Lucene search
+L
CvelistMost viewed

366583 matches found

cvelist
cvelist
added 2026/05/06 11:29 a.m.66 views

CVE-2026-43282 RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function ionicqueryport calls ibdevicegetnetdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking the retur...

0.00112EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/06 11:28 a.m.66 views

CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcpv6synrecvsock Code in tcpv6synrecvsock after the call to tcpv4synrecvsock is done too late. After tcpv4synrecvsock, the child socket is already visible from TCP ehash table and other cpus might use i...

9.8CVSS0.00298EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/05 7:15 p.m.66 views

CVE-2026-7857 D-Link DI-8100 CGI user_group.asp sprintf buffer overflow

A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /usergroup.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and m...

8.6CVSS0.04164EPSS
Exploits1References5
cvelist
cvelist
added 2026/05/05 2:41 p.m.66 views

CVE-2026-34002 Xorg: xwayland: x.org x server: information disclosure or denial of service via out-of-bounds read in xkb modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

6.1CVSS0.00489EPSS
Exploits0References26
cvelist
cvelist
added 2026/05/05 2:26 a.m.66 views

CVE-2026-1921 Loco Translate <= 2.8.2 - Authenticated (Translator+) Path Traversal to Limited File Read via 'ref' Parameter

The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...

4.9CVSS0.0064EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/05 12:0 a.m.66 views

CVE-2026-7788 Axle-Bucamp MCP-Docusaurus document.py get_content path traversal

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function updatedocument/continuedocument/deletedocument/getcontent of the file app/routes/document.py. Performing a manipulation of the argument DOCSDIR/pa...

7.5CVSS0.0041EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/04 7:12 p.m.66 views

CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

9.3CVSS0.02707EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/28 12:0 a.m.66 views

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

8.1CVSS0.04438EPSS
Exploits7References5
cvelist
cvelist
added 2026/04/27 3:28 p.m.66 views

CVE-2026-6970 authd Denial of Service and Local Privilege Escalation

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...

7.3CVSS0.0011EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/11 6:45 a.m.66 views

CVE-2026-34621 Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)

Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

8.6CVSS0.07086EPSS
Exploits4References1
cvelist
cvelist
added 2026/04/06 3:17 p.m.66 views

CVE-2026-5704 Tar: tar: hidden file injection via crafted archives

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

5CVSS0.0043EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/01 12:22 p.m.66 views

CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

9.8CVSS0.39688EPSS
Exploits4References3
cvelist
cvelist
added 2026/02/14 4:27 p.m.66 views

CVE-2026-23197 i2c: imx: preserve error state in block data length handler

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...

0.001EPSS
Exploits0References2
cvelist
cvelist
added 2026/01/27 2:23 p.m.66 views

CVE-2026-1470 Authenticated users can bypass the Expression sandbox mechanism to achieve full remote code execution on n8n’s main node.

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS0.18071EPSS
Exploits2References2
cvelist
cvelist
added 2025/07/25 3:27 p.m.66 views

CVE-2025-38442 block: reject bs > ps block devices when THP is disabled

In the Linux kernel, the following vulnerability has been resolved: block: reject bs ps block devices when THP is disabled If THP is disabled and when a block device with logical block size page size is present, the following null ptr deref panic happens during boot: 13.2 mK AOSAN: null-ptr-deref...

0.00137EPSS
Exploits0References2
cvelist
cvelist
added 2025/06/11 5:28 p.m.66 views

CVE-2025-0923 IBM Cognos Analytics information disclosure

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

5.3CVSS0.00241EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/29 12:29 p.m.66 views

CVE-2025-48045 MICI Network Co. Ltd. NetFax Server Default Administrator Credentials Disclosure

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...

8.7CVSS0.00556EPSS
Exploits0References1
cvelist
cvelist
added 2025/02/19 9:11 p.m.66 views

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS0.00578EPSS
Exploits1References3
cvelist
cvelist
added 2025/01/23 11:37 a.m.66 views

CVE-2025-23006

Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console AMC and Central Management Console CMC, which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands...

0.23432EPSS
Exploits1References1
cvelist
cvelist
added 2025/01/20 10:53 p.m.66 views

CVE-2025-24014 segmentation fault in win_line() in Vim < 9.1.1043

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui...

4.2CVSS0.00261EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/12 4:6 p.m.66 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

8.6CVSS0.01442EPSS
Exploits0References3
cvelist
cvelist
added 2024/10/28 6:17 p.m.66 views

CVE-2024-50432 WordPress Post Grid and Gutenberg Blocks plugin <= 2.2.93 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Cross-Site Scripting XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through = 2.2.93...

6.5CVSS0.00251EPSS
Exploits0References1
cvelist
cvelist
added 2024/09/10 4:53 p.m.66 views

CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability

...

