Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2022/12/26 2:15 a.m.42 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS0.00538EPSS
Exploits2References2
NVD
NVD
added 2022/12/22 8:15 p.m.42 views

CVE-2022-34481

In the nsTArrayImpl::ReplaceElementsAt function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS0.00776EPSS
Exploits0References4
NVD
NVD
added 2022/12/19 4:15 p.m.42 views

CVE-2022-31683

Concourse 7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9 contains an authorization bypass issue. A Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
added 2022/12/15 7:15 p.m.42 views

CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS0.00533EPSS
Exploits1References2
NVD
NVD
added 2022/12/13 4:15 p.m.42 views

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

8.1CVSS0.00691EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 4:15 p.m.42 views

CVE-2022-44731

A vulnerability has been identified in SIMATIC WinCC OA V3.15 All versions V3.15 P038, SIMATIC WinCC OA V3.16 All versions V3.16 P035, SIMATIC WinCC OA V3.17 All versions V3.17 P024, SIMATIC WinCC OA V3.18 All versions V3.18 P014. The affected component allows to inject custom arguments to the...

5.4CVSS0.00532EPSS
Exploits0References1
NVD
NVD
added 2022/12/09 9:15 p.m.42 views

CVE-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

8.8CVSS0.01406EPSS
Exploits1References2
NVD
NVD
added 2022/12/07 9:15 p.m.42 views

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

7.5CVSS0.00689EPSS
Exploits0References1
NVD
NVD
added 2022/12/02 8:15 p.m.42 views

CVE-2022-2641

Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...

9.8CVSS0.00542EPSS
Exploits0References1
NVD
NVD
added 2022/12/01 6:15 p.m.42 views

CVE-2022-3226

An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...

7.2CVSS0.01747EPSS
Exploits0References1
NVD
NVD
added 2022/11/25 7:15 p.m.42 views

CVE-2022-41926

Nextcould talk android is the android OS implementation of the nextcloud talk chat system. In affected versions the receiver is not protected by broadcastPermission allowing malicious apps to monitor communication. It is recommended that the Nextcloud Talk Android is upgraded to 14.1.0. There are...

5.5CVSS0.00267EPSS
Exploits0References3
NVD
NVD
added 2022/11/22 7:15 p.m.42 views

CVE-2022-41942

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...

7.9CVSS0.01516EPSS
Exploits0References2
NVD
NVD
added 2022/11/18 10:15 p.m.42 views

CVE-2022-41885

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

7.5CVSS0.0043EPSS
Exploits1References3
NVD
NVD
added 2022/11/08 11:15 a.m.42 views

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...

6.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.42 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS0.01011EPSS
Exploits0References2
NVD
NVD
added 2022/10/25 9:15 p.m.42 views

CVE-2022-33180

A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfg”, “configupload”...

5.5CVSS0.00212EPSS
Exploits0References2
NVD
NVD
added 2022/10/20 11:15 a.m.42 views

CVE-2022-37298

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...

9.8CVSS0.01991EPSS
Exploits2References2
NVD
NVD
added 2022/10/19 10:15 p.m.42 views

CVE-2022-31684

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS0.00604EPSS
Exploits0References1
NVD
NVD
added 2022/10/14 3:15 p.m.42 views

CVE-2022-28762

Zoom Client for Meetings for macOS Standard and for IT Admin starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the...

7.8CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2022/10/13 1:15 a.m.42 views

CVE-2022-40187

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework TCF service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless acce...

8CVSS0.00757EPSS
Exploits1References4
NVD
NVD
added 2022/10/10 8:15 p.m.42 views

CVE-2022-40248

An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field...

5.4CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2022/10/03 4:15 p.m.42 views

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...

6.1CVSS0.02454EPSS
Exploits1References2
NVD
NVD
added 2022/10/03 2:15 p.m.42 views

CVE-2022-41420

nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component...

5.5CVSS0.00297EPSS
Exploits1References1
NVD
NVD
added 2022/09/28 8:15 p.m.42 views

CVE-2022-39246

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

7.5CVSS0.00626EPSS
Exploits0References4
NVD
NVD
added 2022/09/28 10:15 a.m.42 views

CVE-2022-32170

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...

4.3CVSS0.00537EPSS
Exploits1References2
NVD
NVD
added 2022/09/21 12:15 a.m.42 views

CVE-2022-35088

SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c...

5.5CVSS0.00296EPSS
Exploits1References2
NVD
NVD
added 2022/09/20 6:15 p.m.42 views

CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

9.8CVSS0.01754EPSS
Exploits1References4
NVD
NVD
added 2022/09/16 11:15 p.m.42 views

CVE-2022-36002

TensorFlow is an open source platform for machine learning. When Unbatch receives a nonscalar input id, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/09/13 9:15 p.m.42 views

CVE-2022-38496

LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp...

