Lucene search
K
NvdMost viewed

364744 matches found

NVD
NVD
added 2025/04/02 10:15 p.m.65 views

CVE-2025-27608

Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...

4.6CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 2025/02/04 11:15 a.m.65 views

CVE-2024-27137

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 3:15 p.m.65 views

CVE-2024-54141

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database ie postgreSQL server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0...

8.6CVSS0.00487EPSS
Exploits1References2
NVD
NVD
added 2024/12/05 3:15 p.m.65 views

CVE-2024-11942

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

5.9CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 4:15 p.m.65 views

CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

9.8CVSS0.99698EPSS
Exploits15References4
NVD
NVD
added 2024/11/18 3:15 p.m.65 views

CVE-2024-52431

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0...

9.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 9:15 p.m.65 views

CVE-2024-45526

An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually...

5.3CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 8:15 p.m.65 views

CVE-2022-48950

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfpendingtask UaF Per syzbot it is possible for perfpendingtask to run after the event is free'd. There are two related but distinct cases: - the taskwork was already queued before destroying the event; - destroying t...

7.8CVSS0.00253EPSS
Exploits0References3
NVD
NVD
added 2024/10/16 8:15 a.m.65 views

CVE-2023-22649

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDITLEVEL set to 1 or above are impacted by this issue...

8.4CVSS0.01882EPSS
Exploits1References2
NVD
NVD
added 2024/07/24 4:15 p.m.65 views

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

9.1CVSS0.11414EPSS
Exploits6References4
NVD
NVD
added 2024/07/18 10:15 a.m.65 views

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS0.04134EPSS
Exploits3References2
NVD
NVD
added 2024/06/20 4:15 p.m.65 views

CVE-2024-6193

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS0.00532EPSS
Exploits1References4
NVD
NVD
added 2024/06/11 5:15 p.m.65 views

CVE-2024-30097

Microsoft Speech Application Programming Interface SAPI Remote Code Execution Vulnerability...

8.8CVSS0.01715EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 8:15 p.m.65 views

CVE-2024-37393

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS0.03304EPSS
Exploits2References3
NVD
NVD
added 2024/03/27 3:15 a.m.65 views

CVE-2024-2945

A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/faceboxmodal/updateExaminee.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

6.5CVSS6.8AI score0.00512EPSS
Exploits1References4
NVD
NVD
added 2024/02/05 10:15 p.m.65 views

CVE-2023-22817

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

5.5CVSS5.7AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2023/12/01 10:15 p.m.65 views

CVE-2023-49281

Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites,...

6.1CVSS0.00557EPSS
Exploits0References4
NVD
NVD
added 2023/09/27 9:15 p.m.65 views

CVE-2023-43651

JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provid...

9.9CVSS9.5AI score0.01716EPSS
Exploits1References2
NVD
NVD
added 2023/07/26 9:15 p.m.65 views

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

7.5CVSS7.5AI score0.00431EPSS
Exploits4References4
NVD
NVD
added 2023/06/23 9:15 p.m.65 views

CVE-2023-35169

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code executio...

9.8CVSS9.7AI score0.03191EPSS
Exploits1References5
NVD
NVD
added 2023/06/14 8:15 a.m.65 views

CVE-2023-1049

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...

7.8CVSS7.8AI score0.00597EPSS
Exploits0References1
NVD
NVD
added 2023/05/11 9:15 p.m.65 views

CVE-2023-31146

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment...

9.1CVSS7.9AI score0.01241EPSS
Exploits1References2
NVD
NVD
added 2023/04/10 2:15 p.m.65 views

CVE-2023-0983

The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form...

6.1CVSS6AI score0.00458EPSS
Exploits2References1
NVD
NVD
added 2023/01/26 9:15 p.m.65 views

CVE-2022-20493

In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS7.8AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2022/07/15 9:15 p.m.65 views

CVE-2022-31161

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for...

10CVSS0.20446EPSS
Exploits3References3
NVD
NVD
added 2022/01/24 8:15 p.m.65 views

CVE-2022-21715

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a...

