Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2024/07/09 5:15 p.m.66 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability...

7.2CVSS0.49979EPSS
Exploits1References2
NVD
NVD
added 2024/06/17 8:15 p.m.66 views

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

10CVSS0.00655EPSS
Exploits0References2
NVD
NVD
added 2024/05/18 6:15 a.m.66 views

CVE-2024-3812

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

7.5CVSS7.8AI score0.00632EPSS
Exploits0References2
NVD
NVD
added 2024/03/28 1:15 p.m.66 views

CVE-2024-29896

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...

7.5CVSS7.5AI score0.00591EPSS
Exploits0References2
NVD
NVD
added 2024/03/27 3:15 a.m.66 views

CVE-2024-25391

A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2...

8.4CVSS7.1AI score0.00323EPSS
Exploits0References6
NVD
NVD
added 2024/01/29 8:15 p.m.66 views

CVE-2023-51839

DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm...

9.1CVSS9.3AI score0.00376EPSS
Exploits0References3
NVD
NVD
added 2023/12/04 11:15 p.m.66 views

CVE-2023-21164

In DevmemIntMapPMR of devicememserver.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00414EPSS
Exploits0References1
NVD
NVD
added 2023/10/03 5:15 a.m.66 views

CVE-2023-26150

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

7.5CVSS6.8AI score0.00454EPSS
Exploits1References7
NVD
NVD
added 2023/07/13 3:15 a.m.66 views

CVE-2023-3342

The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'uruploadprofilepic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with...

9.9CVSS0.01454EPSS
Exploits2References5
NVD
NVD
added 2023/07/10 4:15 p.m.66 views

CVE-2023-23993

Cross-Site Request Forgery CSRF vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin = 11.1.1 versions...

8.8CVSS6.5AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2023/05/29 12:15 a.m.66 views

CVE-2023-30350

FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password...

8.8CVSS8.8AI score0.05343EPSS
Exploits4References1
NVD
NVD
added 2023/05/10 10:15 a.m.66 views

CVE-2022-33961

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...

4.8CVSS4.4AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 10:15 p.m.66 views

CVE-2023-28128

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution...

7.2CVSS7.1AI score0.84697EPSS
Exploits3References3
NVD
NVD
added 2023/04/20 6:15 p.m.66 views

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

9CVSS8.9AI score0.01277EPSS
Exploits1References4
NVD
NVD
added 2023/04/19 6:15 p.m.66 views

CVE-2023-30612

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

4.9CVSS4.7AI score0.0036EPSS
Exploits0References5
NVD
NVD
added 2022/10/11 11:15 a.m.66 views

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...

8.7CVSS0.01262EPSS
Exploits0References4
NVD
NVD
added 2022/08/15 11:21 a.m.66 views

CVE-2022-36007

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...

6.1CVSS0.00414EPSS
Exploits1References4
NVD
NVD
added 2022/07/22 4:15 p.m.66 views

CVE-2022-2511

Cross-site Scripting XSS vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL...

6.1CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 2021/11/19 4:15 p.m.66 views

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

8.8CVSS0.13035EPSS
Exploits0References1
NVD
NVD
added 2021/06/22 7:15 p.m.66 views

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

7.2CVSS0.00917EPSS
Exploits0References1
NVD
NVD
added 2021/06/22 11:15 a.m.66 views

CVE-2021-0556

In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

5.5CVSS0.00121EPSS
Exploits0References1
NVD
NVD
added 2021/06/18 10:15 p.m.66 views

CVE-2021-33186

SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information...

7.5CVSS0.01019EPSS
Exploits0References1
NVD
NVD
added 2021/05/24 6:15 p.m.66 views

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

9.1CVSS0.02201EPSS
Exploits1References3
NVD
NVD
added 2021/01/11 10:15 p.m.66 views

CVE-2021-0303

In dispatchGraphTerminationMessage of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7CVSS7.1AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2020/02/17 8:15 p.m.66 views

CVE-2019-19325

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

6.1CVSS6AI score0.00685EPSS
Exploits0References1
NVD
NVD
added 2019/03/11 6:29 p.m.66 views

CVE-2019-9692

class.showtime2image.php in CMS Made Simple CMSMS before 2.2.10 does not ensure that a watermark file has a standard image file extension GIF, JPG, JPEG, or PNG...

