Lucene search
K
CvelistMost viewed

366547 matches found

Cvelist
Cvelist
added 2024/05/16 9:32 a.m.88 views

CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...

8.8CVSS8.8AI score0.01183EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/14 4:57 p.m.88 views

CVE-2024-30054 Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

...

6.5CVSS7AI score0.01748EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.88 views

CVE-2024-4107 Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00419EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/23 1:26 p.m.88 views

CVE-2024-26594 ksmbd: validate mech token in session setup

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

7.2AI score0.78388EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/12/06 4:27 p.m.88 views

CVE-2023-39326 Denial of service via chunk extensions in net/http

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

6.7AI score0.01208EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/30 9:3 p.m.88 views

CVE-2023-41041 User session is still usable after logout in graylog2-server

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...

2.6CVSS4.1AI score0.00411EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/28 10:25 p.m.88 views

CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

7.4AI score0.49336EPSS
Exploits2References12
Cvelist
Cvelist
added 2022/03/30 11:49 a.m.88 views

CVE-2022-24131

DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting XSS through /admin/login.php in the background, which will lead to JavaScript code execution...

6.4AI score0.00848EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/10/27 9:0 p.m.88 views

CVE-2017-15945

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql...

7.7AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/05/12 8:0 p.m.88 views

CVE-2017-8923

The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...

9.9AI score0.07191EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/07/19 1:0 a.m.88 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

8.2AI score0.55724EPSS
Exploits0References54
Cvelist
Cvelist
added 2026/07/03 6:13 a.m.87 views

CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

0.01064EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/15 9:11 p.m.87 views

CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...

0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 3:34 p.m.87 views

CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS0.00622EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 8:55 p.m.87 views

CVE-2026-42561 Python-Multipart: Denial of Service via unbounded multipart part headers

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...

7.5CVSS0.00549EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:50 p.m.87 views

CVE-2026-21821 HCL BigFix SCM Reporting is affected by vulnerabilities in jQuery

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side...

8.3CVSS0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 9:30 p.m.87 views

CVE-2026-3909

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

0.01629EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/07 4:47 p.m.87 views

CVE-2026-22536 PRIVILEGE ESCALATION VIA SUDO COMMAND

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

8.6CVSS0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.87 views

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

0.17464EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/14 2:17 p.m.87 views

CVE-2025-10243

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

7.2CVSS0.2084EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/06 12:0 a.m.87 views

CVE-2025-50538

Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...

8.2CVSS0.13138EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/08 3:40 p.m.87 views

CVE-2025-8356 Path Traversal leading to RCE

In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution RCE, allowing the attacker to run arbitrary commands on the system...

9.8CVSS0.14774EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/01 8:39 p.m.87 views

CVE-2013-10048 D-Link Devices command.php Unauthenticated RCE

An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 firmware ≤ 2.13 and ≤ 2.14b01, respectively—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker c...

9.3CVSS0.12099EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/07/27 7:57 a.m.87 views

CVE-2025-5120 Sandbox Escape Vulnerability in huggingface/smolagents

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

7.6CVSS0.18654EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/10 4:57 p.m.87 views

CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

0.01149EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 4:57 p.m.87 views

CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

...

9.8CVSS0.2188EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/07/01 2:39 p.m.87 views

CVE-2025-37098

A path traversal vulnerability exists in HPE Insight Remote Support IRS prior to v7.15.0.646...

0.32516EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.87 views

CVE-2024-54780

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting...

0.11991EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/01 11:12 a.m.87 views

CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash

Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...

7.5CVSS0.00414EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/28 9:25 p.m.87 views

CVE-2025-26466 Openssh: denial-of-service in openssh

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS0.38474EPSS
Exploits4References4
Cvelist
Cvelist
added 2024/10/22 12:14 p.m.87 views

CVE-2024-9050 Networkmanager-libreswan: local privilege escalation via leftupdown

A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...

7.8CVSS0.00452EPSS
Exploits0References15
Cvelist
Cvelist
added 2024/08/25 9:0 a.m.87 views

CVE-2024-8147 code-projects Pharmacy Management System index.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

6.5CVSS0.00611EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/04/12 7:20 a.m.87 views

CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the...

10CVSS10AI score0.99999EPSS
Exploits43References4
Cvelist
Cvelist
added 2022/12/28 6:27 a.m.87 views

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

7.2CVSS7.2AI score0.00724EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/08/17 12:0 a.m.87 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

5.9AI score0.98631EPSS
Exploits23References18
Cvelist
Cvelist
added 2026/06/23 5:42 p.m.86 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS0.00128EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.86 views

CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.03552EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.86 views

CVE-2026-47281 Visual Studio Code Elevation of Privilege Vulnerability

...

9.6CVSS0.00591EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:4 p.m.86 views

CVE-2026-45456 Microsoft Outlook and Word Remote Code Execution Vulnerability

...

8.4CVSS0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 3:58 p.m.86 views

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00505EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:28 p.m.86 views

CVE-2026-28379 Viewer-triggered race condition in Grafana Live leads to complete server crash

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

6.5CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/09 10:15 p.m.86 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 4:24 p.m.86 views

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

7.5CVSS0.01533EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/02 5:29 a.m.86 views

CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...

7.2CVSS0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 11:30 p.m.86 views

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

0.40972EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 2:20 p.m.86 views

CVE-2025-10985

OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution...

7.2CVSS0.2084EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/24 5:44 p.m.86 views

CVE-2025-52906 TOTOLINK X6000R Command Injection Vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360B20241207...

9.3CVSS0.13164EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/01 9:18 p.m.86 views

CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing...

9.8CVSS0.36619EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/15 2:13 p.m.86 views

CVE-2025-54466 Apache OFBiz: RCE Vulnerability in scrum plugin

Improper Control of Generation of Code 'Code Injection' vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended t...

0.13995EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/05 1:0 p.m.86 views

CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

9.4CVSS0.17066EPSS
Exploits0References1
Total number of security vulnerabilities5000