7.3CVSS0.02667EPSS
Exploits0References1
cvelist
cvelist
added 2024/08/26 8:21 p.m.66 views

CVE-2024-43214 WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through = 2.7.2...

5.3CVSS0.00265EPSS
Exploits0References1
cvelist
cvelist
added 2024/07/10 6:39 p.m.66 views

CVE-2024-5910 Expedition: Missing Authentication Leads to Admin Account Takeover

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credential...

9.3CVSS0.91783EPSS
Exploits9References1
cvelist
cvelist
added 2024/07/05 6:39 p.m.66 views

CVE-2024-39689 Certifi removes GLOBALTRUST root certificate

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

7.5CVSS0.01049EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/04 8:36 a.m.66 views

CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

0.00889EPSS
Exploits0References3
cvelist
cvelist
added 2024/07/01 2:17 p.m.66 views

CVE-2024-21457 Buffer Over-read in WLAN Host Communication

INformation disclosure while handling Multi-link IE in beacon frame...

6.5CVSS0.00213EPSS
Exploits0References1
cvelist
cvelist
added 2024/06/24 9:59 a.m.66 views

CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

0.05995EPSS
Exploits1References1
cvelist
cvelist
added 2024/06/18 5:0 p.m.66 views

CVE-2024-21685

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosur...

7.4CVSS0.00439EPSS
Exploits0References2
cvelist
cvelist
added 2024/06/16 12:0 a.m.66 views

CVE-2024-38428

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent...

0.00672EPSS
Exploits0References2
cvelist
cvelist
added 2024/06/10 12:0 a.m.66 views

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

0.03304EPSS
Exploits2References3
cvelist
cvelist
added 2024/05/23 1:56 a.m.66 views

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands...

8.7CVSS8.4AI score0.26937EPSS
Exploits1References3
cvelist
cvelist
added 2024/05/02 1:28 p.m.66 views

CVE-2024-34145

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377ae and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox...

7.4AI score0.01002EPSS
Exploits0References2
cvelist
cvelist
added 2024/03/23 12:0 a.m.66 views

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/importrun.php&type=externalAssessment&step=4 URI...

6.6AI score0.5132EPSS
Exploits7References2
cvelist
cvelist
added 2024/03/06 6:31 p.m.66 views

CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

9.1CVSS9.3AI score0.00774EPSS
Exploits2References2
cvelist
cvelist
added 2024/02/28 11:28 p.m.66 views

CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

5.3CVSS5.5AI score0.35376EPSS
Exploits1References7
cvelist
cvelist
added 2024/02/24 5:0 a.m.66 views

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

7.5CVSS7.7AI score0.01025EPSS
Exploits1References4
cvelist
cvelist
added 2024/02/13 2:5 p.m.66 views

CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

7.5CVSS7.7AI score0.01097EPSS
Exploits0References5
cvelist
cvelist
added 2024/01/02 9:54 p.m.66 views

CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

8.6CVSS9.6AI score0.00904EPSS
Exploits1References3
cvelist
cvelist
added 2023/12/29 6:31 a.m.66 views

CVE-2023-7158 MicroPython objslice.c slice_indices heap-based overflow

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function sliceindices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

7.5CVSS10AI score0.01228EPSS
Exploits1References9
cvelist
cvelist
added 2023/12/19 3:43 p.m.66 views

CVE-2023-46261

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service DoS or code execution...

9.8CVSS9.8AI score0.11337EPSS
Exploits0References1
cvelist
cvelist
added 2023/09/20 12:32 p.m.66 views

CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

7.5CVSS7.9AI score0.02626EPSS
Exploits0References8
cvelist
cvelist
added 2023/07/28 4:30 a.m.66 views

CVE-2023-38571

This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences...

7.6AI score0.01288EPSS
Exploits0References6
cvelist
cvelist
added 2023/07/24 3:19 p.m.66 views

CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

7CVSS6.8AI score0.00761EPSS
Exploits1References3
cvelist
cvelist
added 2023/07/14 9:9 p.m.66 views

CVE-2023-34236 Information Disclosure Vulnerability in Weave GitOps Terraform Controller

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

8.5CVSS8.7AI score0.00953EPSS
Exploits1References7
cvelist
cvelist
added 2023/07/13 2:4 a.m.66 views

CVE-2023-3342 User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS9.8AI score0.01691EPSS
Exploits2References4
cvelist
cvelist
added 2023/06/30 6:57 p.m.66 views

CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

9CVSS9.2AI score0.00903EPSS
Exploits1References4
cvelist
cvelist
added 2023/06/06 12:0 a.m.67 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.9AI score0.00469EPSS
Exploits3References6
cvelist
cvelist
added 2023/05/28 12:0 a.m.66 views

CVE-2023-30350

FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password...

9AI score0.05343EPSS
Exploits4References1
Total number of security vulnerabilities5000