Lucene search
K
CveMost viewed

368571 matches found

CVE
CVE
added 2008/09/29 5:0 p.m.526 views

CVE-2008-4300

CVE-2008-4300 affects a specific ActiveX control in adsiis.dll used by Microsoft Internet Information Services (IIS). The vulnerability allows remote attackers to cause a denial of service (browser crash) by sending a long string as the second argument to the GetObject method. The description not...

5CVSS6.5AI score0.13555EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2002/03/09 5:0 a.m.526 views

CVE-2000-1200

CVE-2000-1200 affects Windows NT where remote attackers can enumerate domain users by obtaining the domain SID with the LsaQueryInformationPolicy policy function through a null session, then using that SID to list users. Connected findings consolidate that attackers can enumerate the host/local u...

5CVSS6.6AI score0.481EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/05 9:29 p.m.525 views

CVE-2026-28780

CVE-2026-28780 is a heap-based buffer overflow in Apache HTTP Server’s mod_proxy_ajp (via ajp_msg_check_header()). Reports across Debian, FreeBSD/vuxml, Alpine, and NC SC advisories confirm impact on versions up to 2.4.66 and a fix in 2.4.67 . The issue allows memory corruption and can contribute...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2022/09/13 12:0 a.m.525 views

CVE-2022-3190

The CVE describes an infinite loop in the F5 Ethernet Trailer protocol dissector of Wireshark. Affected releases include Wireshark 3.6.0–3.6.7 and 3.4.0–3.4.15, where processing crafted captures or packet injections can cause a denial of service. Connected advisories corroborate the issue and ind...

6.3CVSS5.6AI score0.01754EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/06/01 5:25 p.m.525 views

CVE-2022-31000

The CVE concerns solidus_backend, the admin interface of the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 are affected by a cross-site request forgery (CSRF) that lets an attacker change the state of an order’s adjustments if they know the order number, with the actio...

4.3CVSS4.3AI score0.00367EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/02/16 6:35 p.m.525 views

CVE-2021-3752

Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...

7.9CVSS7.2AI score0.01736EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2021/06/04 4:46 p.m.525 views

CVE-2021-1544

CVE-2021-1544 describes an information-disclosure vulnerability in the Cisco Webex Meetings client’s logging mechanism. An authenticated, local attacker could access files containing logged actions and potentially view sensitive data, including meeting content and transcriptions. Public sources i...

5.5CVSS5.5AI score0.00228EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/15 9:20 p.m.525 views

CVE-2021-29450

CVE-2021-29450 affects WordPress: an authenticated user with at least contributor privileges could exploit a block in the WordPress editor to expose password-protected posts and pages. The issue has been patched in WordPress 5.7.1, with older affected versions addressed via minor releases. Remedi...

6.5CVSS5.2AI score0.02331EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/09/21 12:50 a.m.525 views

CVE-2020-14179

CVE-2020-14179 affects Atlassian Jira Server/Data Center versions before 8.5.8 and 8.6.0 through 8.11.1. The vulnerability is an information disclosure in the /secure/QueryComponent!Default.jspa endpoint, allowing remote, unauthenticated attackers to view custom field names and custom SLA names. ...

5.3CVSS5.3AI score0.76042EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2019/10/09 2:17 p.m.525 views

CVE-2018-5745

CVE-2018-5745 affects BIND's managed-keys feature, causing an assertion failure (and possible server exit) when a trust anchor is rolled over to an unsupported key algorithm. Affected: BIND 9 series (various 9.9.x–9.13.x branches and preview releases). Impact: potential denial of service by crash...

4.9CVSS6.2AI score0.02264EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/11/16 1:0 a.m.525 views

CVE-2014-2667

CVE-2014-2667: Race condition in Python’s Lib/os.py _get_masked_mode when exist_ok is true across Python 3.2–3.5. The issue allows local users to bypass intended file permissions by exploiting a separate application vulnerability before the process umask is set. Connected OpenVAS entries corrobor...

