Lucene search
K
CvelistMost viewed

364847 matches found

Cvelist
Cvelist
•added 2020/03/12 1:3 p.m.•56 views

CVE-2020-10392

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-category.php by adding a question mark ? followed by the payload...

5AI score0.00733EPSS
Exploits2References2
Cvelist
Cvelist
•added 2020/02/17 2:53 p.m.•56 views

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

10AI score0.71728EPSS
Exploits5References5
Cvelist
Cvelist
•added 2020/01/15 4:34 p.m.•56 views

CVE-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

5.9CVSS5.8AI score0.03485EPSS
Exploits0References7
Cvelist
Cvelist
•added 2019/09/25 3:5 p.m.•56 views

CVE-2019-10418

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.6AI score0.01205EPSS
Exploits0References2
Cvelist
Cvelist
•added 2019/09/12 1:55 p.m.•56 views

CVE-2019-10400

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...

7.3AI score0.01047EPSS
Exploits0References2
Cvelist
Cvelist
•added 2019/09/05 6:31 p.m.•56 views

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...

8.9AI score0.79204EPSS
Exploits5References3
Cvelist
Cvelist
•added 2019/08/20 6:13 p.m.•56 views

CVE-2019-10745

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...

7.4AI score0.01142EPSS
Exploits1References1
Cvelist
Cvelist
•added 2019/07/15 6:56 p.m.•56 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation WCF and Windows Identity Foundation WIF, allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'...

7.9AI score0.06024EPSS
Exploits0References1
Cvelist
Cvelist
•added 2019/07/02 6:16 p.m.•56 views

CVE-2019-7257

Linear eMerge E3-Series devices allow Unrestricted File Upload...

9.6AI score0.69992EPSS
Exploits5References3
Cvelist
Cvelist
•added 2019/01/16 7:0 p.m.•56 views

CVE-2019-2503

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical...

6.5AI score0.02487EPSS
Exploits0References8
Cvelist
Cvelist
•added 2019/01/08 9:0 p.m.•56 views

CVE-2019-0555

An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows...

7.6AI score0.0243EPSS
Exploits2References3
Cvelist
Cvelist
•added 2018/09/21 1:0 p.m.•56 views

CVE-2018-14645

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpackvalididx resulted in a remote crash and denial of service...

7.5CVSS7.3AI score0.03009EPSS
Exploits0References5
Cvelist
Cvelist
•added 2018/08/20 8:0 p.m.•56 views

CVE-2018-1000226

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API /cobblerapi that can result in Privilege escalation, data manipulation or...

9.7AI score0.12484EPSS
Exploits0References2
Cvelist
Cvelist
•added 2018/07/18 1:0 p.m.•56 views

CVE-2018-3081

Vulnerability in the MySQL Client component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...

5.3AI score0.02444EPSS
Exploits0References11
Cvelist
Cvelist
•added 2018/04/19 2:0 a.m.•56 views

CVE-2018-2817

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.7AI score0.03171EPSS
Exploits0References17
Cvelist
Cvelist
•added 2018/02/09 11:0 p.m.•56 views

CVE-2018-1000021

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, or have their traffic modified in a...

8.6AI score0.01081EPSS
Exploits0References1
Cvelist
Cvelist
•added 2018/01/25 6:0 p.m.•56 views

CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...

6.5AI score0.00994EPSS
Exploits0References1
Cvelist
Cvelist
•added 2018/01/18 2:0 a.m.•56 views

CVE-2018-2562

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Partition. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocol...

6.8AI score0.03389EPSS
Exploits0References14
Cvelist
Cvelist
•added 2017/10/19 5:0 p.m.•56 views

CVE-2017-10378

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

6.4AI score0.03237EPSS
Exploits0References14
Cvelist
Cvelist
•added 2016/10/25 2:0 p.m.•56 views

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS...

5.7AI score0.06045EPSS
Exploits0References13
Cvelist
Cvelist
•added 2016/08/05 8:0 p.m.•56 views

CVE-2016-3822

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds access via crafted EXIF data, aka internal bug...

6.9AI score0.01267EPSS
Exploits0References4
Cvelist
Cvelist
•added 2016/04/21 10:0 a.m.•56 views

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer...

4.9AI score0.01226EPSS
Exploits0References11
Cvelist
Cvelist
•added 2015/10/21 11:0 p.m.•56 views

CVE-2015-4879

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML...

5.2AI score0.04172EPSS
Exploits0References13
Cvelist
Cvelist
•added 2015/07/16 10:0 a.m.•56 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer...

4.7AI score0.04328EPSS
Exploits0References15
Cvelist
Cvelist
•added 2015/05/01 12:0 a.m.•56 views

CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023...

