Lucene search
+L
CvelistMost viewed

367120 matches found

Cvelist
Cvelist
added 2026/04/03 5:3 p.m.164 views

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.1CVSS0.04392EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.164 views

CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

9.8CVSS0.1064EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.164 views

CVE-2017-20215 FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Authenticated OS Command Injection

FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complet...

8.8CVSS0.13995EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/10 7:55 a.m.164 views

CVE-2025-27817 Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url"...

0.62368EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/01/28 7:34 a.m.163 views

CVE-2025-40552 SolarWinds Web Help Desk Authentication Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

9.8CVSS0.49734EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/03 7:25 p.m.163 views

CVE-2021-30616

Chromium: CVE-2021-30616 Use after free in Media...

9.6AI score0.04159EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/01/03 7:0 p.m.163 views

CVE-2018-19862

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued...

9.8AI score0.12555EPSS
Exploits5References3
Cvelist
Cvelist
added 2026/03/07 5:7 a.m.162 views

CVE-2026-30821 Flowise: Arbitrary File Upload via MIME Spoofing

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELISTURLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on th...

8.2CVSS0.1833EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/27 2:18 a.m.162 views

CVE-2025-21756 vsock: Keep the binding until socket destruction

In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. Prevents socket unbinding during a transpo...

7.8CVSS0.00844EPSS
Exploits3References7
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.162 views

CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

7.2CVSS6.4AI score0.01342EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/15 7:30 a.m.161 views

CVE-2026-8398

A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...

9.8CVSS0.01456EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/04 2:48 p.m.161 views

CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

0.00594EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 11:11 p.m.161 views

CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

8.6CVSS0.10069EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/25 10:19 p.m.161 views

CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

9.4CVSS0.1016EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/20 10:22 p.m.161 views

CVE-2026-2043 Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability

Nagios Host esensorswebsensorconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists...

7.2CVSS0.74172EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/14 7:5 p.m.161 views

CVE-2021-44703 Adobe Acrobat Pro DC Stack Overflow Vulnerability Arbitrary code execution

Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by a stack buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user...

7.8CVSS7.9AI score0.57304EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/29 5:33 p.m.161 views

CVE-2020-14145

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...

5.8AI score0.02057EPSS
Exploits2References8
Cvelist
Cvelist
added 2026/05/13 6:52 p.m.160 views

CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

8.3CVSS0.01815EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 12:37 p.m.160 views

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

0.00654EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/09 5:19 p.m.160 views

CVE-2025-53679

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1,...

7.2CVSS0.11196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/01 12:2 a.m.160 views

CVE-2025-9752 D-Link DIR-852 SOAP Service soap.cgi soapcgi_main os command injection

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgimain of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been...

7.5CVSS0.15815EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/02 1:4 p.m.159 views

CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution...

9.1CVSS0.4881EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/09 8:59 p.m.159 views

CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL

code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to a...

8.3CVSS0.36027EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/03 1:55 a.m.159 views

CVE-2023-27329 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS8.2AI score0.03925EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/03 3:45 p.m.157 views

CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step

Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution RCE on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the...

9CVSS0.11982EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/10/05 8:40 a.m.157 views

CVE-2021-41773 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

8.1AI score0.99992EPSS
Exploits151References29
Cvelist
Cvelist
added 2021/03/05 7:7 p.m.157 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.2AI score0.03422EPSS
Exploits1References9
Cvelist
Cvelist
added 2025/04/01 4:21 a.m.156 views

CVE-2025-2007 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Deletion

The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level...

8.1CVSS0.01058EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/05 5:33 a.m.156 views

CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

9.8CVSS9.7AI score0.10161EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/03 1:55 a.m.156 views

CVE-2023-27331 Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS8.2AI score0.03925EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 1:55 a.m.156 views

CVE-2023-27330 Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS8.2AI score0.03925EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/06/10 11:1 a.m.156 views

CVE-2021-20081

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges...

7.4AI score0.5242EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/25 7:17 a.m.155 views

CVE-2024-51978 Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP...

9.8CVSS0.23635EPSS
Exploits0References10
Cvelist
Cvelist
added 2022/06/06 5:5 p.m.155 views

CVE-2022-1680

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature available only on Premium+...

9.9CVSS9.2AI score0.15471EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/02/24 8:0 p.m.155 views

CVE-2012-5337

Multiple cross-site scripting XSS vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the 1 action, 2 matchtype, 3 sortby, or 4 start parameters...

5.8AI score0.02519EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 3:50 p.m.154 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.3CVSS0.0185EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/14 9:53 p.m.154 views

CVE-2026-27305 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...

8.6CVSS0.28962EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/07 5:34 p.m.154 views

CVE-2025-20188

A vulnerability in the Out-of-Band Access Point AP Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Th...

10CVSS0.17894EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/04 5:54 p.m.154 views

CVE-2024-25693 Portal for ArcGIS has a directory traversal vulnerability.

There is a path traversal in Esri Portal for ArcGIS versions = 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory...

9.9CVSS9.6AI score0.01265EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 1:57 p.m.153 views

CVE-2026-22844 Zoom Node Deployments - Command Injection

A Command Injection vulnerability in Zoom Node Multimedia Routers MMRs before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access...

9.9CVSS0.12965EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 2:41 a.m.152 views

CVE-2025-61686 React Router has Path Traversal in File Session Storage

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage is being used from @react-router/node or @remix-run/node/@remix-run/deno in Remix v2 with an...

9.1CVSS0.16104EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 1:55 p.m.152 views

CVE-2025-53521 BigIP APM Vulnerability

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution RCE. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

9.8CVSS0.02213EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/18 9:32 a.m.152 views

CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

0.01536EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/04/04 7:21 p.m.152 views

CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.7AI score0.91327EPSS
Exploits2References5
Cvelist
Cvelist
added 2026/05/19 9:40 a.m.151 views

CVE-2026-45434 Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.22876EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/02 12:0 a.m.151 views

CVE-2025-29085

SQL injection vulnerability in vipshop Saturn v.3.5.1 and before allows a remote attacker to execute arbitrary code via /console/dashboard/executorCount?zkClusterKey component...

0.28338EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/27 11:15 a.m.151 views

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature...

9AI score0.22343EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/27 8:36 p.m.151 views

CVE-2011-2523

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp...

9.5AI score0.96184EPSS
Exploits36References6
Cvelist
Cvelist
added 2024/12/18 8:38 p.m.150 views

CVE-2024-45338 Non-linear parsing of case-insensitive content in golang.org/x/net/html

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

0.00874EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/26 11:30 p.m.150 views

CVE-2024-5655 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to trigger a pipeline as another user under certain circumstances...

9.6CVSS0.07468EPSS
Exploits0References2
Total number of security vulnerabilities5000