3.3CVSS7.1AI score0.00356EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/02/05 8:45 p.m.524 views

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

7.5CVSS7.2AI score0.02454EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/11/06 10:56 a.m.524 views

CVE-2023-5090

CVE-2023-5090: A flaw in Linux kernel KVM (svm_set_x2apic_msr_interception) enables direct access to host x2apic MSRs when a guest resets its APIC, potentially causing denial of service. Connected advisories (Astra Linux, IBM Guardium bulletin, Amazon ALAS) reference this CVE as part of Linux ker...

6CVSS6.7AI score0.00234EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/09/30 12:0 a.m.524 views

CVE-2023-44488

CVE-2023-44488 affects VP9 in libvpx prior to 1.13.1, where widths are mishandled during encoding, causing a crash. The CVE is documented across multiple sources including the libvpx 1.13.1 release and related advisories (e.g., ALAS2-2025-2960, CBLMariner). The issue is tied to libvpx’s handling ...

7.5CVSS7.9AI score0.01936EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2022/07/31 5:30 p.m.524 views

CVE-2022-30616

Summary: CVE-2022-30616 affects IBM Robotic Process Automation and IBM RPA for Cloud Pak/Service, with versions prior to 21.0.3 vulnerable. A privileged user could elevate privileges to platform administrator by manipulating APIs. Impact: high (privilege escalation) with CVSS base scores in the h...

8CVSS6.7AI score0.00774EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/12 10:5 p.m.524 views

CVE-2022-31102

Argo CD (GitOps for Kubernetes) is affected by a cross-site scripting (XSS) vulnerability in versions 2.3.0–2.3.6 and 2.4.0–2.4.4 that allows arbitrary JavaScript in the /auth/callback page when SSO is enabled. Exploitation requires access to the API server’s encryption key, a method to inject a ...

6.1CVSS5AI score0.005EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/02/08 8:10 p.m.524 views

CVE-2021-21290

CVE-2021-21290 relates to Netty before 4.1.59.Final, where an insecure temp file in Unix-like systems could lead to local information disclosure when uploads are stored on disk via multipart decoders. The Unix temp dir is shared among users, and files created with File.createTempFile may have ins...

6.2CVSS6.2AI score0.01777EPSS
Exploits1References39Affected Software1
CVE
CVE
added 2020/04/27 3:36 p.m.524 views

CVE-2020-9488

CVE-2020-9488 affects the Apache Log4j2 SMTP appender. The issue is improper validation of the SSL/TLS certificate when the host name does not match, potentially allowing a man-in-the-middle to intercept SMTPS traffic and leak log messages. The concrete remediation is to upgrade to affected relea...

4.3CVSS6AI score0.08096EPSS
Exploits0References49Affected Software1
CVE
CVE
added 2018/07/30 3:0 p.m.524 views

CVE-2018-10903

The CVE-2018-10903 issue affects python-cryptography versions >=1.9.0 and

7.5CVSS7.2AI score0.02605EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/11/17 5:29 p.m.523 views

CVE-2025-64756

CVE-2025-64756 is a command-injection vulnerability in glob's -c/--cmd handling. The IBM bulletins show this CVE affecting IBM Maximo Application Suite components (e.g., Visual Inspection) and related bundles, with remediation by upgrading the affected glob component to 10.5.0 or 11.1.0 (patches ...

7.5CVSS7.6AI score0.03026EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/09/03 4:17 p.m.523 views

CVE-2025-9867

CVE-2025-9867 : The connected documents confirm a vulnerability in Google Chrome on Android before version 140.0.7339.80, described as an inappropriate implementation in Downloads that allowed a remote attacker to perform UI spoofing via a crafted HTML page. The impact is UI spoofing with a mediu...

5.4CVSS5.9AI score0.00281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/06/17 7:18 p.m.523 views

CVE-2024-37891

CVE-2024-37891 affects urllib3 (Python HTTP client) across multiple distributions (e.g., python3-urllib3, python3.13-pip, python-pip, etc.). The issue: when not using urllib3’s ProxyManager proxy support, a configured Proxy-Authorization header could be sent, and urllib3 may not strip it on cross...