5.5CVSS0.00287EPSS
Exploits1References1
NVD
NVD
added 2022/09/08 5:15 a.m.42 views

CVE-2022-25897

The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to Denial of Service DoS when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False...

7.5CVSS0.00981EPSS
Exploits0References4
NVD
NVD
added 2022/08/30 7:15 p.m.42 views

CVE-2021-29864

IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a...

6.8CVSS0.00406EPSS
Exploits0References2
NVD
NVD
added 2022/08/19 9:15 p.m.42 views

CVE-2022-36008

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

7.1CVSS0.00947EPSS
Exploits0References3
NVD
NVD
added 2022/08/15 7:15 p.m.42 views

CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

10CVSS0.02195EPSS
Exploits0References3
NVD
NVD
added 2022/08/02 8:15 p.m.42 views

CVE-2022-35923

v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the lowercase and uppercase regex which could lead to a denial of service attack. In testing of the lowercase function a payload of 'a' + 'a'.repeati + 'A' wit...

7.5CVSS0.01331EPSS
Exploits1References3
NVD
NVD
added 2022/08/01 9:15 p.m.42 views

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

8.2CVSS0.00886EPSS
Exploits0References3
NVD
NVD
added 2022/08/01 9:15 p.m.42 views

CVE-2022-31195

DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF simple archive format package could cause a file/directory to be...

7.2CVSS0.01118EPSS
Exploits0References3
NVD
NVD
added 2022/07/21 4:15 a.m.42 views

CVE-2022-20861

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this...

9.8CVSS0.00541EPSS
Exploits0References1
NVD
NVD
added 2022/07/13 9:15 p.m.42 views

CVE-2022-31145

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...

6.5CVSS0.0077EPSS
Exploits0References3
NVD
NVD
added 2022/07/12 10:15 a.m.42 views

CVE-2022-34663

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969...

8CVSS0.00704EPSS
Exploits0References2
NVD
NVD
added 2022/07/11 1:15 a.m.42 views

CVE-2022-31540

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01118EPSS
Exploits1References1
NVD
NVD
added 2022/07/11 1:15 a.m.42 views

CVE-2022-27168

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS0.009EPSS
Exploits0References4
NVD
NVD
added 2022/06/30 5:15 p.m.42 views

CVE-2022-31112

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

8.2CVSS0.01211EPSS
Exploits0References6
NVD
NVD
added 2022/06/27 8:15 p.m.42 views

CVE-2022-31036

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user...

4.3CVSS0.00821EPSS
Exploits0References2
NVD
NVD
added 2022/06/23 5:15 p.m.42 views

CVE-2022-34207

A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...

6.5CVSS0.00468EPSS
Exploits0References1
NVD
NVD
added 2022/06/14 10:15 a.m.42 views

CVE-2022-22071

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

8.4CVSS0.0045EPSS
Exploits0References2
NVD
NVD
added 2022/06/14 10:15 a.m.42 views

CVE-2021-37182

A vulnerability has been identified in SCALANCE XM408-4C All versions V6.5, SCALANCE XM408-4C L3 int. All versions V6.5, SCALANCE XM408-8C All versions V6.5, SCALANCE XM408-8C L3 int. All versions V6.5, SCALANCE XM416-4C All versions V6.5, SCALANCE XM416-4C L3 int. All versions V6.5, SCALANCE...

7.5CVSS0.00588EPSS
Exploits0References1
NVD
NVD
added 2022/06/09 1:15 p.m.42 views

CVE-2022-31019

Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: curl -d "array00array00array$for f in $seq 1100; do echo -n '00array'; donestring0=hello%20world"...

7.5CVSS0.0149EPSS
Exploits1References2
NVD
NVD
added 2022/05/16 4:15 p.m.42 views

CVE-2021-33318

An Input Validation Vulnerability exists in Joel Christner .NET C packages WatsonWebserver, IpMatcher 1.0.4.1 and below IpMatcher and 4.1.3 and below WatsonWebserver due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets...

9.8CVSS0.01921EPSS
Exploits3References4
NVD
NVD
added 2022/05/06 1:15 a.m.42 views

CVE-2021-25745

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

8.1CVSS0.01109EPSS
Exploits0References3
NVD
NVD
added 2022/05/05 11:15 p.m.42 views

CVE-2022-29166

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain fro...

8.8CVSS0.00938EPSS
Exploits0References2
Total number of security vulnerabilities5000