Lucene search
+L
CvelistMost viewed

366723 matches found

cvelist
cvelist
•added 2023/05/18 9:27 p.m.•62 views

CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

10AI score0.01249EPSS
Exploits0References2
cvelist
cvelist
•added 2023/05/10 3:23 p.m.•62 views

CVE-2022-46378

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

6.5CVSS7.6AI score0.01419EPSS
Exploits1References2
cvelist
cvelist
•added 2023/05/09 12:0 a.m.•63 views

CVE-2023-28128

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...

7.3AI score0.84697EPSS
Exploits3References2
cvelist
cvelist
•added 2023/05/03 6:33 p.m.•62 views

CVE-2023-25826 Remote Code Execution in OpenTSDB

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.9AI score0.35604EPSS
Exploits4References3
cvelist
cvelist
•added 2023/05/03 12:0 a.m.•62 views

CVE-2022-40302

An issue was discovered in bgpd in FRRouting FRR through 8.4. By crafting a BGP OPEN message with an option of type 0xff Extended Length from RFC 9072, attackers may cause a denial of service assertion failure and daemon restart, or out-of-bounds read. This is possible because of inconsistent...

6.8AI score0.01983EPSS
Exploits0References3
cvelist
cvelist
•added 2023/04/26 8:46 p.m.•62 views

CVE-2023-30845 ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

8.2CVSS9.8AI score0.00649EPSS
Exploits0References4
cvelist
cvelist
•added 2023/03/29 12:0 a.m.•62 views

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...

8.4AI score0.01512EPSS
Exploits1References6
cvelist
cvelist
•added 2023/03/02 8:54 p.m.•62 views

CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

4.1CVSS8.9AI score0.00839EPSS
Exploits0References5
cvelist
cvelist
•added 2023/02/21 12:0 a.m.•62 views

CVE-2023-0934 Cross-site Scripting (XSS) - Stored in answerdev/answer

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.5AI score0.00393EPSS
Exploits1References2
cvelist
cvelist
•added 2023/02/14 7:32 p.m.•62 views

CVE-2023-21705 Microsoft SQL Server Remote Code Execution Vulnerability

...

8.8CVSS8.9AI score0.01113EPSS
Exploits0References1
cvelist
cvelist
•added 2022/12/06 5:18 p.m.•62 views

CVE-2022-23472 Use of insecure random number generator in Passeo

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

5.9CVSS7.7AI score0.00791EPSS
Exploits0References3
cvelist
cvelist
•added 2022/12/04 12:0 a.m.•62 views

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7AI score0.0138EPSS
Exploits1References2
cvelist
cvelist
•added 2022/11/30 11:7 p.m.•62 views

CVE-2022-40204

A cross-site scripting XSS vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login...

4.1CVSS5.5AI score0.00341EPSS
Exploits0References1
cvelist
cvelist
•added 2022/08/31 6:55 p.m.•62 views

CVE-2022-36046 Unexpected server crash in Next.js version 12.2.3

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

5.3CVSS5.5AI score0.00999EPSS
Exploits0References2
cvelist
cvelist
•added 2022/08/19 11:52 a.m.•62 views

CVE-2022-35910

In Jellyfin before 10.8, stored XSS allows theft of an admin access token...

5.4AI score0.01283EPSS
Exploits2References3
cvelist
cvelist
•added 2022/06/14 9:51 a.m.•62 views

CVE-2022-22071

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

8.4CVSS8.8AI score0.0045EPSS
Exploits0References1
cvelist
cvelist
•added 2022/01/19 8:38 p.m.•62 views

CVE-2022-23046

PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php...

7.2AI score0.25243EPSS
Exploits7References3
cvelist
cvelist
•added 2021/11/24 7:5 p.m.•62 views

CVE-2021-41270 CSV Injection in Symfony

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...

6.5CVSS6.8AI score0.01355EPSS
Exploits0References6
cvelist
cvelist
•added 2021/11/16 11:45 a.m.•62 views

CVE-2021-42114 Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS9.2AI score0.02889EPSS
Exploits1References3
cvelist
cvelist
•added 2021/11/05 10:10 p.m.•62 views

CVE-2021-41213 Deadlock in mutually recursive `tf.function` objects

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

5.5CVSS5.7AI score0.00235EPSS
Exploits0References2
cvelist
cvelist
•added 2021/11/03 5:20 p.m.•62 views

CVE-2021-23509 Prototype Pollution

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

5.6CVSS9.7AI score0.01769EPSS
Exploits1References5
cvelist
cvelist
•added 2021/10/04 6:5 p.m.•62 views

CVE-2021-41099 Integer overflow issue with strings in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len...

7.5CVSS8.5AI score0.03422EPSS
Exploits0References9
cvelist
cvelist
•added 2021/05/26 2:4 p.m.•62 views

CVE-2021-21985

The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...

