Lucene search
K
NvdMost viewed

364869 matches found

NVD
NVD
•added 2025/04/20 3:15 a.m.•63 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS0.00178EPSS
Exploits1References5
NVD
NVD
•added 2025/04/20 1:15 a.m.•63 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...

5.3CVSS0.00403EPSS
Exploits1References4
NVD
NVD
•added 2024/12/27 10:15 a.m.•63 views

CVE-2024-3393

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall t...

8.7CVSS0.26636EPSS
Exploits0References2
NVD
NVD
•added 2024/12/13 2:15 p.m.•63 views

CVE-2024-55889

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent...

7.2CVSS0.02163EPSS
Exploits3References2
NVD
NVD
•added 2024/11/21 5:15 p.m.•63 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

9.8CVSS0.02273EPSS
Exploits1References3
NVD
NVD
•added 2024/11/19 5:15 p.m.•63 views

CVE-2024-51831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aboutorab Pourhaghani Persian Nested Show/Hide Text persian-nested-showhide-text allows Stored XSS.This issue affects Persian Nested Show/Hide Text: from n/a through = 1.5...

6.5CVSS0.00374EPSS
Exploits0References1
NVD
NVD
•added 2024/11/15 4:15 p.m.•63 views

CVE-2024-51497

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...

5.4CVSS0.00396EPSS
Exploits1References2
NVD
NVD
•added 2024/11/12 8:15 p.m.•63 views

CVE-2024-2208

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities...

8.8CVSS0.00167EPSS
Exploits0References1
NVD
NVD
•added 2024/09/30 9:15 a.m.•63 views

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

8CVSS0.00582EPSS
Exploits0References2
NVD
NVD
•added 2024/07/09 5:15 p.m.•63 views

CVE-2024-37334

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...

8.8CVSS0.01645EPSS
Exploits0References1
NVD
NVD
•added 2024/07/08 9:15 p.m.•63 views

CVE-2024-5971

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

7.5CVSS0.02716EPSS
Exploits0References11
NVD
NVD
•added 2024/06/24 6:15 p.m.•63 views

CVE-2023-49793

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...

6.5CVSS0.0073EPSS
Exploits1References2
NVD
NVD
•added 2024/05/17 4:15 p.m.•63 views

CVE-2024-34241

A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...

4.8CVSS5.4AI score0.00762EPSS
Exploits4References1
NVD
NVD
•added 2024/03/19 2:15 p.m.•63 views

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through = 2.5...

7.1CVSS6.9AI score0.00622EPSS
Exploits0References2
NVD
NVD
•added 2023/12/29 11:15 a.m.•63 views

CVE-2023-50901

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8...

7.1CVSS0.00351EPSS
Exploits0References1
NVD
NVD
•added 2023/12/21 6:15 p.m.•63 views

CVE-2023-50831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0...

6.5CVSS0.00517EPSS
Exploits1References1
NVD
NVD
•added 2023/10/11 4:15 p.m.•63 views

CVE-2023-34365

A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability...

9.8CVSS9.7AI score0.00773EPSS
Exploits0References2
NVD
NVD
•added 2023/10/10 6:15 p.m.•63 views

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

7.8CVSS8.1AI score0.01056EPSS
Exploits0References1
NVD
NVD
•added 2023/10/05 2:15 p.m.•63 views

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

6.1CVSS6AI score0.00363EPSS
Exploits0References2
NVD
NVD
•added 2023/10/04 9:15 p.m.•63 views

CVE-2023-44389

Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...

4.8CVSS4.3AI score0.00404EPSS
Exploits0References3
NVD
NVD
•added 2023/08/14 10:15 p.m.•63 views

CVE-2023-21284

In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00167EPSS
Exploits0References2
NVD
NVD
•added 2023/08/10 2:15 p.m.•63 views

CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

4.8CVSS5AI score0.00446EPSS
Exploits0References3
NVD
NVD
•added 2023/08/04 4:15 p.m.•63 views

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

9.3CVSS9.1AI score0.00229EPSS
Exploits0References7
NVD
NVD
•added 2023/07/21 5:15 a.m.•63 views

CVE-2023-3815

A vulnerability, which was classified as problematic, has been found in yproject RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched...

