Lucene search
K
CvelistMost viewed

364896 matches found

Cvelist
Cvelist
added 2024/10/29 12:0 a.m.263 views

CVE-2024-48955

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a use...

0.00637EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/08 4:6 p.m.263 views

CVE-2023-47565 Legacy VioStor NVR

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...

8CVSS9AI score0.73277EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 11:57 p.m.262 views

CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.2CVSS0.34734EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/08 11:9 a.m.262 views

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

7.5CVSS0.00766EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/19 3:43 p.m.262 views

CVE-2023-46264

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution...

7.2CVSS9.7AI score0.9019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 11:16 a.m.261 views

CVE-2026-3396 WCAPF – WooCommerce Ajax Product Filter <= 4.2.3 - Unauthenticated Time-Based SQL Injection

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS0.01473EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/27 6:36 a.m.261 views

CVE-2025-12055 Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

0.03625EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/17 9:43 p.m.261 views

CVE-2025-49825 Teleport allows remote authentication bypass

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch...

9.8CVSS0.07754EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 10:11 p.m.260 views

CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

9.3CVSS0.0097EPSS
Exploits2References7
Cvelist
Cvelist
added 2024/10/30 11:0 a.m.260 views

CVE-2024-8512 W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution

The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization function. This is due to the plugin passing user supplied input to eval. This makes it possible for authenticated...

9.1CVSS0.00952EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/10 12:0 a.m.260 views

CVE-2024-37728

Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface...

0.01852EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/11 4:59 p.m.260 views

CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability

...

8.8CVSS0.05158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/06 11:42 p.m.259 views

CVE-2025-0674 Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized...

9.8CVSS0.03523EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/07 5:23 a.m.259 views

CVE-2024-12535 Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure

The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefin...

8.6CVSS0.00576EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/26 7:37 a.m.259 views

CVE-2024-33605

Improper processing of some parameters of installedemanuallist.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under References...

7.5CVSS0.06226EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/11/09 7:35 a.m.259 views

CVE-2024-10801 WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...

9.8CVSS0.00829EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/09 7:35 a.m.258 views

CVE-2024-10547 WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload

The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the userprofileimageupload function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00829EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 8:15 a.m.257 views

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

7.8CVSS0.96267EPSS
Exploits230References8
Cvelist
Cvelist
added 2024/07/01 6:15 p.m.257 views

CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

0.99957EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/06 5:0 a.m.257 views

CVE-2023-22522

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution RCE on an affected instance. Publicly accessible Confluence Da...

9CVSS9.2AI score0.12844EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/24 12:0 a.m.256 views

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

0.02417EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.256 views

CVE-2023-28354

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...

0.0118EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/17 12:34 p.m.256 views

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

0.44312EPSS
Exploits13References1
Cvelist
Cvelist
added 2024/12/12 5:24 a.m.256 views

CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update

The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpcupdateusermetaoption function in all versions up to, and including, 3.2.21. This makes it...

7.5CVSS0.00747EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/22 12:0 a.m.256 views

CVE-2024-46483

Xlight FTP Server 3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content...

0.01115EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/18 12:0 a.m.256 views

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

0.01669EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/01 6:39 a.m.255 views

CVE-2024-12824 Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS0.02145EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 12:0 a.m.255 views

CVE-2025-25570

Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials...

0.01999EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/18 8:26 a.m.255 views

CVE-2024-13375 Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifierrecover function. Th...

9.8CVSS0.0139EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/15 12:0 a.m.255 views

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

0.07549EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/08 12:0 a.m.255 views

CVE-2024-51442

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file...

0.02232EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.255 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...

0.00706EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/01 12:0 a.m.255 views

CVE-2024-41276

A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanis...

0.01073EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:21 a.m.254 views

CVE-2024-12157 Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection

The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upcdeletedbrecord' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of...

7.5CVSS0.00977EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/24 7:28 p.m.253 views

CVE-2019-25246 Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and...

8.8CVSS0.17393EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/07/14 10:56 p.m.253 views

CVE-2025-53833 LaRecipe is vulnerable to Server-Side Template Injection attacks

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. Attackers could execute...

10CVSS0.09357EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/18 6:27 p.m.253 views

CVE-2025-26465 Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS0.06997EPSS
Exploits4References8
Cvelist
Cvelist
added 2025/02/14 12:0 a.m.253 views

CVE-2024-57778

An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200...

0.00516EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/02 3:7 a.m.253 views

CVE-2024-20137

In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727...

0.01223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 9:26 a.m.251 views

CVE-2025-13138 WP Directory Kit <= 1.4.3 - Unauthenticated SQL Injection via select_2_ajax() Function

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columnssearch' parameter of the select2ajax function in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.01453EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/15 12:0 a.m.251 views

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

0.09328EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/06/10 7:10 a.m.251 views

CVE-2021-26691 Apache HTTP Server mod_session response handling heap overflow

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

9.7AI score0.68067EPSS
Exploits0References13
Cvelist
Cvelist
added 2025/07/31 5:44 a.m.250 views

CVE-2025-53558

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices...

8.8CVSS0.0135EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/14 10:15 a.m.250 views

CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.9AI score0.41861EPSS
Exploits0References16
Cvelist
Cvelist
added 2025/11/05 6:35 a.m.248 views

CVE-2025-12139 File Manager for Google Drive – Integrate Google Drive with WordPress <= 1.5.3 - Unauthenticated Sensitive Information Exposure

The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "getlocalizedata" function. This makes it possible for unauthenticated attackers to extract sensitive...

7.5CVSS0.02362EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/12/05 5:43 p.m.248 views

CVE-2023-6448 Unitronics VisiLogic uses a default administrative password

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system...

9.8CVSS9.8AI score0.02089EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/28 3:31 p.m.246 views

CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

7.9AI score0.02651EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/07 3:13 p.m.244 views

CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...

8.7CVSS0.00759EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/17 11:26 p.m.243 views

CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS0.0239EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/09/29 12:0 a.m.243 views

CVE-2023-44466

An issue was discovered in net/ceph/messengerv2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in cephdecode32...

9.3AI score0.54577EPSS
Exploits1References5
Total number of security vulnerabilities5000