7AI score0.99975EPSS
Exploits6References9
Cvelist
Cvelist
•added 2015/01/21 6:0 p.m.•56 views

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key...

6.1AI score0.03131EPSS
Exploits0References18
Cvelist
Cvelist
•added 2014/12/11 12:0 a.m.•56 views

CVE-2014-6363

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "VBScript Memory Corruption Vulnerability."...

8.7AI score0.28442EPSS
Exploits2References4
Cvelist
Cvelist
•added 2014/10/21 3:0 p.m.•56 views

CVE-2014-5005

Directory traversal vulnerability in ZOHO ManageEngine Desktop Central DC before 9 build 90055 allows remote attackers to execute arbitrary code via a .. dot dot in the fileName parameter in an LFU action to statusUpdate...

9.6AI score0.77848EPSS
Exploits12References5
Cvelist
Cvelist
•added 2014/10/15 10:3 p.m.•56 views

CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL...

6.5AI score0.03004EPSS
Exploits0References5
Cvelist
Cvelist
•added 2014/07/07 2:0 p.m.•57 views

CVE-2014-0034

The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...

6.6AI score0.07405EPSS
Exploits0References15
Cvelist
Cvelist
•added 2014/04/16 2:5 a.m.•56 views

CVE-2014-2440

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

4.5AI score0.04578EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/04/16 2:5 a.m.•56 views

CVE-2014-2431

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options...

4.3AI score0.04963EPSS
Exploits0References8
Cvelist
Cvelist
•added 2014/01/19 4:0 p.m.•56 views

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

8AI score0.07199EPSS
Exploits0References5
Cvelist
Cvelist
•added 2013/10/16 5:31 p.m.•56 views

CVE-2013-5807

Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication...

4.8AI score0.02182EPSS
Exploits0References9
Cvelist
Cvelist
•added 2013/08/28 5:18 p.m.•56 views

CVE-2013-2035

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

6.8AI score0.00594EPSS
Exploits1References18
Cvelist
Cvelist
•added 2013/04/17 2:0 p.m.•56 views

CVE-2013-2376

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure...

4.4AI score0.02214EPSS
Exploits0References5
Cvelist
Cvelist
•added 2013/04/17 12:10 p.m.•56 views

CVE-2013-1552

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

4.6AI score0.02224EPSS
Exploits0References5
Cvelist
Cvelist
•added 2013/02/22 12:0 a.m.•56 views

CVE-2012-5536

A certain Red Hat build of the pamsshagentauth module on Red Hat Enterprise Linux RHEL 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privilege...

6AI score0.00437EPSS
Exploits1References3
Cvelist
Cvelist
•added 2013/01/17 1:30 a.m.•56 views

CVE-2013-0367

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition...

4.4AI score0.02547EPSS
Exploits0References6
Cvelist
Cvelist
•added 2012/12/03 9:0 p.m.•56 views

CVE-2012-5858

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address...

6.5AI score0.0427EPSS
Exploits5References4
Cvelist
Cvelist
•added 2012/04/18 10:0 a.m.•56 views

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

6AI score0.00946EPSS
Exploits4References32
Cvelist
Cvelist
•added 2011/06/16 11:0 p.m.•56 views

CVE-2011-0319

Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122...

7.4AI score0.0441EPSS
Exploits0References2
Cvelist
Cvelist
•added 2010/08/11 6:0 p.m.•56 views

CVE-2010-2554

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL...

6.2AI score0.0192EPSS
Exploits7References2
Cvelist
Cvelist
•added 2010/05/27 6:32 p.m.•56 views

CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

5.5AI score0.01931EPSS
Exploits0References6
Cvelist
Cvelist
•added 2010/05/11 11:0 p.m.•56 views

CVE-2010-1481

Cross-site scripting XSS vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute...

5.2AI score0.00869EPSS
Exploits3References4
Cvelist
Cvelist
•added 2010/04/16 7:0 p.m.•56 views

CVE-2010-1161

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files...

6AI score0.00275EPSS
Exploits0References6
Cvelist
Cvelist
•added 2010/01/20 4:0 p.m.•56 views

CVE-2010-0361

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to cause a denial of service daemon crash and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request...

7.3AI score0.80521EPSS
Exploits20References1
Cvelist
Cvelist
•added 2009/10/29 2:0 p.m.•56 views

CVE-2009-3383

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

10AI score0.04338EPSS
Exploits1References6
Cvelist
Cvelist
•added 2009/03/19 10:0 a.m.•56 views

CVE-2009-0927

Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658...

8AI score0.96632EPSS
Exploits14References16
Cvelist
Cvelist
•added 2007/05/22 12:0 a.m.•56 views

CVE-2007-2788

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

7.8AI score0.18185EPSS
Exploits0References58
Total number of security vulnerabilities5000