Lucene search
+L
CvelistMost viewed

366859 matches found

Cvelist
Cvelist
added 2019/04/20 2:5 p.m.61 views

CVE-2019-11373

An out-of-bounds read in FileAnalyze::GetL8 in FileAnalyzeBuffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash...

6.3AI score0.02503EPSS
Exploits1References12
Cvelist
Cvelist
added 2019/04/17 2:4 p.m.61 views

CVE-2019-10947

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks...

8.1AI score0.03666EPSS
Exploits0References10
Cvelist
Cvelist
added 2019/03/08 9:0 p.m.61 views

CVE-2019-1003030

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...

9.8AI score0.75594EPSS
Exploits4References4
Cvelist
Cvelist
added 2019/03/08 9:0 p.m.61 views

CVE-2019-1003029

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with...

9.8AI score0.73854EPSS
Exploits3References4
Cvelist
Cvelist
added 2019/02/26 7:0 p.m.61 views

CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector...

9.8AI score0.96633EPSS
Exploits11References5
Cvelist
Cvelist
added 2019/01/16 7:0 p.m.61 views

CVE-2019-2529

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

6.4AI score0.0461EPSS
Exploits0References9
Cvelist
Cvelist
added 2018/12/10 2:0 p.m.61 views

CVE-2018-1000865

A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy...

9AI score0.01639EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/10/17 1:0 a.m.61 views

CVE-2018-3282

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Storage Engines. Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network acce...

6AI score0.03968EPSS
Exploits0References13
Cvelist
Cvelist
added 2018/06/18 12:0 p.m.61 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

9.7AI score0.21375EPSS
Exploits1References7
Cvelist
Cvelist
added 2018/04/19 2:0 a.m.61 views

CVE-2018-2761

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

6AI score0.0401EPSS
Exploits0References17
Cvelist
Cvelist
added 2018/04/19 2:0 a.m.61 views

CVE-2018-2819

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.7AI score0.03171EPSS
Exploits0References17
Cvelist
Cvelist
added 2017/10/11 12:0 p.m.61 views

CVE-2013-6924

Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php...

9.9AI score0.15156EPSS
Exploits7References3
Cvelist
Cvelist
added 2017/06/15 1:0 a.m.61 views

CVE-2017-8529

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka...

6.3AI score0.14265EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/04/24 7:0 p.m.61 views

CVE-2017-3600

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple...

6.2AI score0.0264EPSS
Exploits0References9
Cvelist
Cvelist
added 2017/01/27 10:1 p.m.61 views

CVE-2017-3265

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Packaging. Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure...

5.6AI score0.0136EPSS
Exploits0References11
Cvelist
Cvelist
added 2016/12/13 4:0 p.m.61 views

CVE-2016-7440

The C software implementation of AES Encryption and Decryption in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences...

5.5AI score0.00304EPSS
Exploits0References6
Cvelist
Cvelist
added 2016/10/14 4:0 p.m.61 views

CVE-2005-4900

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is...

5.8AI score0.00938EPSS
Exploits0References11
Cvelist
Cvelist
added 2015/10/21 9:0 p.m.61 views

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB...

4.9AI score0.07451EPSS
Exploits0References13
Cvelist
Cvelist
added 2015/07/20 11:0 p.m.61 views

CVE-2015-3185

The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions ...

6.2AI score0.18795EPSS
Exploits0References35
Cvelist
Cvelist
added 2015/01/21 7:0 p.m.61 views

CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption...

6.6AI score0.10038EPSS
Exploits0References19
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.61 views

CVE-2014-6559

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING...

5.8AI score0.04634EPSS
Exploits0References9
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.61 views

CVE-2014-6494

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496...

6.6AI score0.04847EPSS
Exploits0References9
Cvelist
Cvelist
added 2014/10/15 3:15 p.m.61 views

CVE-2014-6469

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER...

5.7AI score0.04408EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.61 views

CVE-2014-2436

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR...

4.1AI score0.03667EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.61 views

CVE-2014-2438

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication...

4AI score0.03175EPSS
Exploits0References7
Cvelist
Cvelist
added 2014/04/16 2:5 a.m.61 views

CVE-2014-2430

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema...

