Lucene search
K
NvdMost viewed

363781 matches found

NVD
NVD
•added 2022/01/24 8:15 p.m.•65 views

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

6.1CVSS0.01002EPSS
Exploits0References3
NVD
NVD
•added 2021/10/04 6:15 a.m.•65 views

CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

7.5CVSS0.01307EPSS
Exploits0References2
NVD
NVD
•added 2021/03/25 9:15 a.m.•65 views

CVE-2021-26715

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

9.1CVSS0.01494EPSS
Exploits1References2
NVD
NVD
•added 2021/02/08 11:15 p.m.•65 views

CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

5.5CVSS0.0055EPSS
Exploits1References4
NVD
NVD
•added 2021/01/11 10:15 p.m.•65 views

CVE-2021-0303

In dispatchGraphTerminationMessage of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

7CVSS7.1AI score0.00119EPSS
Exploits0References1
NVD
NVD
•added 2020/08/14 5:15 p.m.•65 views

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

4.1CVSS4AI score0.00944EPSS
Exploits0References4
NVD
NVD
•added 2020/03/18 5:15 p.m.•65 views

CVE-2019-19351

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera ...

7CVSS6.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
•added 2026/05/13 4:16 p.m.•64 views

CVE-2026-43484

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

5.5CVSS0.00114EPSS
Exploits0References7
NVD
NVD
•added 2026/05/07 10:16 p.m.•64 views

CVE-2026-35428

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS0.00933EPSS
Exploits0References1
NVD
NVD
•added 2025/08/13 6:15 p.m.•64 views

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00726EPSS
Exploits0References3
NVD
NVD
•added 2025/06/03 3:15 p.m.•64 views

CVE-2025-46548

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes...

6.5CVSS0.00655EPSS
Exploits1References4
NVD
NVD
•added 2025/05/30 3:15 p.m.•64 views

CVE-2024-7096

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

5.4CVSS0.00594EPSS
Exploits0References1
NVD
NVD
•added 2025/04/14 3:15 p.m.•64 views

CVE-2025-2475

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...

5.4CVSS0.00204EPSS
Exploits0References1
NVD
NVD
•added 2025/01/25 1:15 a.m.•64 views

CVE-2025-24361

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

5.3CVSS0.00325EPSS
Exploits0References2
NVD
NVD
•added 2024/12/17 6:15 p.m.•64 views

CVE-2024-54662

Dante 1.4.0 through 1.4.3 fixed in 1.4.4 has incorrect access control for some sockd.conf configurations involving socksmethod...

9.1CVSS0.00502EPSS
Exploits0References2
NVD
NVD
•added 2024/11/18 3:15 p.m.•64 views

CVE-2024-52431

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0...

9.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
•added 2024/11/04 11:15 p.m.•64 views

CVE-2024-48059

gaizhenbiao/chuanhuchatgpt project, version =20240802 is vulnerable to stored Cross-Site Scripting XSS in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's...

6.1CVSS0.0032EPSS
Exploits1References2
NVD
NVD
•added 2024/07/24 4:15 p.m.•64 views

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

9.1CVSS0.11414EPSS
Exploits6References4
NVD
NVD
•added 2024/07/17 8:15 p.m.•64 views

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

5.4CVSS0.00286EPSS
Exploits0References2
NVD
NVD
•added 2024/07/17 11:15 a.m.•64 views

CVE-2024-27311

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder...

8.8CVSS0.01459EPSS
Exploits0References1
NVD
NVD
•added 2024/05/30 5:15 p.m.•64 views

CVE-2024-36118

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There...

4.3CVSS3.9AI score0.00296EPSS
Exploits0References1
NVD
NVD
•added 2024/04/30 11:15 p.m.•64 views

CVE-2024-4192

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS7.7AI score0.00322EPSS
Exploits0References1
NVD
NVD
•added 2023/10/31 2:15 p.m.•64 views

CVE-2023-4610

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

6.6AI score
Exploits0
NVD
NVD
•added 2023/10/19 10:15 a.m.•64 views

CVE-2022-25334

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE lacks a bounds check on the signature size field in the SKLOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data...

