Lucene search
+L
CvelistMost viewed

366652 matches found

cvelist
cvelist
added 2025/07/10 4:56 p.m.93 views

CVE-2024-43394 Apache HTTP Server: SSRF on Windows due to UNC paths

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

0.01094EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/02 4:24 a.m.93 views

CVE-2025-6463 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Form Submission Deletion

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entrydeleteuploadfiles' function in all versions up to, and including, 1.44.2. This makes it possible for...

8.8CVSS0.10538EPSS
Exploits0References3
cvelist
cvelist
added 2025/06/23 8:42 p.m.93 views

CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain

A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...

8.4CVSS0.14732EPSS
Exploits1References2
cvelist
cvelist
added 2025/05/13 12:0 a.m.93 views

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

8.6CVSS0.68616EPSS
Exploits1References2
cvelist
cvelist
added 2024/05/17 9:53 a.m.94 views

CVE-2024-22120 Time Based SQL Injection in Zabbix Server Audit Log

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

9.1CVSS10AI score0.76618EPSS
Exploits5References1
cvelist
cvelist
added 2023/08/07 8:55 p.m.93 views

CVE-2023-39523 ScanCode.io command injection in docker image fetch process

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

6.8CVSS9.1AI score0.02437EPSS
Exploits1References4
cvelist
cvelist
added 2026/06/09 5:5 p.m.92 views

CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability

...

9.6CVSS0.00591EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/27 3:12 a.m.92 views

CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the caller-supplied output glob string in double quotes and stores it in the parser state; getFiles then runs the stored expression through eval...

0.00292EPSS
Exploits3References2
cvelist
cvelist
added 2026/05/04 2:52 p.m.92 views

CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS0.00198EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/12 5:59 p.m.92 views

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS0.00164EPSS
Exploits0References9
cvelist
cvelist
added 2025/10/20 2:43 p.m.92 views

CVE-2025-57738 Apache Syncope: Remote Code Execution by delegated administrators

Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machine...

0.23107EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/14 2:14 p.m.92 views

CVE-2025-10242

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

7.2CVSS0.2084EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/29 5:30 p.m.92 views

CVE-2025-9377 Authenticated RCE via Parental Control command injection

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

8.6CVSS0.11747EPSS
Exploits0References2
cvelist
cvelist
added 2025/07/23 1:13 p.m.92 views

CVE-2025-40599

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution...

0.11635EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/10 7:19 p.m.92 views

CVE-2025-3052 An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability...

0.00347EPSS
Exploits1References2
cvelist
cvelist
added 2025/06/02 11:36 p.m.92 views

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.0645EPSS
Exploits3References2
cvelist
cvelist
added 2025/05/30 1:13 p.m.92 views

CVE-2025-4598 Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the origina...

4.7CVSS0.0066EPSS
Exploits1References10
cvelist
cvelist
added 2025/05/22 12:0 a.m.92 views

CVE-2025-32814

An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur...

0.37474EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/05 7:52 p.m.92 views

CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS0.00287EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/19 2:23 p.m.92 views

CVE-2024-10524 GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs

Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host...

6.5CVSS0.0111EPSS
Exploits0References3
cvelist
cvelist
added 2024/10/14 4:3 p.m.92 views

CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...

0.16539EPSS
Exploits0References1
cvelist
cvelist
added 2024/07/21 9:21 p.m.92 views

CVE-2024-37480 WordPress Apollo13 Framework Extensions plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3...

6.5CVSS0.00313EPSS
Exploits0References1
cvelist
cvelist
added 2024/06/27 6:0 a.m.92 views

CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing...

0.00449EPSS
Exploits2References1
cvelist
cvelist
added 2024/06/11 5:0 p.m.92 views

CVE-2024-30103 Microsoft Outlook Remote Code Execution Vulnerability

...

8.8CVSS0.03446EPSS
Exploits0References1
cvelist
cvelist
added 2024/02/14 12:0 a.m.92 views

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...

7.8AI score0.99995EPSS
Exploits0References30
cvelist
cvelist
added 2024/01/29 4:49 p.m.92 views

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

8.8CVSS9AI score0.01054EPSS
Exploits0References1
cvelist
cvelist
added 2022/09/21 11:10 p.m.92 views

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7CVSS8.1AI score0.01628EPSS
Exploits1References3
cvelist
cvelist
added 2020/11/19 9:8 p.m.92 views

CVE-2020-7558

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition Def.exe version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF Configuration Group File file is imported to IGSS Definition...

7.8AI score0.02374EPSS
Exploits0References2
cvelist
cvelist
added 2018/03/26 3:0 p.m.92 views

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

7.6AI score0.70783EPSS
Exploits0References25
cvelist
cvelist
added 2006/03/10 1:0 a.m.92 views

CVE-2006-0040

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml...

6.7AI score0.01946EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/22 2:31 a.m.91 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

0.0044EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/13 5:29 p.m.91 views

CVE-2026-44001 vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10....

8.6CVSS0.00448EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/08 3:14 a.m.91 views

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

5.5CVSS0.00114EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/07 7:41 p.m.91 views

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

0.00588EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/06 12:36 p.m.91 views

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

0.00319EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/02 8:0 p.m.91 views

CVE-2026-7668 MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

7.5CVSS0.003EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/28 1:49 p.m.91 views

CVE-2026-7324 Memory safety bugs fixed in Thunderbird 150.0.1

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

0.003EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/16 5:37 p.m.91 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS0.00419EPSS
Exploits0References8
cvelist
cvelist
added 2025/09/11 8:51 a.m.91 views

CVE-2025-58320 DIALink - Directory Traversal Authentication Bypass Vulnerability

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability...

7.3CVSS0.13174EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/08 6:0 a.m.91 views

CVE-2025-8085 Ditty < 3.1.58 - Unauthenticated SSRF

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

0.16399EPSS
Exploits1References1
cvelist
cvelist
added 2025/08/05 1:0 p.m.91 views

CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

9.4CVSS0.2079EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/29 10:11 p.m.91 views

CVE-2025-54381 BentoML is Vulnerable to an SSRF Attack Through File Upload Processing

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP...

9.9CVSS0.11883EPSS
Exploits1References2
cvelist
cvelist
added 2025/07/10 4:59 p.m.91 views

CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

0.04409EPSS
Exploits1References1
cvelist
cvelist
added 2025/07/10 4:56 p.m.91 views

CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

0.0097EPSS
Exploits1References1
cvelist
cvelist
added 2025/06/18 11:30 p.m.91 views

CVE-2025-24286

A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code...

7.2CVSS0.1119EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/18 11:30 p.m.91 views

CVE-2025-23121

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.9CVSS0.12442EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/22 12:0 a.m.91 views

CVE-2025-32813

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...

0.44196EPSS
Exploits0References1
cvelist
cvelist
added 2025/04/28 7:17 p.m.91 views

CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

0.0418EPSS
Exploits1References1
cvelist
cvelist
added 2025/04/18 8:31 a.m.91 views

CVE-2025-3785 D-Link DWR-M961 Authorization Interface formStaticDHCP stack-based overflow

A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can ...

9CVSS0.09111EPSS
Exploits0References5
cvelist
cvelist
added 2025/04/02 6:11 a.m.91 views

CVE-2024-36465 SQL injection in Zabbix API

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

8.6CVSS0.2926EPSS
Exploits0References1
Total number of security vulnerabilities5000