6.1CVSS4.4AI score0.00513EPSS
Exploits1References3
NVD
NVD
•added 2023/06/30 7:15 p.m.•63 views

CVE-2023-36477

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

9CVSS9.1AI score0.00903EPSS
Exploits1References4
NVD
NVD
•added 2023/06/28 3:15 p.m.•63 views

CVE-2023-34933

A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS7.5AI score0.00848EPSS
Exploits1References1
NVD
NVD
•added 2023/06/06 7:15 p.m.•63 views

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS8.1AI score0.0087EPSS
Exploits1References5
NVD
NVD
•added 2023/06/06 7:15 p.m.•63 views

CVE-2023-33653

Sitecore Experience Platform XP v9.3 was discovered to contain an authenticated remote code execution RCE vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML...

8.8CVSS9.1AI score0.02086EPSS
Exploits1References1
NVD
NVD
•added 2023/01/27 7:15 p.m.•63 views

CVE-2021-41231

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

7.2CVSS7.3AI score0.01235EPSS
Exploits0References4
NVD
NVD
•added 2023/01/26 9:18 p.m.•63 views

CVE-2023-23611

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.5AI score0.00384EPSS
Exploits0References1
NVD
NVD
•added 2023/01/20 10:15 p.m.•63 views

CVE-2023-24028

In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function...

9.8CVSS9.6AI score0.00702EPSS
Exploits0References1
NVD
NVD
•added 2022/10/03 3:15 p.m.•63 views

CVE-2022-40721

Arbitrary file upload vulnerability in php uploader...

9.8CVSS0.01087EPSS
Exploits1References3
NVD
NVD
•added 2022/06/09 1:15 p.m.•63 views

CVE-2022-31027

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS0.00434EPSS
Exploits0References1
NVD
NVD
•added 2022/01/28 10:15 p.m.•63 views

CVE-2022-21721

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

7.5CVSS0.02153EPSS
Exploits0References3
NVD
NVD
•added 2021/12/15 3:15 p.m.•63 views

CVE-2021-42293

Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability...

6.5CVSS0.02804EPSS
Exploits0References1
NVD
NVD
•added 2021/10/28 4:15 p.m.•63 views

CVE-2021-22097

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

6.8CVSS0.01037EPSS
Exploits0References1
NVD
NVD
•added 2021/09/07 8:15 p.m.•63 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS0.0282EPSS
Exploits1References2
NVD
NVD
•added 2021/06/21 5:15 p.m.•63 views

CVE-2021-0508

In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

7CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2021/05/14 8:15 p.m.•63 views

CVE-2021-29575

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

5.5CVSS0.00198EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 8:15 p.m.•63 views

CVE-2021-29546

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS0.00201EPSS
Exploits1References2
NVD
NVD
•added 2021/03/12 5:15 p.m.•63 views

CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running in discoverable mode, Bluetooth service requests and pairing requests are automatically accepted, allowing physically...

8.1CVSS0.00514EPSS
Exploits0References6
NVD
NVD
•added 2020/05/18 10:15 p.m.•63 views

CVE-2020-13094

Dolibarr before 11.0.4 allows XSS...

5.4CVSS5.4AI score0.01145EPSS
Exploits4References3
NVD
NVD
•added 2020/03/19 2:15 p.m.•63 views

CVE-2020-10675

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service infinite loop via a Delete call...

7.5CVSS7.2AI score0.02473EPSS
Exploits1References3
NVD
NVD
•added 2019/12/16 4:15 p.m.•63 views

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

6.1CVSS6.2AI score0.2102EPSS
Exploits5References3
NVD
NVD
•added 2019/07/03 9:15 p.m.•63 views

CVE-2019-9827

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

9.8CVSS9.4AI score0.26803EPSS
Exploits3References1
NVD
NVD
•added 2018/09/17 4:29 a.m.•63 views

CVE-2018-17132

admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...

7.2CVSS7.3AI score0.02107EPSS
Exploits1References1
NVD
NVD
•added 2018/06/26 4:29 p.m.•63 views

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

9.8CVSS9.7AI score0.0406EPSS
Exploits1References2
NVD
NVD
•added 2018/06/18 12:29 p.m.•63 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

9.8CVSS9.6AI score0.21375EPSS
Exploits1References7
NVD
NVD
•added 2013/09/28 7:55 p.m.•63 views

CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

9.4CVSS6.9AI score0.58624EPSS
Exploits4References3
NVD
NVD
•added 2009/05/04 6:30 p.m.•63 views

CVE-2009-1516

Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web...

7.5CVSS7.9AI score0.03208EPSS
Exploits1References2
Total number of security vulnerabilities5000