6.5CVSS5.8AI score0.01141EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2024/01/19 12:0 a.m.523 views

CVE-2023-50447

Summary: CVE-2023-50447 affects Pillow up to 10.1.0, enabling Arbitrary Code Execution via the environment parameter in PIL.ImageMath.eval. This is a separate issue from CVE-2022-22817 (expression parameter). What’s affected: Pillow library in Python projects (Pillow versions up to 10.1.0). Root ...

8.1CVSS9AI score0.01703EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/04/18 7:54 p.m.523 views

CVE-2023-21954

CVE-2023-21954 (and related CVEs listed in the same advisory set) affects Oracle Java SE/OpenJDK/GraalVM Enterprise Edition components across multiple versions (e.g., 8u361, 11.0.18, 17.0.6, 20.x; Swing, Hotspot, JSSE, Libraries). The issue set comprises several distinct weaknesses (e.g., TLS han...

5.9CVSS6.1AI score0.01421EPSS
Exploits0References7Affected Software3
CVE
CVE
added 2023/01/12 12:0 a.m.523 views

CVE-2023-23454

CVE-2023-23454 affects the Linux kernel cbq_classify (net/sched/sch_cbq.c) up to version 6.1.4, enabling a local attacker to trigger a slab-out-of-bounds read via type confusion (non-negative values may be misinterpreted as TC_ACT_SHOT), causing denial of service. Connected advisories reference s...

5.5CVSS6AI score0.00312EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/12/22 12:0 a.m.523 views

CVE-2022-22756

CVE-2022-22756 describes a drag-and-drop image object that could be turned into an executable script, enabling arbitrary code execution when clicked. Affected products and versions include Firefox <97, Thunderbird <91.6, and Firefox ESR

8.8CVSS8.6AI score0.00926EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2022/12/12 12:0 a.m.523 views

CVE-2022-41881

Netty CVE-2022-41881 concerns a StackOverflowError when parsing malformed crafted messages due to infinite recursion in the HAProxyMessageDecoder. The issue affects Netty versions before 4.1.86.Final and can lead to denial of service through resource exhaustion. The vulnerability is fixed in 4.1....

7.5CVSS7.1AI score0.01466EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/08/22 2:42 p.m.523 views

CVE-2022-34776

The CVE-2022-34776 entry concerns the Tabit giftcard system, where several web APIs expose sensitive user data without authorization. Affected component is the web API layer that returns health statements, prior bills for a restaurant, and drinking/smoking habits, with each API URL including Mong...

7.5CVSS6.3AI score0.00445EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/08 1:34 p.m.523 views

CVE-2020-7676

CVE-2020-7676 is an AngularJS XSS vulnerability. AngularJS prior to 1.8.0 allows cross-site scripting due to regex-based HTML sanitization that may revert to unsanitized code; wrapping option elements in select can alter parsing and lead to unsanitized content being rendered. Connected documents ...

5.4CVSS5.4AI score0.02142EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2020/03/02 3:58 a.m.523 views

CVE-2020-9548

CVE-2020-9548 affects Cloudera Data Platform Private Cloud Base (IBM) 7.1.9. It is a deserialization vulnerability in FasterXML jackson-databind 2.x up to 2.9.10.3/4 where interaction between serialization gadgets and typing (relating to br.com.anteros.dbcp.AnterosDBCPConfig) can lead to remote c...

9.8CVSS9.1AI score0.18345EPSS
In wildExploits0References16Affected Software1
CVE
CVE
added 2019/11/12 1:30 a.m.523 views

CVE-2019-18874

CVE-2019-18874 affects the Python module psutil (python-psutil). The issue is a double free caused by refcount mishandling in loops that convert system data into Python objects, as reported up to version 5.6.5 (and referenced in later advisories noting fixes in newer releases). Connected sources ...

