Lucene search
K
NvdMost viewed

363781 matches found

NVD
NVD
added 2023/03/21 5:15 a.m.42 views

CVE-2023-1535

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

8.3CVSS5.6AI score0.00536EPSS
Exploits1References2
NVD
NVD
added 2023/03/20 4:15 p.m.42 views

CVE-2023-0340

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.8CVSS8.7AI score0.01047EPSS
Exploits1References1
NVD
NVD
added 2023/03/17 8:15 p.m.42 views

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS5.2AI score0.00552EPSS
Exploits0References4
NVD
NVD
added 2023/03/15 9:15 p.m.42 views

CVE-2023-27599

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...

7.5CVSS7.5AI score0.00971EPSS
Exploits0References3
NVD
NVD
added 2023/03/14 6:15 p.m.42 views

CVE-2023-27588

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...

7.5CVSS7.6AI score0.01302EPSS
Exploits0References6
NVD
NVD
added 2023/03/10 4:15 p.m.42 views

CVE-2021-33360

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...

9.8CVSS9.7AI score0.01127EPSS
Exploits1References2
NVD
NVD
added 2023/03/10 12:15 p.m.42 views

CVE-2023-1313

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1...

8.8CVSS7.4AI score0.00987EPSS
Exploits1References2
NVD
NVD
added 2023/02/25 8:15 a.m.42 views

CVE-2022-2024

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

9.8CVSS9.8AI score0.97839EPSS
Exploits1References2
NVD
NVD
added 2023/02/15 7:15 p.m.42 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS3.9AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2023/02/13 3:15 p.m.42 views

CVE-2022-40022

Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...

9.8CVSS9.8AI score0.92472EPSS
Exploits3References5
NVD
NVD
added 2023/02/12 4:15 a.m.42 views

CVE-2022-47346

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services...

5.5CVSS5.3AI score0.00092EPSS
Exploits0References1
NVD
NVD
added 2023/02/12 4:15 a.m.42 views

CVE-2022-38657

An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page...

8.2CVSS8.2AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2023/02/11 1:23 a.m.42 views

CVE-2022-34447

PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user...

7.2CVSS7.4AI score0.01657EPSS
Exploits0References1
NVD
NVD
added 2023/02/09 7:15 p.m.42 views

CVE-2023-21441

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q10, 3.1.21.10 in Android R11 and 3.5.2.23 in Android S12 allows local attacker to access protected files via unused code...

7.4CVSS7.1AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2023/02/09 2:15 p.m.42 views

CVE-2023-0759

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8...

8.8CVSS6.2AI score0.00344EPSS
Exploits1References2
NVD
NVD
added 2023/02/09 12:16 a.m.42 views

CVE-2023-25168

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

9.6CVSS9.3AI score0.00956EPSS
Exploits0References3
NVD
NVD
added 2023/02/08 7:15 p.m.42 views

CVE-2022-45527

File upload vulnerability in Future-Depth Institutional Management Website IMS 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory...

9.8CVSS9.4AI score0.00872EPSS
Exploits1References1
NVD
NVD
added 2023/02/08 2:15 a.m.42 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References4
NVD
NVD
added 2023/02/03 10:15 p.m.42 views

CVE-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

5.3CVSS5.1AI score0.00452EPSS
Exploits0References1
NVD
NVD
added 2023/02/03 10:15 p.m.42 views

CVE-2022-23498

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...

8.8CVSS7.7AI score0.01132EPSS
Exploits1References2
NVD
NVD
added 2023/01/28 12:15 a.m.42 views

CVE-2023-23624

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

5.3CVSS4.6AI score0.0059EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 10:15 p.m.42 views

CVE-2022-39045

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.4AI score0.03697EPSS
Exploits1References2
NVD
NVD
added 2023/01/26 9:18 p.m.42 views

CVE-2023-24426

Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...

8.8CVSS8.8AI score0.01018EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 6:59 p.m.42 views

CVE-2022-40718

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

8.8CVSS8.9AI score0.00623EPSS
Exploits0References2
NVD
NVD
added 2023/01/14 1:15 a.m.42 views

CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

8.8CVSS8.9AI score0.00938EPSS
Exploits2References2
NVD
NVD
added 2023/01/13 5:15 a.m.42 views

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

9.8CVSS8.3AI score0.01477EPSS
Exploits0References4
NVD
NVD
added 2023/01/11 8:15 p.m.42 views

CVE-2023-22492

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References3
NVD
NVD
added 2023/01/09 8:15 a.m.42 views

CVE-2022-33265

Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device...

9.8CVSS7.8AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2022/12/29 12:15 a.m.42 views

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

9.8CVSS0.01194EPSS
Exploits0References1
NVD
NVD
added 2022/12/26 5:15 a.m.42 views

CVE-2022-24118

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6...

9.1CVSS0.00631EPSS
Exploits0References1
NVD
NVD
added 2022/12/26 2:15 a.m.42 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS0.00538EPSS
Exploits2References2
NVD
NVD
added 2022/12/22 8:15 p.m.42 views

CVE-2022-34481

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS0.00776EPSS
Exploits0References4
NVD
NVD
added 2022/12/19 4:15 p.m.42 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
added 2022/12/15 7:15 p.m.42 views

CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS0.00533EPSS
Exploits1References2
NVD
NVD
added 2022/12/13 4:15 p.m.42 views

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

8.1CVSS0.00691EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 4:15 p.m.42 views

CVE-2022-44731

A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...

5.4CVSS0.00532EPSS
Exploits0References1
NVD
NVD
added 2022/12/09 9:15 p.m.42 views

CVE-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

8.8CVSS0.01406EPSS
Exploits1References2
NVD
NVD
added 2022/12/02 8:15 p.m.42 views

CVE-2022-2641

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...

9.8CVSS0.00542EPSS
Exploits0References1
NVD
NVD
added 2022/12/01 6:15 p.m.42 views

CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...

7.2CVSS0.01747EPSS
Exploits0References1
NVD
NVD
added 2022/11/30 7:15 p.m.42 views

CVE-2022-23746

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender SNX. If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords...

7.5CVSS0.00591EPSS
Exploits0References1
NVD
NVD
added 2022/11/25 7:15 p.m.42 views

CVE-2022-41926

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are...

5.5CVSS0.00267EPSS
Exploits0References3
NVD
NVD
added 2022/11/22 7:15 p.m.42 views

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

7.9CVSS0.01516EPSS
Exploits0References2
NVD
NVD
added 2022/11/18 10:15 p.m.42 views

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

7.5CVSS0.0043EPSS
Exploits1References3
NVD
NVD
added 2022/11/08 11:15 a.m.42 views

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

6.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.42 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS0.01011EPSS
Exploits0References2
NVD
NVD
added 2022/10/25 9:15 p.m.42 views

CVE-2022-33180

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...

5.5CVSS0.00212EPSS
Exploits0References2
NVD
NVD
added 2022/10/20 11:15 a.m.42 views

CVE-2022-37298

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...

9.8CVSS0.01991EPSS
Exploits2References2
NVD
NVD
added 2022/10/19 10:15 p.m.42 views

CVE-2022-31684

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS0.00604EPSS
Exploits0References1
NVD
NVD
added 2022/10/14 3:15 p.m.42 views

CVE-2022-28762

Zoom Client for Meetings for macOS Standard and for IT Admin starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the...

7.8CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2022/10/13 1:15 a.m.42 views

CVE-2022-40187

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework TCF service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless acce...

8CVSS0.00757EPSS
Exploits1References4
Total number of security vulnerabilities5000