Lucene search
K
NvdMost viewed

364639 matches found

NVD
NVD
added 2023/08/11 7:15 a.m.64 views

CVE-2023-4105

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message...

4.3CVSS4.2AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2023/06/05 6:15 a.m.64 views

CVE-2023-3096

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the...

7.8CVSS6AI score0.00332EPSS
Exploits1References3
NVD
NVD
added 2023/03/29 9:15 a.m.64 views

CVE-2023-1688

A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=saveexpense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely...

6.1CVSS4.5AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2023/03/03 11:15 p.m.64 views

CVE-2023-26483

gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...

5.3CVSS5.2AI score0.00964EPSS
Exploits0References4
NVD
NVD
added 2023/01/26 9:18 p.m.64 views

CVE-2023-24449

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.3CVSS4.5AI score0.01201EPSS
Exploits0References1
NVD
NVD
added 2022/12/07 7:15 a.m.64 views

CVE-2022-4322

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit...

7.2CVSS0.00796EPSS
Exploits1References3
NVD
NVD
added 2022/11/16 3:15 p.m.64 views

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS0.00935EPSS
Exploits1References1
NVD
NVD
added 2022/08/29 3:15 p.m.64 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS0.00303EPSS
Exploits1References2
NVD
NVD
added 2022/06/09 5:15 p.m.64 views

CVE-2022-31038

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 DisplayName does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes DisplayName...

5.4CVSS0.00674EPSS
Exploits0References3
NVD
NVD
added 2022/02/24 7:15 p.m.64 views

CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault...

6.5CVSS0.01894EPSS
Exploits1References4
NVD
NVD
added 2022/02/09 2:15 p.m.64 views

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

7.5CVSS0.12785EPSS
Exploits3References2
NVD
NVD
added 2022/01/15 9:15 p.m.64 views

CVE-2021-44537

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution...

7.8CVSS0.02749EPSS
Exploits0References3
NVD
NVD
added 2021/08/20 10:15 p.m.64 views

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

9.8CVSS0.01136EPSS
Exploits1References1
NVD
NVD
added 2021/06/21 5:15 p.m.64 views

CVE-2021-0522

In ConnectionHandler::SdpCb of connectionhandler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.5CVSS0.01383EPSS
Exploits0References1
NVD
NVD
added 2021/06/16 6:15 p.m.64 views

CVE-2021-1524

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this...

6.5CVSS0.01101EPSS
Exploits0References1
NVD
NVD
added 2020/12/02 8:15 a.m.64 views

CVE-2020-29456

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

6.1CVSS6.1AI score0.01527EPSS
Exploits0References3
NVD
NVD
added 2020/01/06 2:15 p.m.64 views

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

9.8CVSS9.5AI score0.02409EPSS
Exploits0References3
NVD
NVD
added 2019/10/25 7:15 p.m.64 views

CVE-2019-17142

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.1AI score0.06261EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 5:16 p.m.63 views

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS0.00126EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 7:16 p.m.63 views

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

6.1CVSS0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 3:16 a.m.63 views

CVE-2026-34260

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS0.00466EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 7:16 p.m.63 views

CVE-2026-43969

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

3.2CVSS0.00145EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 8:16 p.m.63 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
NVD
NVD
added 2026/05/08 1:16 p.m.63 views

CVE-2022-50994

DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...

9.2CVSS0.01432EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 10:16 p.m.63 views

CVE-2026-33111

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.01135EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 4:16 a.m.63 views

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS0.00643EPSS
Exploits0References16
NVD
NVD
added 2026/01/21 6:16 p.m.63 views

CVE-2021-47869

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRAScheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files x86\Brother\ directory to gain local syst...

8.5CVSS0.00129EPSS
Exploits0References5
NVD
NVD
added 2025/11/15 7:15 a.m.63 views

CVE-2025-13190

A vulnerability was found in D-Link DIR-816L 206b09beta. This vulnerability affects the function scandirmain of the file /portal/ajaxexporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public a...

9CVSS0.00752EPSS
Exploits1References5
NVD
NVD
added 2025/10/16 10:15 a.m.63 views

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

9.2CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 11:15 p.m.63 views

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS0.00312EPSS
Exploits0References2
NVD
NVD
added 2025/09/05 6:15 p.m.63 views

CVE-2025-10014

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote...

3.1CVSS0.00256EPSS
Exploits0References4
NVD
NVD
added 2025/08/09 3:15 a.m.63 views

CVE-2025-55009

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

7.1CVSS0.00342EPSS
Exploits0References3
NVD
NVD
added 2025/05/23 4:15 p.m.63 views

CVE-2025-48377

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS0.00198EPSS
Exploits0References2
NVD
NVD
added 2025/04/20 3:15 a.m.63 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS0.00167EPSS
Exploits1References5
NVD
NVD
added 2025/04/20 1:15 a.m.63 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS0.00379EPSS
Exploits1References4
NVD
NVD
added 2025/01/21 10:15 p.m.63 views

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...

8.8CVSS0.01421EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 10:15 p.m.63 views

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using sh -c. An attacker with authenticated...

8.8CVSS0.01236EPSS
Exploits0References2
NVD
NVD
added 2024/12/27 10:15 a.m.63 views

CVE-2024-3393

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall t...

8.7CVSS0.26636EPSS
Exploits0References2
NVD
NVD
added 2024/12/13 2:15 p.m.63 views

CVE-2024-55889

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

7.2CVSS0.02163EPSS
Exploits3References2
NVD
NVD
added 2024/11/21 5:15 p.m.63 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

9.8CVSS0.02273EPSS
Exploits1References3
NVD
NVD
added 2024/11/19 5:15 p.m.63 views

CVE-2024-51831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aboutorab Pourhaghani Persian Nested Show/Hide Text persian-nested-showhide-text allows Stored XSS.This issue affects Persian Nested Show/Hide Text: from n/a through = 1.5...

6.5CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 4:15 p.m.63 views

CVE-2024-51497

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...

5.4CVSS0.00396EPSS
Exploits1References2
NVD
NVD
added 2024/11/12 8:15 p.m.63 views

CVE-2024-2208

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities...

8.8CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.63 views

CVE-2024-37334

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

8.8CVSS0.01645EPSS
Exploits0References1
NVD
NVD
added 2024/07/08 9:15 p.m.63 views

CVE-2024-5971

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

7.5CVSS0.02716EPSS
Exploits0References11
NVD
NVD
added 2024/06/24 6:15 p.m.63 views

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

6.5CVSS0.0073EPSS
Exploits1References2
NVD
NVD
added 2024/05/17 4:15 p.m.63 views

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

4.8CVSS5.4AI score0.00762EPSS
Exploits4References1
NVD
NVD
added 2024/05/01 6:15 a.m.63 views

CVE-2024-27018

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaroun...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References8
NVD
NVD
added 2024/03/19 2:15 p.m.63 views

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

7.1CVSS6.9AI score0.00622EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.63 views

CVE-2024-24549

Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...

7.5CVSS7.6AI score0.23072EPSS
Exploits1References6
Total number of security vulnerabilities5000