Lucene search
K
NvdMost viewed

363875 matches found

NVD
NVD
added 2023/07/06 3:15 p.m.42 views

CVE-2023-25091

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.0146EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.42 views

CVE-2023-22844

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

9.8CVSS8.5AI score0.00759EPSS
Exploits1References2
NVD
NVD
added 2023/07/03 9:15 p.m.42 views

CVE-2020-22597

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecmabuiltinarrayprototypeobjectslice parameter...

9.8CVSS9.7AI score0.01314EPSS
Exploits1References1
NVD
NVD
added 2023/06/29 10:15 a.m.42 views

CVE-2023-22886

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.8CVSS8.6AI score0.01518EPSS
Exploits0References1
NVD
NVD
added 2023/06/26 7:15 p.m.42 views

CVE-2020-23064

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.6AI score
Exploits5
NVD
NVD
added 2023/06/26 4:15 p.m.42 views

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

5.4CVSS5AI score0.00965EPSS
Exploits2References3
NVD
NVD
added 2023/06/23 11:15 a.m.42 views

CVE-2023-28060

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

6.7CVSS5.3AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2023/06/18 9:15 a.m.42 views

CVE-2023-3308

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

8.8CVSS6.5AI score0.01115EPSS
Exploits1References3
NVD
NVD
added 2023/06/14 5:15 p.m.42 views

CVE-2022-31641

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

7CVSS7.6AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2023/06/14 4:15 p.m.42 views

CVE-2023-34868

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the parserparseforstatementstart at jerry-core/parser/js/js-parser-statm.c...

7.5CVSS7.5AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2023/06/13 9:15 a.m.42 views

CVE-2023-25910

A vulnerability has been identified in SIMATIC PCS 7 All versions V9.1 SP2 UC04, SIMATIC S7-PM All versions V5.7 SP1 HF1, SIMATIC S7-PM All versions V5.7 SP2 HF1, SIMATIC STEP 7 V5 All versions V5.7. The affected product contains a database management system that could allow remote users with low...

10CVSS9.4AI score0.01EPSS
Exploits0References2
NVD
NVD
added 2023/06/09 9:15 p.m.42 views

CVE-2023-3187

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to...

6.5CVSS6.4AI score0.02556EPSS
Exploits4References3
NVD
NVD
added 2023/06/09 6:15 p.m.42 views

CVE-2023-34245

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

8.1CVSS8AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2023/05/28 11:15 p.m.42 views

CVE-2023-31873

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require'childprocess'...

7.8CVSS7.8AI score0.01349EPSS
Exploits4References1
NVD
NVD
added 2023/05/25 9:15 a.m.42 views

CVE-2023-2881

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

6.7CVSS5.4AI score0.00547EPSS
Exploits0References2
NVD
NVD
added 2023/05/21 9:15 p.m.42 views

CVE-2023-33251

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

5.5CVSS6AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2023/05/15 8:15 p.m.42 views

CVE-2023-32313

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

5.3CVSS5.7AI score0.0079EPSS
Exploits0References4
NVD
NVD
added 2023/05/12 4:15 p.m.42 views

CVE-2023-25958

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Justin Saad Simple Tooltips plugin = 2.1.4 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/05/12 1:15 a.m.42 views

CVE-2023-2666

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16...

7.5CVSS6.8AI score0.00681EPSS
Exploits0References2
NVD
NVD
added 2023/05/11 9:15 p.m.42 views

CVE-2023-32058

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

7.5CVSS7.6AI score0.00913EPSS
Exploits1References2
NVD
NVD
added 2023/05/08 9:15 p.m.42 views

CVE-2023-31133

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

7.5CVSS7.5AI score0.45713EPSS
Exploits0References3
NVD
NVD
added 2023/05/02 3:15 p.m.42 views

CVE-2023-2479

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...

9.8CVSS9.8AI score0.22014EPSS
Exploits2References2
NVD
NVD
added 2023/04/27 9:15 a.m.42 views

CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

9.8CVSS9.9AI score0.0542EPSS
Exploits1References1
NVD
NVD
added 2023/04/19 12:15 a.m.42 views

CVE-2023-30555

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...

