Lucene search
K
CvelistMost viewed

364916 matches found

Cvelist
Cvelist
added 2024/07/15 7:28 p.m.53 views

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

9.8CVSS0.00995EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/10 8:21 p.m.53 views

CVE-2024-6151 Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS...

8.5CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/07 3:22 p.m.53 views

CVE-2024-6229 Stored XSS in stangirard/quivr

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...

6.8CVSS0.00341EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/03 12:26 p.m.53 views

CVE-2024-5672 Red Lion Europe: mbNET.mini vulnerable to OS command injection

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command...

7.2CVSS0.0122EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/07/02 3:57 p.m.53 views

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

6.5CVSS0.00856EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/24 4:39 p.m.53 views

CVE-2024-38369 XWiki programming rights may be inherited by inclusion

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to...

9.9CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/19 5:37 p.m.53 views

CVE-2024-36115 Stored Cross site scripting in Reposilite artifacts

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

7.1CVSS0.00783EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/18 2:37 a.m.53 views

CVE-2024-4375 Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied attribute. This...

6.4CVSS0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/14 12:0 a.m.53 views

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

0.04019EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/11 5:0 p.m.53 views

CVE-2024-30104 Microsoft Office Remote Code Execution Vulnerability

...

7.8CVSS0.01514EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/06 4:3 p.m.53 views

CVE-2024-37156 TokenController formName not sanitized in hidden input

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

6.1CVSS0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/04 1:46 p.m.53 views

CVE-2024-35782 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1...

6.5CVSS5.8AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/21 11:2 a.m.53 views

CVE-2024-4619 Elementor Website Builder – More than Just a Page Builder <= 3.21.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in versions up to, and including, 3.21.5 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/18 5:40 a.m.53 views

CVE-2024-3812 Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

7.5CVSS7.8AI score0.00632EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/17 2:2 p.m.53 views

CVE-2024-35834 xsk: recycle buffer in case Rx queue was full

In the Linux kernel, the following vulnerability has been resolved: xsk: recycle buffer in case Rx queue was full Add missing xskbufffree call when xskrcvzc failed to produce descriptor to XSK Rx queue...

6.6AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/17 1:45 p.m.53 views

CVE-2023-52664 net: atlantic: eliminate double free in error handling logic

In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aqringfree could be called multiple times on same ring, if system is under stress and got memory allocation...

6.6AI score0.00275EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/14 8:10 a.m.53 views

CVE-2024-28137 PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series

A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability...

7.8CVSS7.9AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/08 2:16 p.m.53 views

CVE-2024-34347 @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside th...

8.3CVSS8.5AI score0.00611EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/25 4:2 p.m.53 views

CVE-2023-6717 Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.8AI score0.00711EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.53 views

CVE-2024-2340 Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

5.3CVSS5.4AI score0.27997EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/04 11:0 p.m.53 views

CVE-2024-31211 Remote Code Execution in `WP_HTML_Token`

WordPress is an open publishing platform for the Web. Unserialization of instances of the WPHTMLToken class allows for code execution via its destruct magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected...

5.5CVSS6AI score0.0274EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/03/19 12:2 p.m.53 views

CVE-2024-2605

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

7.1AI score0.00583EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/15 7:25 p.m.53 views

CVE-2024-27920 Unsigned code template execution through workflows in projectdiscovery/nuclei

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

7.4CVSS7.7AI score0.00411EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.53 views

CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...

8.8CVSS8.9AI score0.03135EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.53 views

CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS8.8AI score0.00828EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/29 12:0 a.m.53 views

CVE-2024-24246

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::sharedcount function at /bits/sharedptrbase.h...

5.6AI score0.00436EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/02/27 12:0 a.m.54 views

CVE-2024-25399

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting XSS via adminer.php...

5.9AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/22 2:56 p.m.53 views

CVE-2024-26283

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...

6.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/20 12:0 a.m.53 views

CVE-2024-25260

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef function at readelf.c...

7.1AI score0.00304EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/02/07 2:39 a.m.53 views

CVE-2024-24810 WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been...

8.2CVSS8.5AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/23 1:54 p.m.53 views

CVE-2023-49783 No permission checks for editing/deleting records with CSV import form

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.8AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/09 7:18 p.m.53 views

CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault

jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

4.3CVSS7.5AI score0.00864EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/01/08 1:20 p.m.53 views

CVE-2024-21644 pyLoad unauthenticated flask configuration leakage

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

7.5CVSS7.7AI score0.42173EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/29 1:12 p.m.53 views

CVE-2023-51473 WordPress TerraClassifieds Plugin <= 2.0.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...

10CVSS9.7AI score0.00617EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.53 views

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

9.7AI score0.42162EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/13 12:0 a.m.53 views

CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

7.5AI score0.01372EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/12/01 10:10 p.m.53 views

CVE-2023-49281 Open Redirect in Login Function of Calendarinho

Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites,...

4.7CVSS6.3AI score0.00557EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/15 8:53 p.m.53 views

CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller use...

8.2CVSS9.5AI score0.00992EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/30 12:0 a.m.53 views

CVE-2023-47090

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is...

6.8AI score0.00662EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/25 7:18 p.m.53 views

CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution

Ingress nginx annotation injection causes arbitrary command execution...

7.6CVSS9.2AI score0.02234EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/16 7:39 p.m.53 views

CVE-2023-4388 EventON < 2.2 - Admin+ Stored XSS

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00402EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/10/11 9:4 p.m.53 views

CVE-2023-44190 Junos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerability

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded ...

6.1CVSS6.5AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/10 5:7 p.m.53 views

CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

...

7.8CVSS7.8AI score0.01034EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/10 1:12 p.m.53 views

CVE-2023-4966 Unauthenticated sensitive information disclosure

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

9.4CVSS9.3AI score0.99999EPSS
Exploits15References2
Cvelist
Cvelist
added 2023/10/06 12:0 a.m.53 views

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

5.5AI score0.00559EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/29 8:31 p.m.53 views

CVE-2023-5293 ECshop leancloud.php sql injection

A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

5.8CVSS7.1AI score0.00468EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/09/29 6:2 a.m.53 views

CVE-2023-3920 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

4.3CVSS5AI score0.00381EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/28 10:10 p.m.53 views

CVE-2023-43654 TorchServe Server-Side Request Forgery

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

10CVSS9.4AI score0.35256EPSS
Exploits6References4
Cvelist
Cvelist
added 2023/09/27 12:0 a.m.53 views

CVE-2023-43320

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component...

8.9AI score0.0099EPSS
Exploits3References4
Cvelist
Cvelist
added 2023/09/26 10:45 p.m.53 views

CVE-2023-42461 SQL injection in ITIL actors in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

6.5CVSS10AI score0.00899EPSS
Exploits0References1
Total number of security vulnerabilities5000