4.1AI score0.03281EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/04/05 2:0 p.m.61 views

CVE-2014-2730

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory consumption and persistent application hang via a crafted XML document...

7AI score0.11538EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/10/16 3:0 p.m.61 views

CVE-2013-3839

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer...

4.2AI score0.0309EPSS
Exploits0References12
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.61 views

CVE-2013-3794

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition...

5AI score0.02711EPSS
Exploits0References8
Cvelist
Cvelist
added 2013/06/05 10:0 a.m.61 views

CVE-2013-3949

The posixspawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the POSIXSPAWNDISABLEASLR and POSIXSPAWNALLOWDATAEXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the...

5.8AI score0.00494EPSS
Exploits1References2
Cvelist
Cvelist
added 2013/05/29 10:0 a.m.61 views

CVE-2013-3666

The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge adb to establish a USB connection, dialing 3845973, modifying the WLAN Test Wi-Fi Ping Test/User Command...

7.7AI score0.00199EPSS
Exploits1References3
Cvelist
Cvelist
added 2013/01/31 9:0 p.m.61 views

CVE-2013-0230

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method...

7.8AI score0.69151EPSS
Exploits14References5
Cvelist
Cvelist
added 2013/01/17 1:30 a.m.61 views

CVE-2012-1705

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

4.4AI score0.02628EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/01/17 1:30 a.m.61 views

CVE-2013-0371

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM...

4.6AI score0.02547EPSS
Exploits1References6
Cvelist
Cvelist
added 2013/01/17 1:30 a.m.61 views

CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors...

4.6AI score0.02829EPSS
Exploits1References8
Cvelist
Cvelist
added 2011/04/18 6:0 p.m.61 views

CVE-2011-1168

Cross-site scripting XSS vulnerability in the KHTMLPart::htmlError function in khtml/khtmlpart.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site...

5.6AI score0.02673EPSS
Exploits2References18
Cvelist
Cvelist
added 2010/11/17 3:0 p.m.61 views

CVE-2010-4107

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers...

6.8AI score0.1313EPSS
Exploits14References9
Cvelist
Cvelist
added 2009/02/25 4:0 p.m.61 views

CVE-2009-0238

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a...

7.3AI score0.43063EPSS
Exploits4References11
Cvelist
Cvelist
added 2008/08/05 7:20 p.m.61 views

CVE-2008-3431

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \.\VBoxDrv device and...

6.3AI score0.06932EPSS
Exploits8References11
Cvelist
Cvelist
added 2005/02/06 5:0 a.m.61 views

CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the registerinstance method to register an object without a dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute...

6.9AI score0.05386EPSS
Exploits0References12
Cvelist
Cvelist
added 2005/01/20 5:0 a.m.61 views

CVE-2005-0004

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files...

5.9AI score0.00594EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 11:58 a.m.60 views

CVE-2026-53903 Insecure Direct Object Reference in MCO

MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...

5.3CVSS0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/14 3:23 a.m.60 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/08 5:45 a.m.60 views

CVE-2026-11493 Tenda AC15 Samba smb.conf weak password

A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etcro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A high complexity level ...

5CVSS0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/05 2:49 p.m.60 views

CVE-2026-9270 DataDog::DogStatsd versions through 0.07 for Perl allow metric injections

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The sendstats method does not remove newlines from metric names $stat variable, allowing attackers to change t...

0.00331EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 5:45 p.m.60 views

CVE-2026-45021 Kuma: Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS0.00204EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.60 views

CVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_run

In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m jobabort and devicerun Fix kernel panic caused by race condition where v4l2m2mctxrelease frees m2mctx while v4l2m2mtryrun is about to call devicerun with the same context. Race sequence:...

7.8CVSS0.00097EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/21 12:12 p.m.60 views

CVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked

In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...

0.00118EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/20 6:20 p.m.60 views

CVE-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

9.8CVSS0.84631EPSS
Exploits14References1
Cvelist
Cvelist
added 2026/05/20 1:25 a.m.60 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.00316EPSS
Exploits0References7
Total number of security vulnerabilities5000