7.5CVSS7.4AI score0.03522EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2019/10/09 2:17 p.m.523 views

CVE-2018-5743

CVE-2018-5743 affects BIND in multiple releases (notably 9.9.0–9.14.0, including some 9.11/9.13 branches). The flaw allows the named process to exceed its configured limit on simultaneous TCP connections, risking exhaustion of file descriptors and potentially affecting associated log/zone file ma...

7.5CVSS7.7AI score0.06404EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/02/06 8:0 p.m.523 views

CVE-2019-3820

Technical details about CVE-2019-3820 are not publicly available in the provided Connected documents. The description mentions physical access and GNOME lock screen behavior. No remediation or affected versions are confirmed here. Monitor for updates from official advisories.

4.8CVSS4.5AI score0.00498EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2017/11/07 9:0 p.m.523 views

CVE-2017-16642

CVE-2017-16642 is a PHP core timelib_meridian parsing bug in ext/date/lib/parse_date.c causing out-of-bounds reads. Affected are PHP versions before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11. The issue can leak information from the interpreter if attackers supply crafted date strings. Th...

7.5CVSS8.2AI score0.26373EPSS
Exploits2References13Affected Software1
CVE
CVE
added 2023/07/24 3:19 p.m.522 views

CVE-2023-3567

CVE-2023-3567 is a use-after-free vulnerability in Linux kernel code (vc_screen.c: vcs_read in vc_screen) that can allow a local attacker to crash the system or leak kernel information. Connected advisories (Astra Linux, CIRCL sighting, and Amazon Linux advisories) confirm the same UAF issue and ...

7.1CVSS7AI score0.00455EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2023/06/16 12:44 a.m.522 views

CVE-2023-29349

CVE-2023-29349 concerns Microsoft ODBC and OLE DB components (SQL Server ODBC Driver and OLE DB Driver) enabling remote code execution. The vulnerability arises from improper handling in the ODBC/OLE DB stack, with an attack vector described as LOCAL and requiring user interaction, resulting in h...

7.8CVSS7.9AI score0.00603EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2023/05/08 12:0 a.m.522 views

CVE-2023-27969

CVE-2023-27969 is a use-after-free kernel vulnerability in Apple platforms. The issue could allow an app to execute arbitrary code with kernel privileges via a local attack, fixed in macOS Ventura 13.3, iOS 16.4 / iPadOS 16.4, and iOS 15.7.4 / iPadOS 15.7.4, as well as tvOS 16.4 and watchOS 9.4. ...

7.8CVSS7.1AI score0.00246EPSS
Exploits0References5Affected Software5
CVE
CVE
added 2023/02/28 5:19 p.m.522 views

CVE-2022-41722

CVE-2022-41722 describes a path traversal in the Go standard library function filepath.Clean on Windows, where an invalid path like "a/../c:/b" can be transformed into a valid path "c:\b" and potentially enable directory traversal. After fix, Go converts it to the relative but invalid path ".\c:\...

7.5CVSS7.4AI score0.01678EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/02/16 3:27 p.m.522 views

CVE-2022-20952

CVE-2022-20952 concerns Cisco AsyncOS Software for Cisco Secure Web Appliance (WSA). The issue is a vulnerability in the scanning engines where malformed, encoded traffic is not detected, enabling an unauthenticated, remote attacker to bypass a configured block rule and inject traffic that should...

5.3CVSS5.5AI score0.00678EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/11 8:25 p.m.522 views

CVE-2022-31078

KubeEdge CloudCore Router memory exhaustion DoS vulnerability (CVE-2022-31078) affects pre-1.11.1, pre-1.10.2, and pre-1.9.4 releases. The REST handler’s HTTP response size is not limited, allowing an authenticated cloud user to trigger a large response that exhausts memory and causes CloudCore d...