6.5CVSS6.8AI score0.00835EPSS
Exploits1References1
NVD
NVD
added 2023/04/19 12:15 a.m.42 views

CVE-2023-29517

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user...

7.5CVSS7.5AI score0.0101EPSS
Exploits1References4
NVD
NVD
added 2023/04/18 1:15 p.m.42 views

CVE-2022-45838

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

6.1CVSS5.8AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 10:15 p.m.42 views

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS5.2AI score0.00812EPSS
Exploits0References3
NVD
NVD
added 2023/04/05 2:15 p.m.42 views

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...

5.4CVSS5.1AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2023/03/27 4:15 p.m.42 views

CVE-2023-0395

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00462EPSS
Exploits2References1
NVD
NVD
added 2023/03/21 10:15 p.m.42 views

CVE-2023-26497

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute...

9.8CVSS9.3AI score0.24266EPSS
Exploits0References3
NVD
NVD
added 2023/03/21 5:15 a.m.42 views

CVE-2023-1539

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6...

5.3CVSS5.3AI score0.00614EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 a.m.42 views

CVE-2023-1535

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

8.3CVSS5.6AI score0.00536EPSS
Exploits1References2
NVD
NVD
added 2023/03/20 4:15 p.m.42 views

CVE-2023-0340

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.8CVSS8.7AI score0.01047EPSS
Exploits1References1
NVD
NVD
added 2023/03/15 9:15 p.m.42 views

CVE-2023-27599

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...

7.5CVSS7.5AI score0.00971EPSS
Exploits0References3
NVD
NVD
added 2023/03/14 6:15 p.m.42 views

CVE-2023-27588

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...

7.5CVSS7.6AI score0.01302EPSS
Exploits0References6
NVD
NVD
added 2023/03/10 4:15 p.m.42 views

CVE-2021-33360

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...

9.8CVSS9.7AI score0.01127EPSS
Exploits1References2
NVD
NVD
added 2023/03/10 12:15 p.m.42 views

CVE-2023-1313

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1...

8.8CVSS7.4AI score0.00987EPSS
Exploits1References2
NVD
NVD
added 2023/02/25 8:15 a.m.42 views

CVE-2022-2024

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

9.8CVSS9.8AI score0.97839EPSS
Exploits1References2
NVD
NVD
added 2023/02/15 7:15 p.m.42 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS3.9AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2023/02/13 3:15 p.m.42 views

CVE-2022-40022

Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...

9.8CVSS9.8AI score0.92472EPSS
Exploits3References5
NVD
NVD
added 2023/02/12 4:15 a.m.42 views

CVE-2022-47346

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services...

5.5CVSS5.3AI score0.00092EPSS
Exploits0References1
NVD
NVD
added 2023/02/12 4:15 a.m.42 views

CVE-2022-38657

An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page...

8.2CVSS8.2AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2023/02/11 1:23 a.m.42 views

CVE-2022-34447

PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user...

7.2CVSS7.4AI score0.01657EPSS
Exploits0References1
NVD
NVD
added 2023/02/09 7:15 p.m.42 views

CVE-2023-21441

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q10, 3.1.21.10 in Android R11 and 3.5.2.23 in Android S12 allows local attacker to access protected files via unused code...

7.4CVSS7.1AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2023/02/09 2:15 p.m.42 views

CVE-2023-0759

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8...

8.8CVSS6.2AI score0.00344EPSS
Exploits1References2
NVD
NVD
added 2023/02/09 12:16 a.m.42 views

CVE-2023-25168

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

9.6CVSS9.3AI score0.00956EPSS
Exploits0References3
NVD
NVD
added 2023/02/08 7:15 p.m.42 views

CVE-2022-45527

File upload vulnerability in Future-Depth Institutional Management Website IMS 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory...

9.8CVSS9.4AI score0.00872EPSS
Exploits1References1
NVD
NVD
added 2023/02/08 2:15 a.m.42 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References4
NVD
NVD
added 2023/02/03 10:15 p.m.42 views

CVE-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

5.3CVSS5.1AI score0.00452EPSS
Exploits0References1
NVD
NVD
added 2023/02/03 10:15 p.m.42 views

CVE-2022-23498

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...

8.8CVSS7.7AI score0.01132EPSS
Exploits1References2
Total number of security vulnerabilities5000