Lucene search
K
NvdMost viewed

364619 matches found

NVD
NVD
added 2022/11/14 9:15 p.m.68 views

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

9.8CVSS0.49201EPSS
Exploits3References4
NVD
NVD
added 2022/10/06 6:16 p.m.68 views

CVE-2022-39273

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

7.5CVSS0.0067EPSS
Exploits0References3
NVD
NVD
added 2021/10/12 11:15 p.m.68 views

CVE-2021-20031

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains...

6.1CVSS0.13041EPSS
Exploits4References2
NVD
NVD
added 2021/08/31 5:15 p.m.68 views

CVE-2021-35212

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user...

9CVSS0.01642EPSS
Exploits0References4
NVD
NVD
added 2020/05/18 10:15 p.m.68 views

CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet...

6.5CVSS6.3AI score0.03118EPSS
Exploits1References2
NVD
NVD
added 2019/07/19 7:15 a.m.68 views

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=...

5.4CVSS5.3AI score0.01505EPSS
Exploits5References2
NVD
NVD
added 2009/09/01 6:30 p.m.68 views

CVE-2009-3042

SQL injection vulnerability in machine.php in Open Computer and Software OCS Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040...

7.5CVSS8.2AI score0.02958EPSS
Exploits0References5
NVD
NVD
added 2026/05/12 3:16 a.m.67 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/05/10 1:16 p.m.67 views

CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

8.8CVSS0.00638EPSS
Exploits0References4
NVD
NVD
added 2025/12/19 9:15 p.m.67 views

CVE-2023-53950

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS0.00559EPSS
Exploits0References3
NVD
NVD
added 2025/10/16 6:15 p.m.67 views

CVE-2025-62412

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...

4.8CVSS0.00252EPSS
Exploits1References2
NVD
NVD
added 2025/09/05 10:15 p.m.67 views

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

5.3CVSS0.00398EPSS
Exploits0References7
NVD
NVD
added 2025/08/12 6:15 p.m.67 views

CVE-2025-49736

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS0.0046EPSS
Exploits0References1
NVD
NVD
added 2025/07/09 4:15 p.m.67 views

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS0.00196EPSS
Exploits0References2
NVD
NVD
added 2025/05/26 7:15 a.m.67 views

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

6.3CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 7:15 p.m.67 views

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS0.01151EPSS
Exploits0References1
NVD
NVD
added 2025/01/06 3:15 p.m.67 views

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...

7.5CVSS0.00535EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 6:15 p.m.67 views

CVE-2024-12792

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

9.8CVSS0.00624EPSS
Exploits1References4
NVD
NVD
added 2024/11/18 10:15 p.m.67 views

CVE-2024-52342

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Offshorent Solutions Pvt Ltd OS BXSlider os-bxslider allows Stored XSS.This issue affects OS BXSlider: from n/a through = 2.6...

6.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 6:15 p.m.67 views

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability...

8.8CVSS0.13719EPSS
Exploits1References2
NVD
NVD
added 2024/09/12 1:15 p.m.67 views

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/08/26 9:15 p.m.67 views

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

8.8CVSS0.0019EPSS
Exploits0References1
NVD
NVD
added 2024/08/24 6:15 p.m.67 views

CVE-2024-8131

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by thi...

9.8CVSS0.08208EPSS
Exploits1References6
NVD
NVD
added 2024/08/06 5:15 a.m.67 views

CVE-2024-7506

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely...

8.8CVSS0.00688EPSS
Exploits1References4
NVD
NVD
added 2024/07/15 8:15 p.m.67 views

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

9.8CVSS0.00995EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 5:15 p.m.67 views

CVE-2024-20701

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01611EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 4:15 p.m.67 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

4.7CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2024/06/21 10:15 a.m.67 views

CVE-2024-31890

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171...

7.8CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 5:15 p.m.67 views

CVE-2023-24204

SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php...

5.4CVSS8.2AI score0.00639EPSS
Exploits2References3
NVD
NVD
added 2024/05/07 11:15 p.m.67 views

CVE-2023-37325

D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The...

5.4CVSS5.5AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2024/04/27 10:15 p.m.67 views

CVE-2024-33851

phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library...

4.3CVSS6.3AI score0.00408EPSS
Exploits0References1
NVD
NVD
added 2024/03/26 9:15 p.m.67 views

CVE-2023-48777

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1...

9.9CVSS9.5AI score0.041EPSS
Exploits3References1
NVD
NVD
added 2024/03/21 10:15 p.m.67 views

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...

8.8CVSS9.2AI score0.01381EPSS
Exploits1References2
NVD
NVD
added 2024/02/22 4:15 p.m.67 views

CVE-2023-51653

Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...

9.8CVSS9.9AI score0.02131EPSS
Exploits1References2
NVD
NVD
added 2023/10/03 12:15 p.m.67 views

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References10
NVD
NVD
added 2023/09/27 3:19 p.m.67 views

CVE-2023-4506

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...

6.5CVSS4.4AI score0.00721EPSS
Exploits2References4
NVD
NVD
added 2023/09/06 9:15 p.m.67 views

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

5.4CVSS5.1AI score0.00469EPSS
Exploits0References3
NVD
NVD
added 2023/02/21 3:15 p.m.67 views

CVE-2023-0934

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.4AI score0.00393EPSS
Exploits1References2
NVD
NVD
added 2022/12/28 7:15 p.m.67 views

CVE-2022-23553

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

7.5CVSS0.0084EPSS
Exploits0References3
NVD
NVD
added 2022/12/13 4:15 p.m.67 views

CVE-2022-20486

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2022/09/08 12:15 a.m.67 views

CVE-2022-38531

FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function...

8.8CVSS0.0188EPSS
Exploits1References1
NVD
NVD
added 2022/08/23 4:15 p.m.67 views

CVE-2022-37112

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php...

9.8CVSS0.00761EPSS
Exploits1References1
NVD
NVD
added 2022/06/09 8:15 p.m.67 views

CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

7.5CVSS0.01392EPSS
Exploits0References4
NVD
NVD
added 2022/01/12 7:15 p.m.67 views

CVE-2021-43960

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title,...

4.8CVSS0.00592EPSS
Exploits1References2
NVD
NVD
added 2021/11/10 11:15 p.m.67 views

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

9.8CVSS0.03815EPSS
Exploits3References3
NVD
NVD
added 2021/10/11 11:15 a.m.67 views

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

5.4CVSS0.00399EPSS
Exploits2References1
NVD
NVD
added 2021/05/19 11:15 a.m.67 views

CVE-2021-20589

Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver versions 01.19.000 through 01.38.000 and GT21 model...

7.5CVSS0.01476EPSS
Exploits0References2
NVD
NVD
added 2021/04/23 7:15 p.m.67 views

CVE-2021-20083

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...

8.8CVSS0.04186EPSS
Exploits2References4
NVD
NVD
added 2021/02/26 5:15 p.m.67 views

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...

6.5CVSS0.01177EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 a.m.66 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS0.00352EPSS
Exploits0References3
Total number of security vulnerabilities5000