Lucene search
+L
CvelistMost viewed

366757 matches found

cvelist
cvelist
added 2026/05/19 11:1 a.m.91 views

CVE-2026-7507 Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...

7.5CVSS0.00568EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/13 5:29 p.m.91 views

CVE-2026-44001 vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 v3.10....

8.6CVSS0.00448EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/08 3:14 a.m.91 views

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

5.5CVSS0.00114EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/07 7:41 p.m.91 views

CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

0.00588EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/07 3:40 a.m.91 views

CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS0.00643EPSS
Exploits0References12
cvelist
cvelist
added 2026/05/06 12:36 p.m.91 views

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

0.00319EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/28 1:49 p.m.91 views

CVE-2026-7324 Memory safety bugs fixed in Thunderbird 150.0.1

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1...

0.003EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/16 5:37 p.m.91 views

CVE-2026-3644 Incomplete control character validation in http.cookies

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...

6CVSS0.00419EPSS
Exploits0References8
cvelist
cvelist
added 2025/10/29 7:37 p.m.91 views

CVE-2025-11201 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...

8.1CVSS0.27335EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/21 11:43 a.m.91 views

CVE-2025-9428 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api...

8.3CVSS0.25403EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/08 10:43 p.m.91 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS0.12115EPSS
Exploits1References4
cvelist
cvelist
added 2025/08/12 5:10 p.m.91 views

CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability

...

8.8CVSS0.38176EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/05 1:0 p.m.91 views

CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

9.4CVSS0.17066EPSS
Exploits0References1
cvelist
cvelist
added 2025/07/10 4:59 p.m.91 views

CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

0.04409EPSS
Exploits1References1
cvelist
cvelist
added 2025/05/20 12:0 a.m.91 views

CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system...

0.18122EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/08 10:17 p.m.91 views

CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability

...

10CVSS0.01533EPSS
Exploits0References1
cvelist
cvelist
added 2025/04/28 7:17 p.m.91 views

CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

0.0418EPSS
Exploits1References1
cvelist
cvelist
added 2025/04/02 6:11 a.m.91 views

CVE-2024-36465 SQL injection in Zabbix API

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

8.6CVSS0.2926EPSS
Exploits0References1
cvelist
cvelist
added 2024/11/21 12:0 a.m.91 views

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

0.05208EPSS
Exploits3References3
cvelist
cvelist
added 2024/07/04 12:0 a.m.91 views

CVE-2024-39929

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mimefilename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users...

0.41225EPSS
Exploits5References5
cvelist
cvelist
added 2024/06/03 3:33 p.m.91 views

CVE-2024-4540 Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS7.2AI score0.00551EPSS
Exploits0References11
cvelist
cvelist
added 2024/04/30 2:38 p.m.91 views

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

8.8CVSS9.1AI score0.15639EPSS
Exploits1References1
cvelist
cvelist
added 2023/03/28 7:59 p.m.91 views

CVE-2023-28395 CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

8.3CVSS8.6AI score0.00649EPSS
Exploits1References1
cvelist
cvelist
added 2022/03/30 11:49 a.m.91 views

CVE-2022-24131

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting XSS through /admin/login.php in the background, which will lead to JavaScript code execution...

6.4AI score0.00848EPSS
Exploits1References1
cvelist
cvelist
added 2021/04/05 6:27 p.m.91 views

CVE-2021-24208 WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...

5.6AI score0.00658EPSS
Exploits1References2
cvelist
cvelist
added 2020/08/07 3:24 p.m.91 views

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

8.6AI score0.89744EPSS
Exploits0References29
cvelist
cvelist
added 2019/05/09 12:0 a.m.92 views

CVE-2019-11840

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...

5.8AI score0.03465EPSS
Exploits0References11
cvelist
cvelist
added 2019/01/31 12:0 a.m.91 views

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...

6.8AI score0.20906EPSS
Exploits8References7
cvelist
cvelist
added 2026/05/22 2:31 a.m.90 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

0.00394EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/15 2:48 a.m.90 views

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS0.00112EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/14 2:32 p.m.90 views

CVE-2026-44375 Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serialization library. Prior to 1.1.62, Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an oversized timestamp extension length, causing the...

7.5CVSS0.00358EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/12 12:0 a.m.90 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS0.01225EPSS
Exploits2References7
cvelist
cvelist
added 2026/04/22 8:30 a.m.90 views

CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service

A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...

5.5CVSS0.00108EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/16 5:52 p.m.90 views

CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

6CVSS0.00621EPSS
Exploits0References8
cvelist
cvelist
added 2025/10/14 2:17 p.m.90 views

CVE-2025-10243

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

7.2CVSS0.2084EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/06 12:0 a.m.90 views

CVE-2025-50538

Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...

8.2CVSS0.13138EPSS
Exploits1References3
cvelist
cvelist
added 2025/09/01 9:18 p.m.90 views

CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

9.8CVSS0.36619EPSS
Exploits0References2
cvelist
cvelist
added 2025/08/08 3:40 p.m.90 views

CVE-2025-8356 Path Traversal leading to RCE

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution RCE, allowing the attacker to run arbitrary commands on the system...

9.8CVSS0.14774EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/01 8:39 p.m.90 views

CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...

9.3CVSS0.12099EPSS
Exploits1References5
cvelist
cvelist
added 2025/07/27 7:57 a.m.90 views

CVE-2025-5120 Sandbox Escape Vulnerability in huggingface/smolagents

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

7.6CVSS0.18654EPSS
Exploits1References2
cvelist
cvelist
added 2025/07/08 4:57 p.m.90 views

CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

...

9.8CVSS0.2188EPSS
Exploits1References1
cvelist
cvelist
added 2025/07/01 2:39 p.m.90 views

CVE-2025-37098

A path traversal vulnerability exists in HPE Insight Remote Support IRS prior to v7.15.0.646...

0.32516EPSS
Exploits0References1
cvelist
cvelist
added 2025/06/10 7:54 a.m.90 views

CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

0.00878EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/14 12:0 a.m.90 views

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

0.11991EPSS
Exploits1References2
cvelist
cvelist
added 2025/03/12 6:15 p.m.90 views

CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.02865EPSS
Exploits2References10
cvelist
cvelist
added 2024/09/19 10:42 p.m.90 views

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

5.4CVSS0.00646EPSS
Exploits0References2
cvelist
cvelist
added 2024/06/07 11:25 a.m.90 views

CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

0.00758EPSS
Exploits0References1
cvelist
cvelist
added 2024/05/09 8:3 p.m.90 views

CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00419EPSS
Exploits1References2
cvelist
cvelist
added 2024/04/16 5:54 a.m.90 views

CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS8.1AI score0.01191EPSS
Exploits2References2
cvelist
cvelist
added 2024/02/23 1:26 p.m.90 views

CVE-2024-26594 ksmbd: validate mech token in session setup

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

7.2AI score0.78388EPSS
Exploits0References5
Total number of security vulnerabilities5000