10AI score0.99999EPSS
Exploits13References3
cvelist
cvelist
•added 2021/04/05 6:27 p.m.•62 views

CVE-2021-24174 Database Backups <= 1.2.2.6 - CSRF to Backup Download

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

8.2AI score0.03218EPSS
Exploits5References2
cvelist
cvelist
•added 2021/03/23 1:50 a.m.•62 views

CVE-2021-21355 Unrestricted File Upload in Form Framework

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

8.6CVSS8.9AI score0.01631EPSS
Exploits0References3
cvelist
cvelist
•added 2020/12/23 3:6 p.m.•62 views

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

7.6AI score0.01421EPSS
Exploits2References4
cvelist
cvelist
•added 2020/07/20 6:0 p.m.•62 views

CVE-2020-15121 Command injection in Radare2

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

7.4CVSS9.3AI score0.01558EPSS
Exploits0References6
cvelist
cvelist
•added 2020/06/09 7:43 p.m.•62 views

CVE-2020-1238

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239...

8.8AI score0.06988EPSS
Exploits0References3
cvelist
cvelist
•added 2020/04/13 9:20 p.m.•62 views

CVE-2020-11738

The Snap Creek Duplicator plugin before 1.3.28 for WordPress and Duplicator Pro before 3.8.7.1 allows Directory Traversal via ../ in the file parameter to duplicatordownload or duplicatorinit...

7.5CVSS7.5AI score0.97822EPSS
Exploits11References5
cvelist
cvelist
•added 2019/05/22 12:0 a.m.•62 views

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

6.2AI score0.02002EPSS
Exploits2References7
cvelist
cvelist
•added 2019/04/21 7:38 p.m.•62 views

CVE-2019-11416

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...

8.8AI score0.0389EPSS
Exploits5References3
cvelist
cvelist
•added 2018/10/01 8:0 p.m.•62 views

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

8.8CVSS7.7AI score0.0128EPSS
Exploits1References1
cvelist
cvelist
•added 2018/08/21 1:0 a.m.•62 views

CVE-2018-15599

The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...

5.9AI score0.02709EPSS
Exploits0References5
cvelist
cvelist
•added 2018/08/01 1:0 p.m.•62 views

CVE-2018-1999037

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource...

4.5AI score0.00761EPSS
Exploits0References1
cvelist
cvelist
•added 2018/01/22 8:0 p.m.•62 views

CVE-2018-5999

An issue was discovered in AsusWRT before 3.0.0.4.38410007. In the handlerequest function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails...

9.6AI score0.8715EPSS
Exploits10References5
cvelist
cvelist
•added 2016/03/13 6:0 p.m.•62 views

CVE-2016-1979

Use-after-free vulnerability in the PK11ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services NSS before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data...

9.2AI score0.02171EPSS
Exploits0References23
cvelist
cvelist
•added 2015/10/14 1:0 a.m.•62 views

CVE-2015-2482

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

8.2AI score0.32285EPSS
Exploits3References6
cvelist
cvelist
•added 2015/07/16 10:0 a.m.•62 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : IS...

4.7AI score0.04079EPSS
Exploits0References15
cvelist
cvelist
•added 2014/01/31 11:0 p.m.•62 views

CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

7.3AI score0.06353EPSS
Exploits0References15
cvelist
cvelist
•added 2013/09/13 6:0 p.m.•62 views

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

7.3AI score0.79003EPSS
Exploits5References7
cvelist
cvelist
•added 2013/09/13 6:0 p.m.•62 views

CVE-2013-4811

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code...

7.5AI score0.71293EPSS
Exploits6References4
cvelist
cvelist
•added 2013/07/22 7:0 p.m.•62 views

CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

9.8AI score0.12662EPSS
Exploits1References11
cvelist
cvelist
•added 2013/03/28 11:0 p.m.•62 views

CVE-2013-1861

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service crash via a crafted geometry feature that specifies a large number o...

5.4AI score0.18675EPSS
Exploits2References17
cvelist
cvelist
•added 2013/01/17 1:30 a.m.•62 views

CVE-2013-0389

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

4.4AI score0.02674EPSS
Exploits0References7
cvelist
cvelist
•added 2013/01/17 1:30 a.m.•62 views

CVE-2013-0368

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB...

4.4AI score0.02547EPSS
Exploits1References6
cvelist
cvelist
•added 2012/07/17 10:0 p.m.•62 views

CVE-2012-1689

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

4.4AI score0.037EPSS
Exploits0References10
cvelist
cvelist
•added 2012/05/03 10:0 p.m.•62 views

CVE-2012-1690

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703...

4.4AI score0.03305EPSS
Exploits0References10
cvelist
cvelist
•added 2011/10/05 10:0 p.m.•62 views

CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

6.6AI score0.90734EPSS
Exploits12References55
cvelist
cvelist
•added 2011/04/11 6:0 p.m.•62 views

CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

5.3AI score0.0453EPSS
Exploits1References8
cvelist
cvelist
•added 2009/09/04 10:0 a.m.•62 views

CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 7.0 allows remote authenticated users to cause a denial of service daemon crash via a list ls -R command containing a wildcard that references a subdirectory, followed by a .. dot dot, ak...

6AI score0.82265EPSS
Exploits9References5
Total number of security vulnerabilities5000