12/06 5:20 p.m.548 views

CVE-2019-1551

CVE-2019-1551 refers to an overflow bug in the x64_64 Montgomery squaring procedure used in OpenSSL during exponentiation with 512-bit moduli. OpenSSL notes no impact to EC, while DH512 attacks are only just feasible under certain conditions. Public disclosures and advisories confirm the issue an...

5.3CVSS6AI score0.14298EPSS
Exploits0References24Affected Software1
CVE
CVE
added 2006/03/24 11:0 a.m.548 views

CVE-2002-2209

CVE-2002-2209 concerns an unspecified security vulnerability in Baby FTP Server versions before November 7, 2002 . The description provides no details on the root cause, exploit vector, or exact impact, only noting an unknown impact and attack vectors. The NVD entry lists a high base score (10.0)...

10CVSS7AI score0.01426EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.547 views

CVE-2022-22740

CVE-2022-22740 is confirmed in connected documents as a use-after-free caused by freeing network request objects too early, potentially enabling a crash. Affected products: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS8.8AI score0.0096EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2022/11/11 3:48 p.m.547 views

CVE-2021-26251

The CVE-2021-26251 issue affects Intel’s Distribution of OpenVINO Toolkit. The vulnerability is due to improper input validation in the toolkit, which could allow an authenticated user to trigger a denial of service via network access. Affected software is Intel Distribution of OpenVINO Toolkit (...

6.5CVSS6.3AI score0.00559EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/05 11:27 p.m.547 views

CVE-2018-16931

CVE-2018-16931 is rejected/not used per the Initial Description.

7.4AI score
Exploits0
CVE
CVE
added 2020/05/06 12:0 a.m.547 views

CVE-2020-10704

CVE-2020-10704 affects Samba acting as an Active Directory Domain Controller. The vulnerability is a stack overflow in the AD DC LDAP server triggered by certain requests, enabling an unauthorized user to cause a denial of service, impacting availability. Public disclosures in connected Debian Fe...

7.5CVSS7.2AI score0.03455EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2018/10/17 1:0 a.m.547 views

CVE-2018-3174

CVE-2018-3174 affects Oracle MySQL Server (notably the Client programs) with affected versions 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, and 8.0.12 and prior. Root cause per the sources is a vulnerability in MySQL Server that can, under certain conditions, lead to a hang or a complete...

5.3CVSS6.1AI score0.0081EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2026/03/27 7:54 p.m.546 views

CVE-2026-33870

Netty HTTP request smuggling vulnerability (CVE-2026-33870) arises from how Netty versions prior to 4.1.132.Final and 4.2.10.Final parse quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. The IBM and OSS/Ecosystem advisories in the connected...

7.5CVSS5.8AI score0.0064EPSS
Exploits1References22Affected Software1
CVE
CVE
added 2025/02/27 2:18 a.m.546 views

CVE-2025-21765

CVE-2025-21765 is a Linux kernel IPv6 issue where ip6_default_advmss() reads net structures that could disappear without proper protection. The root cause is missing RCU protection in ip6_default_advmss(), which could enable read-time inconsistency. The vulnerability is documented as a Local, Low...

5.5CVSS6.5AI score0.00202EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2024/11/12 5:54 p.m.546 views

CVE-2024-38203

Technical details for CVE-2024-38203 are not publicly available in the supplied documents. No specifics on affected products, root cause, or remediation are provided here; monitor the feeds for updates from Microsoft and vulnerability trackers.

6.2CVSS5.8AI score0.00677EPSS
Exploits0References1Affected Software15
CVE
CVE
added 2024/02/27 9:36 a.m.546 views

CVE-2021-46921

CVE-2021-46921 affects the Linux kernel’s locking/qrwlock code. The vulnerability arises in queued_write_lock_slowpath while the wait_lock is held: a reader can observe values before the writer has truly acquired the lock, due to an ordering gap between atomic_cond_read_acquire() and the subseque...

5.5CVSS6AI score0.00228EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/12/24 12:0 a.m.546 views

CVE-2023-51766

Exim before 4.97.1 is vulnerable to SMTP smuggling in specific PIPELINING/CHUNKING configurations, enabling a remote attacker to inject messages with a spoofed MAIL FROM and bypass SPF. The root cause cited across multiple sources is that Exim handles end-of-data sequences using . in ways that so...

5.3CVSS5.3AI score0.01072EPSS
Exploits1References22Affected Software1
Total number of security vulnerabilities5000