Lucene search
K
CvelistMost viewed

364911 matches found

Cvelist
Cvelist
•added 2026/03/15 11:2 p.m.•55 views

CVE-2026-4193 D-Link DIR-823G goahead UpdateClientInfo access control

A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function...

7.5CVSS0.0077EPSS
Exploits1References11
Cvelist
Cvelist
•added 2026/03/05 7:42 p.m.•55 views

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS0.00268EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/02/03 2:35 p.m.•55 views

CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...

0.00993EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/01/06 7:2 p.m.•55 views

CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.0236EPSS
Exploits1References6
Cvelist
Cvelist
•added 2025/12/11 7:11 a.m.•55 views

CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

6.5CVSS0.00524EPSS
Exploits0References21
Cvelist
Cvelist
•added 2025/11/30 12:0 a.m.•55 views

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

4.2CVSS0.00087EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/09/24 12:0 a.m.•55 views

CVE-2025-57350

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parserjsonarr...

0.00292EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/09/03 8:38 a.m.•55 views

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

0.00461EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/07/14 11:8 p.m.•55 views

CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...

9.9CVSS0.00525EPSS
Exploits1References4
Cvelist
Cvelist
•added 2025/05/19 7:28 p.m.•55 views

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

9.9CVSS0.00458EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/05/18 12:0 a.m.•55 views

CVE-2025-4844 FreeFloat FTP Server CD Command buffer overflow

A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...

7.5CVSS0.00588EPSS
Exploits1References4
Cvelist
Cvelist
•added 2025/05/02 9:54 a.m.•55 views

CVE-2025-0072 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Drive...

0.00356EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/05/01 11:0 p.m.•55 views

CVE-2025-4182 PCMan FTP Server BELL Command buffer overflow

A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...

7.5CVSS0.0062EPSS
Exploits1References4
Cvelist
Cvelist
•added 2025/01/31 12:2 a.m.•55 views

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

3.3CVSS0.00153EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/01/04 1:41 p.m.•55 views

CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

8.8CVSS0.00712EPSS
Exploits0References3
Cvelist
Cvelist
•added 2024/12/17 8:24 p.m.•55 views

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

4.6CVSS0.00326EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/11/18 4:1 p.m.•55 views

CVE-2024-52424 WordPress wp-login customizer plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through = 1.0...

7.1CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/11/15 5:37 p.m.•55 views

CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...

3.5CVSS0.00502EPSS
Exploits0References4
Cvelist
Cvelist
•added 2024/11/14 11:48 a.m.•55 views

CVE-2022-31669 Harbor fails to validate the user permissions when updating tag immutability policies

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

6.4CVSS0.00396EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/11/13 10:20 a.m.•55 views

CVE-2024-4741 Use After Free with SSL_free_buffers

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

0.02945EPSS
Exploits0References6
Cvelist
Cvelist
•added 2024/10/18 5:39 a.m.•55 views

CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS0.00631EPSS
Exploits1References1
Cvelist
Cvelist
•added 2024/10/15 3:56 p.m.•55 views

CVE-2024-48913 Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...

5.9CVSS0.00304EPSS
Exploits1References3
Cvelist
Cvelist
•added 2024/10/02 4:55 p.m.•55 views

CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

6.3CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/09/30 8:51 a.m.•55 views

CVE-2024-45772 Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

5.1CVSS0.00582EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/08/21 12:10 a.m.•55 views

CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via dofilpopen, permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much...

0.00242EPSS
Exploits1References8
Cvelist
Cvelist
•added 2024/08/19 2:44 p.m.•56 views

CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

8CVSS0.00902EPSS
Exploits1References2
Cvelist
Cvelist
•added 2024/08/15 6:48 p.m.•55 views

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

6.5CVSS0.00226EPSS
Exploits0References3
Cvelist
Cvelist
•added 2024/08/14 11:57 a.m.•55 views

CVE-2024-39397 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file whic...

9CVSS0.01096EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/08/09 12:37 a.m.•55 views

CVE-2024-4350 Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer

Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation. The Concrete CMS security team gave...