6.1CVSS0.01002EPSS
Exploits0References3
NVD
NVD
added 2021/10/04 6:15 a.m.65 views

CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

7.5CVSS0.01307EPSS
Exploits0References2
NVD
NVD
added 2021/03/25 9:15 a.m.65 views

CVE-2021-26715

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

9.1CVSS0.01494EPSS
Exploits1References2
NVD
NVD
added 2021/02/08 11:15 p.m.65 views

CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

5.5CVSS0.0055EPSS
Exploits1References4
NVD
NVD
added 2020/08/14 5:15 p.m.65 views

CVE-2020-15141

In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...

4.1CVSS4AI score0.00944EPSS
Exploits0References4
NVD
NVD
added 2020/03/18 5:15 p.m.65 views

CVE-2019-19351

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera ...

7CVSS6.8AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2019/10/28 1:15 p.m.65 views

CVE-2019-14928

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to...

5.4CVSS6.4AI score0.44149EPSS
Exploits1References2
NVD
NVD
added 2010/11/09 9:0 p.m.65 views

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services aka JAX-WS, which allows remote attackers to cause a denial of service data corruption via a crafted JAX-WS request that leads to incorrect...

5CVSS6.3AI score0.02213EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 10:16 p.m.64 views

CVE-2026-35428

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS0.00933EPSS
Exploits0References1
NVD
NVD
added 2025/08/13 6:15 p.m.64 views

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00726EPSS
Exploits0References3
NVD
NVD
added 2025/05/30 3:15 p.m.64 views

CVE-2024-7096

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

5.4CVSS0.00594EPSS
Exploits0References1
NVD
NVD
added 2025/04/18 6:15 p.m.64 views

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

6.1CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2025/04/14 3:15 p.m.64 views

CVE-2025-2475

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials...

5.4CVSS0.00204EPSS
Exploits0References1
NVD
NVD
added 2025/01/25 1:15 a.m.64 views

CVE-2025-24361

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

5.3CVSS0.00325EPSS
Exploits0References2
NVD
NVD
added 2024/12/17 6:15 p.m.64 views

CVE-2024-54662

Dante 1.4.0 through 1.4.3 fixed in 1.4.4 has incorrect access control for some sockd.conf configurations involving socksmethod...

9.1CVSS0.00502EPSS
Exploits0References2
NVD
NVD
added 2024/11/14 3:15 p.m.64 views

CVE-2022-2232

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

7.5CVSS0.00642EPSS
Exploits0References5
NVD
NVD
added 2024/11/04 11:15 p.m.64 views

CVE-2024-48059

gaizhenbiao/chuanhuchatgpt project, version =20240802 is vulnerable to stored Cross-Site Scripting XSS in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's...

6.1CVSS0.0032EPSS
Exploits1References2
NVD
NVD
added 2024/07/17 8:15 p.m.64 views

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

5.4CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 11:15 a.m.64 views

CVE-2024-27311

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder...

8.8CVSS0.01459EPSS
Exploits0References1
NVD
NVD
added 2024/05/30 5:15 p.m.64 views

CVE-2024-36118

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There...

4.3CVSS3.9AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2024/05/16 2:15 p.m.64 views

CVE-2023-46842

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a...

6.5CVSS6.1AI score0.0853EPSS
Exploits0References4
NVD
NVD
added 2024/03/13 4:15 p.m.64 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS7.6AI score0.23072EPSS
Exploits1References6
NVD
NVD
added 2023/10/31 2:15 p.m.64 views

CVE-2023-4610

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

6.6AI score
Exploits0
NVD
NVD
added 2023/10/19 10:15 a.m.64 views

CVE-2022-25334

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE lacks a bounds check on the signature size field in the SKLOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data...

8.8CVSS6.3AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2023/09/06 6:15 p.m.64 views

CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

7.7CVSS7AI score0.00519EPSS
Exploits0References2
Total number of security vulnerabilities5000