Lucene search
K
NvdMost viewed

363815 matches found

NVD
NVD
added 2023/05/08 9:15 p.m.42 views

CVE-2023-31133

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

7.5CVSS7.5AI score0.45713EPSS
Exploits0References3
NVD
NVD
added 2023/05/02 3:15 p.m.42 views

CVE-2023-2479

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...

9.8CVSS9.8AI score0.22014EPSS
Exploits2References2
NVD
NVD
added 2023/04/27 9:15 a.m.42 views

CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

9.8CVSS9.9AI score0.0542EPSS
Exploits1References1
NVD
NVD
added 2023/04/19 12:15 a.m.42 views

CVE-2023-30555

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the explain method in sqloptimize.py. User input coming from the dbname...

6.5CVSS6.8AI score0.00835EPSS
Exploits1References1
NVD
NVD
added 2023/04/19 12:15 a.m.42 views

CVE-2023-29517

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user...

7.5CVSS7.5AI score0.0101EPSS
Exploits1References4
NVD
NVD
added 2023/04/18 1:15 p.m.42 views

CVE-2022-45838

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

6.1CVSS5.8AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 10:15 p.m.42 views

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS5.2AI score0.00812EPSS
Exploits0References3
NVD
NVD
added 2023/04/05 2:15 p.m.42 views

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...

5.4CVSS5.1AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2023/03/27 4:15 p.m.42 views

CVE-2023-0395

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00462EPSS
Exploits2References1
NVD
NVD
added 2023/03/21 10:15 p.m.42 views

CVE-2023-26497

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute...

9.8CVSS9.3AI score0.24266EPSS
Exploits0References3
NVD
NVD
added 2023/03/21 5:15 a.m.42 views

CVE-2023-1539

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6...

5.3CVSS5.3AI score0.00614EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 a.m.42 views

CVE-2023-1535

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

8.3CVSS5.6AI score0.00536EPSS
Exploits1References2
NVD
NVD
added 2023/03/20 4:15 p.m.42 views

CVE-2023-0340

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.8CVSS8.7AI score0.01047EPSS
Exploits1References1
NVD
NVD
added 2023/03/17 8:15 p.m.42 views

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS5.2AI score0.00552EPSS
Exploits0References4
NVD
NVD
added 2023/03/15 9:15 p.m.42 views

CVE-2023-27599

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...

7.5CVSS7.5AI score0.00971EPSS
Exploits0References3
NVD
NVD
added 2023/03/14 6:15 p.m.42 views

CVE-2023-27588

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...

7.5CVSS7.6AI score0.01302EPSS
Exploits0References6
NVD
NVD
added 2023/03/10 4:15 p.m.42 views

CVE-2021-33360

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...

9.8CVSS9.7AI score0.01127EPSS
Exploits1References2
NVD
NVD
added 2023/03/10 12:15 p.m.42 views

CVE-2023-1313

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1...

8.8CVSS7.4AI score0.00987EPSS
Exploits1References2
NVD
NVD
added 2023/02/25 8:15 a.m.42 views

CVE-2022-2024

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

9.8CVSS9.8AI score0.97839EPSS
Exploits1References2
NVD
NVD
added 2023/02/15 7:15 p.m.42 views

CVE-2023-23847

A cross-site request forgery CSRF vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

3.5CVSS3.9AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2023/02/13 3:15 p.m.42 views

CVE-2022-40022

Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...

9.8CVSS9.8AI score0.92472EPSS
Exploits3References5
NVD
NVD
added 2023/02/12 4:15 a.m.42 views

CVE-2022-47346

In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services...

5.5CVSS5.3AI score0.00092EPSS
Exploits0References1
NVD
NVD
added 2023/02/12 4:15 a.m.42 views

CVE-2022-38657

An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page...

8.2CVSS8.2AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2023/02/11 1:23 a.m.42 views

CVE-2022-34447

PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user...

