Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2025/09/09 11:15 p.m.63 views

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS0.00312EPSS
Exploits0References2
NVD
NVD
added 2025/09/05 6:15 p.m.63 views

CVE-2025-10014

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote...

3.1CVSS0.00256EPSS
Exploits0References4
NVD
NVD
added 2025/08/09 3:15 a.m.63 views

CVE-2025-55009

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

7.1CVSS0.00342EPSS
Exploits0References3
NVD
NVD
added 2025/04/20 3:15 a.m.63 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS0.00167EPSS
Exploits1References5
NVD
NVD
added 2025/04/20 1:15 a.m.63 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS0.00379EPSS
Exploits1References4
NVD
NVD
added 2025/04/18 6:15 p.m.63 views

CVE-2025-29512

Cross-Site Scripting XSS vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database...

6.1CVSS0.00232EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 10:15 p.m.63 views

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...

8.8CVSS0.01421EPSS
Exploits0References2
NVD
NVD
added 2024/12/13 2:15 p.m.63 views

CVE-2024-55889

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

7.2CVSS0.02121EPSS
Exploits3References2
NVD
NVD
added 2024/11/15 4:15 p.m.63 views

CVE-2024-51497

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...

5.4CVSS0.00396EPSS
Exploits1References2
NVD
NVD
added 2024/11/14 3:15 p.m.63 views

CVE-2022-2232

A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions...

7.5CVSS0.00642EPSS
Exploits0References5
NVD
NVD
added 2024/11/12 8:15 p.m.63 views

CVE-2024-2208

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities...

8.8CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/07/24 8:15 a.m.63 views

CVE-2024-39676

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...

7.5CVSS0.00846EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.63 views

CVE-2024-37334

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

8.8CVSS0.01645EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 6:15 p.m.63 views

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

6.5CVSS0.0073EPSS
Exploits1References2
NVD
NVD
added 2024/05/17 4:15 p.m.63 views

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

4.8CVSS5.4AI score0.00762EPSS
Exploits4References1
NVD
NVD
added 2024/05/16 2:15 p.m.63 views

CVE-2023-46842

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a...

6.5CVSS6.1AI score0.0853EPSS
Exploits0References4
NVD
NVD
added 2024/03/19 2:15 p.m.63 views

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

7.1CVSS6.9AI score0.00622EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.63 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS7.6AI score0.23072EPSS
Exploits1References6
NVD
NVD
added 2023/12/29 11:15 a.m.63 views

CVE-2023-50901

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8...

7.1CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 6:15 p.m.63 views

CVE-2023-50831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0...

6.5CVSS0.00517EPSS
Exploits1References1
NVD
NVD
added 2023/10/11 4:15 p.m.63 views

CVE-2023-34365

A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability...

9.8CVSS9.7AI score0.00773EPSS
Exploits0References2
NVD
NVD
added 2023/10/10 6:15 p.m.63 views

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

7.8CVSS8.1AI score0.01056EPSS
Exploits0References1
NVD
NVD
added 2023/10/04 9:15 p.m.63 views

CVE-2023-44389

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

4.8CVSS4.3AI score0.00404EPSS
Exploits0References3
NVD
NVD
added 2023/08/28 1:15 a.m.63 views

CVE-2023-26272

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID:...

5.3CVSS5.2AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 10:15 p.m.63 views

CVE-2023-21284

In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2023/08/04 4:15 p.m.63 views

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

9.3CVSS9.1AI score0.00229EPSS
Exploits0References7
NVD
NVD
added 2023/07/21 5:15 a.m.63 views

CVE-2023-3815

A vulnerability, which was classified as problematic, has been found in yproject RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched...

6.1CVSS4.4AI score0.00513EPSS
Exploits1References3
NVD
NVD
added 2023/07/05 10:15 p.m.63 views

CVE-2023-36827

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

7.5CVSS7.6AI score0.01491EPSS
Exploits0References3
NVD
NVD
added 2023/06/30 7:15 p.m.63 views

CVE-2023-36477

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

9CVSS9.1AI score0.00903EPSS
Exploits1References4
NVD
NVD
added 2023/06/28 3:15 p.m.63 views

CVE-2023-34933

A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS7.5AI score0.00848EPSS
Exploits1References1
NVD
NVD
added 2023/06/06 7:15 p.m.63 views

CVE-2023-33653

Sitecore Experience Platform XP v9.3 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML...

8.8CVSS9.1AI score0.02086EPSS
Exploits1References1
NVD
NVD
added 2023/01/27 7:15 p.m.63 views

CVE-2021-41231

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.3AI score0.01235EPSS
Exploits0References4
NVD
NVD
added 2023/01/20 10:15 p.m.63 views

CVE-2023-24028

In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function...

9.8CVSS9.6AI score0.00702EPSS
Exploits0References1
NVD
NVD
added 2022/11/16 3:15 p.m.63 views

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS0.00935EPSS
Exploits1References1
NVD
NVD
added 2022/10/03 3:15 p.m.63 views

CVE-2022-40721

Arbitrary file upload vulnerability in php uploader...

9.8CVSS0.01087EPSS
Exploits1References3
NVD
NVD
added 2022/06/09 1:15 p.m.63 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS0.00434EPSS
Exploits0References1
NVD
NVD
added 2022/01/15 9:15 p.m.63 views

CVE-2021-44537

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution...

7.8CVSS0.02749EPSS
Exploits0References3
NVD
NVD
added 2021/12/15 3:15 p.m.63 views

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability...

6.5CVSS0.02804EPSS
Exploits0References1
NVD
NVD
added 2021/10/28 4:15 p.m.63 views

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

6.8CVSS0.01037EPSS
Exploits0References1
NVD
NVD
added 2021/09/07 8:15 p.m.63 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS0.0282EPSS
Exploits1References2
NVD
NVD
added 2021/06/21 5:15 p.m.63 views

CVE-2021-0508

In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

7CVSS0.00178EPSS
Exploits0References1
NVD
NVD
added 2021/06/21 5:15 p.m.63 views

CVE-2021-0522

In ConnectionHandler::SdpCb of connectionhandler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.5CVSS0.01383EPSS
Exploits0References1
NVD
NVD
added 2021/05/14 8:15 p.m.63 views

CVE-2021-29575

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

5.5CVSS0.00198EPSS
Exploits1References2
NVD
NVD
added 2021/05/14 8:15 p.m.63 views

CVE-2021-29546

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS0.00201EPSS
Exploits1References2
NVD
NVD
added 2020/03/19 2:15 p.m.63 views

CVE-2020-10675

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service infinite loop via a Delete call...

7.5CVSS7.2AI score0.02473EPSS
Exploits1References3
NVD
NVD
added 2019/10/25 7:15 p.m.63 views

CVE-2019-17142

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.1AI score0.06261EPSS
Exploits0References2
NVD
NVD
added 2018/09/17 4:29 a.m.63 views

CVE-2018-17132

admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...

7.2CVSS7.3AI score0.01841EPSS
Exploits1References1
NVD
NVD
added 2018/06/26 4:29 p.m.63 views

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

9.8CVSS9.7AI score0.0406EPSS
Exploits1References2
NVD
NVD
added 2026/05/29 7:16 p.m.62 views

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

6.1CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 10:16 a.m.62 views

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS0.00758EPSS
Exploits0References10
Total number of security vulnerabilities5000