5.1CVSS0.00464EPSS
Exploits0References4
Cvelist
Cvelist
•added 2024/08/07 11:4 p.m.•55 views

CVE-2024-6707 Open WebUI Arbitrary File Upload + Path Traversal

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability...

0.01003EPSS
Exploits3References1
Cvelist
Cvelist
•added 2024/07/16 10:39 p.m.•55 views

CVE-2024-21140

...

4.8CVSS0.00879EPSS
Exploits0References2
Cvelist
Cvelist
•added 2024/07/16 4:43 p.m.•55 views

CVE-2024-6325 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by...

6CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/07/12 2:46 p.m.•55 views

CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename=

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

9.8CVSS0.23414EPSS
Exploits1References2
Cvelist
Cvelist
•added 2024/07/09 5:2 p.m.•55 views

CVE-2024-37324 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

...

8.8CVSS0.01554EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/07/08 3:57 p.m.•55 views

CVE-2024-23562 HCL Domino is susceptible to an information disclosure vulnerability

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...

5.3CVSS0.00475EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/07/05 1:40 p.m.•55 views

CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled

The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...

0.01772EPSS
Exploits0References4
Cvelist
Cvelist
•added 2024/07/02 8:9 p.m.•55 views

CVE-2024-39324 aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

3.8CVSS0.00425EPSS
Exploits0References5
Cvelist
Cvelist
•added 2024/07/01 2:17 p.m.•55 views

CVE-2024-23380 Use After Free in Graphics

Memory corruption while handling user packets during VBO bind operation...

8.4CVSS0.00154EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/06/20 10:16 p.m.•55 views

CVE-2024-38359 Lightning Network Daemon Onion Bomb

The Lightning Network Daemon lnd - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version v0.17.0 to be...

6.5CVSS0.00572EPSS
Exploits0References5
Cvelist
Cvelist
•added 2024/06/17 2:3 p.m.•55 views

CVE-2024-37158 Evmos is missing precompile checks

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...

3.5CVSS0.0044EPSS
Exploits0References2
Cvelist
Cvelist
•added 2024/06/11 5:0 p.m.•55 views

CVE-2024-30052 Visual Studio Remote Code Execution Vulnerability

...

4.7CVSS0.01354EPSS
Exploits1References1
Cvelist
Cvelist
•added 2024/06/05 12:45 p.m.•55 views

CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

6.1CVSS6AI score0.00637EPSS
Exploits0References2
Cvelist
Cvelist
•added 2024/06/04 8:31 a.m.•55 views

CVE-2024-4581 Slider Revolution <= 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting via Add Layer class, id, and title Attributes

The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes ...

6.4CVSS5.7AI score0.00279EPSS
Exploits0References2
Cvelist
Cvelist
•added 2024/05/30 3:35 p.m.•55 views

CVE-2024-36950 firewire: ohci: mask bus reset interrupts between ISR and bottom half

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until busresetwork has serviced and cleared the...

7.3AI score0.0026EPSS
Exploits0References8
Cvelist
Cvelist
•added 2024/05/30 3:29 p.m.•55 views

CVE-2024-36928 s390/qeth: Fix kernel panic after setting hsuid

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

6.4AI score0.0022EPSS
Exploits0References5
Cvelist
Cvelist
•added 2024/05/29 4:2 p.m.•55 views

CVE-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.3AI score0.00848EPSS
Exploits0References4
Cvelist
Cvelist
•added 2024/05/22 10:55 p.m.•55 views

CVE-2024-29850

Veeam Backup Enterprise Manager allows account takeover via NTLM relay...

8.8CVSS8.8AI score0.00809EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/05/21 3:3 p.m.•55 views

CVE-2021-47401 ipack: ipoctal: fix stack information leak

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space or triggering an oops. Driver...

6.1AI score0.00243EPSS
Exploits0References8
Cvelist
Cvelist
•added 2024/05/17 8:14 a.m.•55 views

CVE-2024-33644 WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9...

9.9CVSS9.7AI score0.01117EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/05/15 5:43 p.m.•55 views

CVE-2024-25743

In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES...

6.8AI score0.00247EPSS
Exploits0References3
Total number of security vulnerabilities5000