7.2CVSS7.4AI score0.01657EPSS
Exploits0References1
NVD
NVD
added 2023/02/09 7:15 p.m.42 views

CVE-2023-21441

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q10, 3.1.21.10 in Android R11 and 3.5.2.23 in Android S12 allows local attacker to access protected files via unused code...

7.4CVSS7.1AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2023/02/09 2:15 p.m.42 views

CVE-2023-0759

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8...

8.8CVSS6.2AI score0.00344EPSS
Exploits1References2
NVD
NVD
added 2023/02/09 12:16 a.m.42 views

CVE-2023-25168

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

9.6CVSS9.3AI score0.00956EPSS
Exploits0References3
NVD
NVD
added 2023/02/08 7:15 p.m.42 views

CVE-2022-45527

File upload vulnerability in Future-Depth Institutional Management Website IMS 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory...

9.8CVSS9.4AI score0.00872EPSS
Exploits1References1
NVD
NVD
added 2023/02/08 2:15 a.m.42 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References4
NVD
NVD
added 2023/02/03 10:15 p.m.42 views

CVE-2023-23615

Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments ...

5.3CVSS5.1AI score0.00452EPSS
Exploits0References1
NVD
NVD
added 2023/02/03 10:15 p.m.42 views

CVE-2022-23498

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including grafanasession. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the...

8.8CVSS7.7AI score0.01132EPSS
Exploits1References2
NVD
NVD
added 2023/01/28 12:15 a.m.42 views

CVE-2023-23624

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

5.3CVSS4.6AI score0.0059EPSS
Exploits0References3
NVD
NVD
added 2023/01/28 12:15 a.m.42 views

CVE-2023-23627

Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS cross-site...

6.1CVSS6.2AI score0.00525EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 10:15 p.m.42 views

CVE-2022-39045

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.4AI score0.03697EPSS
Exploits1References2
NVD
NVD
added 2023/01/26 9:18 p.m.42 views

CVE-2023-24426

Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...

8.8CVSS8.8AI score0.01018EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 6:59 p.m.42 views

CVE-2022-40718

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

8.8CVSS8.9AI score0.00623EPSS
Exploits0References2
NVD
NVD
added 2023/01/14 1:15 a.m.42 views

CVE-2023-22853

Tiki before 24.1, when featurecreatewebhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval...

8.8CVSS8.9AI score0.00938EPSS
Exploits2References2
NVD
NVD
added 2023/01/13 5:15 a.m.42 views

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

9.8CVSS8.3AI score0.01477EPSS
Exploits0References4
NVD
NVD
added 2023/01/11 8:15 p.m.42 views

CVE-2023-22492

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References3
NVD
NVD
added 2023/01/09 8:15 a.m.42 views

CVE-2022-33265

Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device...

9.8CVSS7.8AI score0.0036EPSS
Exploits0References1
NVD
NVD
added 2022/12/29 12:15 a.m.42 views

CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected...

9.8CVSS0.01194EPSS
Exploits0References1
NVD
NVD
added 2022/12/26 5:15 a.m.42 views

CVE-2022-24118

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6...

9.1CVSS0.00631EPSS
Exploits0References1
NVD
NVD
added 2022/12/26 2:15 a.m.42 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS0.00538EPSS
Exploits2References2
NVD
NVD
added 2022/12/22 8:15 p.m.42 views

CVE-2022-34481

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS0.00776EPSS
Exploits0References4
NVD
NVD
added 2022/12/19 4:15 p.m.42 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
added 2022/12/15 7:15 p.m.42 views

CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS0.00533EPSS
Exploits1References2
NVD
NVD
added 2022/12/13 4:15 p.m.42 views

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

8.1CVSS0.00691EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 4:15 p.m.42 views

CVE-2022-44731

A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...

5.4CVSS0.00532EPSS
Exploits0References1
NVD
NVD
added 2022/12/09 9:15 p.m.42 views

CVE-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

8.8CVSS0.01406EPSS
Exploits1References2
NVD
NVD
added 2022/12/02 8:15 p.m.42 views

CVE-2022-2641

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...

9.8CVSS0.00542EPSS
Exploits0References1
Total number of security vulnerabilities5000