Lucene search
K
CvelistMost viewed

364903 matches found

Cvelist
Cvelist
added 2023/08/22 12:0 a.m.64 views

CVE-2021-32292

An issue was discovered in json-c from 20200420 post 0.14 unreleased code through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program jsonparse which is located in the function parseit...

9.6AI score0.01071EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/04 1:44 a.m.64 views

CVE-2022-32666

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014...

7.6AI score0.0099EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/28 12:0 a.m.64 views

CVE-2023-30350

FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password...

9AI score0.05343EPSS
Exploits4References1
Cvelist
Cvelist
added 2023/05/10 9:12 a.m.64 views

CVE-2022-33961 WordPress YellowPencil Visual CSS Style Editor Plugin <= 7.5.8 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

4CVSS5.1AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/05 12:0 a.m.64 views

CVE-2023-30065

MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...

9.3AI score0.01328EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/16 7:0 a.m.65 views

CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...

8.9CVSS8.5AI score0.00423EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/11 7:13 p.m.64 views

CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability

...

7.8CVSS7.7AI score0.01531EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/28 2:51 p.m.64 views

CVE-2022-47612 WordPress Participants Database Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

4.3CVSS5.1AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/12 1:49 a.m.64 views

CVE-2022-24439 Remote Code Execution (RCE)

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

8.1CVSS9.8AI score0.05378EPSS
Exploits1References8
Cvelist
Cvelist
added 2022/12/07 3:12 a.m.64 views

CVE-2022-41800 Appliance mode iControl REST vulnerability

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note:...

8.7CVSS8.6AI score0.62406EPSS
Exploits8References1
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.64 views

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

5.9CVSS7.7AI score0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/09 12:0 a.m.64 views

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

7.7AI score0.03502EPSS
Exploits0References27
Cvelist
Cvelist
added 2022/04/01 10:17 p.m.64 views

CVE-2022-1159 Rockwell Automation Studio 5000 Logix Designer Code Injection

Rockwell Automation Studio 5000 Logix Designer all versions are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user...

7.7CVSS7.7AI score0.03398EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/04 5:5 p.m.64 views

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.7AI score0.00515EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/12/15 2:14 p.m.64 views

CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability

...

5.5CVSS6.1AI score0.02862EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/22 7:23 p.m.64 views

CVE-2020-23478

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

7.4AI score0.01193EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/05/20 1:15 a.m.64 views

CVE-2021-20718

modauthopenidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service DoS condition via unspecified vectors...

7.6AI score0.03395EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/03/18 1:35 p.m.64 views

CVE-2021-21625

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances...

5.2AI score0.00722EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/15 4:57 p.m.65 views

CVE-2021-27889

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

7AI score0.05072EPSS
Exploits9References3
Cvelist
Cvelist
added 2021/03/09 12:25 a.m.64 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.5AI score0.03289EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/02/25 11:1 p.m.64 views

CVE-2021-1728 System Center Operations Manager Elevation of Privilege Vulnerability

...

8.8CVSS8.9AI score0.01825EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/09 12:0 a.m.64 views

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

6.5CVSS6.4AI score0.01555EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/11/24 4:17 p.m.64 views

CVE-2020-10763

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords...

5AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/08 1:22 p.m.64 views

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...

8CVSS9.2AI score0.04264EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/04/21 7:1 p.m.64 views

CVE-2020-10569

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

10AI score0.03176EPSS
Exploits3References2
Cvelist
Cvelist
added 2020/04/15 4:48 p.m.64 views

CVE-2020-10639

Eaton HMiSoft VU3 HMIVU3 runtime not impacted, Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product...

7.8AI score0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/17 3:25 p.m.64 views

CVE-2019-14782

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...

6.5AI score0.01382EPSS
Exploits3References2
Cvelist
Cvelist
added 2019/10/31 4:9 p.m.64 views

CVE-2019-16251

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...

4.6AI score0.00948EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/21 6:15 p.m.64 views

CVE-2017-18535

The smokesignal plugin before 1.2.7 for WordPress has XSS...

6.4AI score0.00905EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/01/25 4:0 p.m.64 views

CVE-2017-15365

sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...

7.4AI score0.03287EPSS
Exploits0References9
Cvelist
Cvelist
added 2017/10/19 5:0 p.m.64 views

CVE-2017-10268

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...

4.3AI score0.00697EPSS
Exploits0References14
Cvelist
Cvelist
added 2017/02/07 3:0 p.m.64 views

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.3AI score0.00425EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/10/21 9:0 p.m.64 views

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache...

5.2AI score0.02729EPSS
Exploits0References9
Cvelist
Cvelist
added 2014/07/20 10:0 a.m.64 views

CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

4.2AI score0.43809EPSS
Exploits1References47
Cvelist
Cvelist
added 2014/03/18 1:0 a.m.64 views

CVE-2014-0098

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

7AI score0.25999EPSS
Exploits2References54
Cvelist
Cvelist
added 2010/11/20 9:0 p.m.64 views

CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...

8.9AI score0.09126EPSS
Exploits0References11
Cvelist
Cvelist
added 2009/12/20 2:0 a.m.64 views

CVE-2009-4029

The 1 dist or 2 distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions 777 to directories in the build tree, which introduces a race condition that allo...

8.7AI score0.00477EPSS
Exploits1References12
Cvelist
Cvelist
added 2009/06/05 9:0 p.m.64 views

CVE-2009-1946

PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter...

7.5AI score0.01861EPSS
Exploits1References4
Cvelist
Cvelist
added 2004/04/06 4:0 a.m.64 views

CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file...

5.8AI score0.00604EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/23 2:20 p.m.63 views

CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS0.01892EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/04 2:5 p.m.63 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS0.10659EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/02 12:30 a.m.63 views

CVE-2026-10548 NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS0.0014EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/01 3:45 a.m.63 views

CVE-2026-10221 NousResearch hermes-agent run_agent.py _compress_context injection

A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function compresscontext of the file runagent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be use...

7.5CVSS0.00304EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/21 1:3 p.m.63 views

CVE-2026-34926

A directory traversal vulnerability in the Apex One on-premise server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the on-premise version of Apex...

6.7CVSS0.12682EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 11:34 p.m.63 views

CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repoaddsolv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could...

6.5CVSS0.00291EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/17 11:30 p.m.63 views

CVE-2026-8771 linlinjava litemall Front-end WeChat API WxGoodsController.java list sql injection

A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql injection. Remote...

7.5CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:11 a.m.63 views

CVE-2026-41702 TOCTOU local privilege escalation vulnerability

VMware Fusion contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is install...

7.8CVSS0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 2:51 a.m.63 views

CVE-2024-36332

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine VM to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service DOS condition...

6.8CVSS0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 1:45 a.m.63 views

CVE-2025-48512

Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller GPIO could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...

7CVSS0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 8:44 p.m.63 views

CVE-2026-44212 PrestaShop: Stored XSS executable in customer service view

PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored Cross-Site Scripting XSS vulnerability in the PrestaShop back-office Customer Service view. An unauthenticated attacker can submit the public Contact Us form with a malicious email address. The...

9.3CVSS0.00331EPSS
Exploits0References1
Total number of security vulnerabilities5000