8.8CVSS6.3AI score0.00192EPSS
Exploits0References1
NVD
NVD
•added 2023/09/06 6:15 p.m.•64 views

CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

7.7CVSS7AI score0.00519EPSS
Exploits0References2
NVD
NVD
•added 2023/08/31 6:15 a.m.•64 views

CVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

9.8CVSS9.6AI score0.00966EPSS
Exploits2References3
NVD
NVD
•added 2023/08/11 7:15 a.m.•64 views

CVE-2023-4105

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message...

4.3CVSS4.2AI score0.00331EPSS
Exploits0References1
NVD
NVD
•added 2023/07/26 9:15 p.m.•64 views

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

7.5CVSS7.5AI score0.00431EPSS
Exploits4References4
NVD
NVD
•added 2023/06/05 6:15 a.m.•64 views

CVE-2023-3096

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...

7.8CVSS6AI score0.00332EPSS
Exploits1References3
NVD
NVD
•added 2023/03/29 9:15 a.m.•64 views

CVE-2023-1688

A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=saveexpense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely...

6.1CVSS4.5AI score0.00363EPSS
Exploits0References2
NVD
NVD
•added 2023/03/03 11:15 p.m.•64 views

CVE-2023-26483

gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...

5.3CVSS5.2AI score0.00964EPSS
Exploits0References4
NVD
NVD
•added 2023/01/26 9:18 p.m.•64 views

CVE-2023-24449

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS4.5AI score0.01201EPSS
Exploits0References1
NVD
NVD
•added 2022/12/07 7:15 a.m.•64 views

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

7.2CVSS0.00796EPSS
Exploits1References3
NVD
NVD
•added 2022/08/29 3:15 p.m.•64 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS0.00303EPSS
Exploits1References2
NVD
NVD
•added 2022/06/09 5:15 p.m.•64 views

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

5.4CVSS0.00674EPSS
Exploits0References3
NVD
NVD
•added 2022/02/24 7:15 p.m.•64 views

CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault...

6.5CVSS0.01894EPSS
Exploits1References4
NVD
NVD
•added 2022/02/09 2:15 p.m.•64 views

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

7.5CVSS0.15551EPSS
Exploits3References3
NVD
NVD
•added 2021/08/20 10:15 p.m.•64 views

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

9.8CVSS0.01136EPSS
Exploits1References1
NVD
NVD
•added 2021/06/16 6:15 p.m.•64 views

CVE-2021-1524

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this...

6.5CVSS0.01101EPSS
Exploits0References1
NVD
NVD
•added 2020/12/02 8:15 a.m.•64 views

CVE-2020-29456

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

6.1CVSS6.1AI score0.01527EPSS
Exploits0References3
NVD
NVD
•added 2020/01/06 2:15 p.m.•64 views

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

9.8CVSS9.5AI score0.02409EPSS
Exploits0References3
NVD
NVD
•added 2019/10/28 1:15 p.m.•64 views

CVE-2019-14928

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to...

5.4CVSS6.4AI score0.44149EPSS
Exploits1References2
NVD
NVD
•added 2019/10/25 7:15 p.m.•64 views

CVE-2019-17142

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.1AI score0.06261EPSS
Exploits0References2
NVD
NVD
•added 2010/11/09 9:0 p.m.•64 views

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services aka JAX-WS, which allows remote attackers to cause a denial of service data corruption via a crafted JAX-WS request that leads to incorrect...

5CVSS6.3AI score0.02213EPSS
Exploits0References3
NVD
NVD
•added 2026/06/19 5:16 p.m.•63 views

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS0.00126EPSS
Exploits0References3
NVD
NVD
•added 2026/05/29 7:16 p.m.•63 views

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

6.1CVSS0.00215EPSS
Exploits0References1
NVD
NVD
•added 2026/05/12 3:16 a.m.•63 views

CVE-2026-34260

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS0.00466EPSS
Exploits0References2
NVD
NVD
•added 2026/05/11 7:16 p.m.•63 views

CVE-2026-43969

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

3.2CVSS0.00145EPSS
Exploits0References3
NVD
NVD
•added 2026/05/08 8:16 p.m.•63 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
NVD
NVD
•added 2026/05/08 1:16 p.m.•63 views

CVE-2022-50994

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

9.2CVSS0.01432EPSS
Exploits0References3
Total number of security vulnerabilities5000