6.5CVSS5.2AI score0.006EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/06 3:46 a.m.522 views

CVE-2020-28015

Exim 4 before 4.94.2 is affected by CVE-2020-28015 due to Improper Neutralization of Line Delimiters. A local attacker can abuse newline characters in recipient addresses to alter the behavior of root processes. Affected product: Exim (MTA). Root cause: newline handling in recipient address enabl...

7.8CVSS7.3AI score0.00379EPSS
In wildExploits1References1Affected Software1
CVE
CVE
added 2015/09/05 1:0 a.m.522 views

CVE-2015-5986

ISC BIND vulnerability CVE-2015-5986 arises from an incorrect boundary check in openpgpkey_61.c within named, allowing remote attackers to crash the server via a crafted DNS response. Affected products/versions: BIND 9.9.7 before 9.9.7‑P3 and 9.10.x before 9.10.2‑P4. Exploitation can cause a deni...

7.1CVSS8.6AI score0.26071EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2025/06/03 8:52 p.m.521 views

CVE-2025-48951

The CVE concerns Auth0-PHP in versions 8.0.0-BETA3 through 8.3.1, where insecure deserialization of cookie data enables an attacker to craft malicious cookies since the SDK processes cookie content without prior authentication. Affected ecosystems include apps using Auth0-PHP directly and those u...

9.3CVSS6.7AI score0.0062EPSS
Exploits0References5
CVE
CVE
added 2024/02/27 9:43 a.m.521 views

CVE-2021-46923

CVE-2021-46923: Rejected reason; this CVE entry is not used.

5.5CVSS6.1AI score0.00211EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/12 4:58 p.m.521 views

CVE-2023-38144

CVE-2023-38144 is a Windows elevation-of-privilege flaw in the Common Log File System (CLFS) driver . The provided description confirms a local, privilege-escalation condition affecting the Windows CLFS driver, with a CVSS v3.1 base score 7.8 (LOCAL, LOW attack complexity, LOW privileges required...

7.8CVSS7.8AI score0.05356EPSS
Exploits0References1Affected Software12
CVE
CVE
added 2023/02/16 2:9 p.m.521 views

CVE-2023-25153

Summary: CVE-2023-25153 affects containerd and, when importing OCI images, could allow a denial of service due to an unlimited bytes-read limit on certain files. The issue exists in versions prior to 1.6.18 and 1.5.18. Root cause: missing input size limit during image import leads to potential Do...

6.2CVSS6.5AI score0.00439EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/06/09 1:55 a.m.521 views

CVE-2021-28169

CVE-2021-28169 affects Eclipse Jetty shipped with multiple versions (<= 9.4.40, <= 10.0.2,

5.3CVSS5.2AI score0.7848EPSS
In wildExploits2References24Affected Software1
CVE
CVE
added 2021/03/21 4:39 a.m.521 views

CVE-2021-28957

CVE-2021-28957 affects python-lxml’s Cleaner in the clean module, where disabling safe_attrs_only and forms allows the formaction attribute to bypass sanitization, enabling remote XSS. Versions before 4.6.3 are vulnerable; fixed in lxml 4.6.3. Affected: python-lxml; Issue caused by missing input ...

6.1CVSS6.5AI score0.04002EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2020/04/28 6:7 p.m.521 views

CVE-2020-12243

CVE-2020-12243 affects OpenLDAP’s slapd in filter.c, where LDAP search filters with nested boolean expressions can cause a denial-of-service (daemon crash). Public advisories note fixes by upgrading OpenLDAP to newer releases (e.g., 2.4.50+; related entries reference 2.4.58 in a CloudLinux adviso...

7.5CVSS7.4AI score0.04423EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2020/04/22 7:30 p.m.521 views

CVE-2020-1983

CVE-2020-1983 is a use-after-free in SLiRP’s ip_reass() (ip_input.c) affecting libslirp 4.2.0 and earlier, exploitable via crafted IP fragments to crash the QEMU host process (DoS). Connected advisories confirm this in QEMU SLiRP, with remediation by upgrading QEMU/libslirp to fixed releases (e.g...

7.5CVSS7AI score0.02293EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities5000