6.5CVSS6.5AI score0.45896EPSS
Exploits7References6
NVD
NVD
added 2006/05/19 11:2 p.m.66 views

CVE-2006-2483

PHP remote file inclusion vulnerability in cartcontent.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cartisproot parameter...

6.4CVSS7.6AI score0.07538EPSS
Exploits1References7
NVD
NVD
added 2026/06/02 4:16 p.m.65 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 9:16 a.m.65 views

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

7CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.65 views

CVE-2026-43484

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

5.5CVSS0.00114EPSS
Exploits0References7
NVD
NVD
added 2026/05/09 11:16 p.m.65 views

CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.5CVSS0.00205EPSS
Exploits1References8
NVD
NVD
added 2026/03/30 7:16 p.m.65 views

CVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %expr injection occurs with tabpanel lacking PMLE...

9.2CVSS0.00588EPSS
Exploits0References10
NVD
NVD
added 2025/05/29 4:15 p.m.65 views

CVE-2025-48472

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

8.1CVSS0.00351EPSS
Exploits1References2
NVD
NVD
added 2025/04/02 10:15 p.m.65 views

CVE-2025-27608

Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...

4.6CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 2025/02/04 11:15 a.m.65 views

CVE-2024-27137

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 3:15 p.m.65 views

CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

8.6CVSS0.00487EPSS
Exploits1References2
NVD
NVD
added 2024/12/05 3:15 p.m.65 views

CVE-2024-11942

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

5.9CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 10:15 p.m.65 views

CVE-2024-52342

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Offshorent Solutions Pvt Ltd OS BXSlider os-bxslider allows Stored XSS.This issue affects OS BXSlider: from n/a through = 2.6...

6.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 4:15 p.m.65 views

CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

9.8CVSS0.99698EPSS
Exploits15References4
NVD
NVD
added 2024/11/18 3:15 p.m.65 views

CVE-2024-52431

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0...

9.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 9:15 p.m.65 views

CVE-2024-45526

An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually...

5.3CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 8:15 p.m.65 views

CVE-2022-48950

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfpendingtask UaF Per syzbot it is possible for perfpendingtask to run after the event is free'd. There are two related but distinct cases: - the taskwork was already queued before destroying the event; - destroying t...

7.8CVSS0.00253EPSS
Exploits0References3
NVD
NVD
added 2024/10/16 8:15 a.m.65 views

CVE-2023-22649

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDITLEVEL set to 1 or above are impacted by this issue...

8.4CVSS0.01882EPSS
Exploits1References2
NVD
NVD
added 2024/07/18 10:15 a.m.65 views

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS0.04134EPSS
Exploits3References2
NVD
NVD
added 2024/06/20 4:15 p.m.65 views

CVE-2024-6193

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS0.00532EPSS
Exploits1References4
NVD
NVD
added 2024/06/11 5:15 p.m.65 views

CVE-2024-30097

Microsoft Speech Application Programming Interface SAPI Remote Code Execution Vulnerability...

8.8CVSS0.01715EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 8:15 p.m.65 views

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS0.03304EPSS
Exploits2References3
NVD
NVD
added 2024/05/27 1:15 p.m.65 views

CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...

7.1CVSS6.5AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2024/03/27 3:15 a.m.65 views

CVE-2024-2945

A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/faceboxmodal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

6.5CVSS6.8AI score0.00512EPSS
Exploits1References4
NVD
NVD
added 2024/02/05 10:15 p.m.65 views

CVE-2023-22817

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

5.5CVSS5.7AI score0.00241EPSS
Exploits0References1
Total number of security vulnerabilities5000