Lucene search
+L
CvelistMost viewed

366964 matches found

Cvelist
Cvelist
•added 2023/05/11 9:1 p.m.•63 views

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.6AI score0.00725EPSS
Exploits1References2
Cvelist
Cvelist
•added 2023/03/29 12:0 a.m.•63 views

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.4AI score0.01512EPSS
Exploits1References6
Cvelist
Cvelist
•added 2023/03/21 12:0 a.m.•63 views

CVE-2023-26497

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute...

8.6CVSS9.9AI score0.24266EPSS
Exploits0References3
Cvelist
Cvelist
•added 2023/02/21 6:35 p.m.•63 views

CVE-2022-48282 Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

6.6CVSS7.2AI score0.01049EPSS
Exploits0References2
Cvelist
Cvelist
•added 2023/02/21 12:0 a.m.•63 views

CVE-2023-0934 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.5AI score0.00393EPSS
Exploits1References2
Cvelist
Cvelist
•added 2023/02/14 7:33 p.m.•63 views

CVE-2023-21722 .NET Framework Denial of Service Vulnerability

...

5CVSS6.5AI score0.00917EPSS
Exploits0References1
Cvelist
Cvelist
•added 2023/02/03 9:46 p.m.•63 views

CVE-2022-24894 Symfony storing cookie headers in HttpCache

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

5.9CVSS8.7AI score0.00753EPSS
Exploits0References3
Cvelist
Cvelist
•added 2023/01/31 11:54 p.m.•64 views

CVE-2023-23924 URI validation failure on SVG parsing in Dompdf

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with...

10CVSS9.7AI score0.03572EPSS
Exploits2References3
Cvelist
Cvelist
•added 2023/01/25 9:39 p.m.•63 views

CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

7.5CVSS7.7AI score0.5017EPSS
Exploits0References1
Cvelist
Cvelist
•added 2023/01/14 12:0 a.m.•63 views

CVE-2023-23589

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002...

6.7AI score0.00832EPSS
Exploits1References8
Cvelist
Cvelist
•added 2022/12/26 12:0 a.m.•63 views

CVE-2022-37309

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name...

6.2AI score0.00538EPSS
Exploits2References2
Cvelist
Cvelist
•added 2022/11/09 12:0 a.m.•63 views

CVE-2022-41128 Windows Scripting Languages Remote Code Execution Vulnerability

...

8.8CVSS8.8AI score0.24623EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/10/31 7:24 p.m.•63 views

CVE-2022-41657

Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces APIs. This could create arbitrary files, which could be used in API operations and could ultimately...

9.8CVSS9.9AI score0.20898EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/09/13 6:41 p.m.•63 views

CVE-2022-26929 .NET Framework Remote Code Execution Vulnerability

...

7.8CVSS8.8AI score0.01356EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/08/31 6:55 p.m.•63 views

CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

5.3CVSS5.5AI score0.00999EPSS
Exploits0References2
Cvelist
Cvelist
•added 2022/06/15 7:5 p.m.•63 views

CVE-2022-31070 Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

5.8CVSS7.6AI score0.00603EPSS
Exploits0References2
Cvelist
Cvelist
•added 2022/06/09 8:0 p.m.•63 views

CVE-2022-31033 Authorization header leak in rubygem Mechanize

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

5.9CVSS7.6AI score0.01392EPSS
Exploits0References4
Cvelist
Cvelist
•added 2022/05/10 8:33 p.m.•63 views

CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability

...

8.2CVSS8.4AI score0.00842EPSS
Exploits0References1
Cvelist
Cvelist
•added 2022/04/04 5:35 p.m.•64 views

CVE-2022-24787 Incorrect Comparison in Vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...

7.5CVSS7.7AI score0.0097EPSS
Exploits0References2
Cvelist
Cvelist
•added 2022/03/03 8:35 p.m.•63 views

CVE-2022-24723 Improper Input Validation in URI.js

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS5.4AI score0.01995EPSS
Exploits1References4
Cvelist
Cvelist
•added 2022/02/16 10:0 p.m.•63 views

CVE-2022-23636 Invalid drop of partially-initialized instances in wasmtime

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

5.1CVSS8.2AI score0.00772EPSS
Exploits1References2
Cvelist
Cvelist
•added 2022/02/14 9:21 a.m.•63 views

CVE-2022-0212 SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting

The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.2AI score0.02291EPSS
Exploits2References1
Cvelist
Cvelist
•added 2022/02/09 1:10 p.m.•63 views

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

7.5AI score0.12785EPSS
Exploits3References2
Cvelist
Cvelist
•added 2022/02/07 10:15 p.m.•63 views

CVE-2022-23624 Validation bypass in frourio-express

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request...

8.1CVSS8.9AI score0.01244EPSS
Exploits0References2
Cvelist
Cvelist
•added 2021/08/12 6:11 p.m.•63 views

CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS7.8AI score0.54383EPSS
Exploits0References2
Cvelist
Cvelist
•added 2021/08/08 5:9 a.m.•63 views

CVE-2021-38193

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...

6.4AI score0.00702EPSS
Exploits1References2
Cvelist
Cvelist
•added 2021/03/11 3:47 p.m.•63 views

CVE-2021-27080 Azure Sphere Unsigned Code Execution Vulnerability

...

9.3CVSS9.5AI score0.01216EPSS
Exploits1References2
Cvelist
Cvelist
•added 2021/03/04 12:30 p.m.•63 views

CVE-2020-24912

A reflected cross-site scripting XSS vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users...

5.9AI score0.06289EPSS
Exploits3References4
Cvelist
Cvelist
•added 2021/02/26 2:15 a.m.•63 views

CVE-2021-21330 Open redirect vulnerability in aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the...

3.1CVSS6.5AI score0.01905EPSS
Exploits0References8
Cvelist
Cvelist
•added 2021/02/25 4:25 p.m.•63 views

CVE-2021-20327 MongoDB Node.js client side field level encryption library may not be validating KMS certificate

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

6.4CVSS6.7AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
•added 2021/01/20 2:50 p.m.•63 views

CVE-2021-2007

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

3.7CVSS3.7AI score0.02272EPSS
Exploits0References5
Cvelist
Cvelist
•added 2020/12/31 8:20 a.m.•63 views

CVE-2020-35910

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness...

5.4AI score0.00324EPSS
Exploits0References1
Cvelist
Cvelist
•added 2020/10/16 1:2 p.m.•63 views

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...

7.3AI score0.95432EPSS
Exploits12References8
Cvelist
Cvelist
•added 2020/08/16 3:31 a.m.•63 views

CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

9.6AI score0.02016EPSS
Exploits0References3
Cvelist
Cvelist
•added 2020/07/29 4:25 p.m.•63 views

CVE-2020-11934 Sandbox escape vulnerability via snapctl user-open (xdg-open)

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

5.9CVSS6.3AI score0.00365EPSS
Exploits0References2
Cvelist
Cvelist
•added 2020/05/07 11:52 p.m.•63 views

CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control...

9.6AI score0.88948EPSS
Exploits13References4
Cvelist
Cvelist
•added 2020/04/15 1:29 p.m.•63 views

CVE-2020-2752

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...

5.3CVSS6.1AI score0.02317EPSS
Exploits0References7
Cvelist
Cvelist
•added 2020/03/22 3:48 a.m.•63 views

CVE-2020-10802

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a...

8AI score0.02115EPSS
Exploits0References8
Cvelist
Cvelist
•added 2020/03/19 5:56 p.m.•63 views

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...

6AI score0.00906EPSS
Exploits1References1
Cvelist
Cvelist
•added 2020/03/18 4:33 p.m.•63 views

CVE-2019-19351

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera ...

7CVSS6.9AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
•added 2019/12/17 7:2 p.m.•64 views

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

7.3AI score0.01087EPSS
Exploits2References6
Cvelist
Cvelist
•added 2019/10/02 1:58 p.m.•63 views

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled...

7.4AI score0.02469EPSS
Exploits1References17
Cvelist
Cvelist
•added 2019/06/11 9:2 p.m.•63 views

CVE-2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

6.1AI score0.193EPSS
Exploits0References36
Cvelist
Cvelist
•added 2019/01/08 9:0 p.m.•63 views

CVE-2019-0541

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer,...

8AI score0.53202EPSS
Exploits4References3
Cvelist
Cvelist
•added 2018/07/18 1:0 p.m.•63 views

CVE-2018-3063

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

5.1AI score0.03213EPSS
Exploits0References11
Cvelist
Cvelist
•added 2018/06/26 7:0 p.m.•63 views

CVE-2018-3760

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...

7.3AI score0.26717EPSS
Exploits2References7
Cvelist
Cvelist
•added 2018/04/19 2:0 a.m.•63 views

CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...

7.9AI score0.00848EPSS
Exploits0References17
Cvelist
Cvelist
•added 2018/03/13 5:0 p.m.•63 views

CVE-2017-1002101

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type including non-privileged pods, subject to file permissions can access files/directories outside of the volume, including the host's filesyste...

8.8CVSS8.6AI score0.11586EPSS
Exploits2References4
Cvelist
Cvelist
•added 2018/01/18 2:0 a.m.•63 views

CVE-2018-2665

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.5AI score0.03952EPSS
Exploits0References15
Cvelist
Cvelist
•added 2018/01/18 2:0 a.m.•63 views

CVE-2018-2622

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5AI score0.03952EPSS
Exploits0References15
Total number of security vulnerabilities5000