Lucene search
K
NvdMost viewed

363813 matches found

NVD
NVD
•added 2021/09/07 8:15 p.m.•63 views

CVE-2021-39503

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

7.2CVSS0.0282EPSS
Exploits1References2
NVD
NVD
•added 2021/06/21 5:15 p.m.•63 views

CVE-2021-0508

In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

7CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2021/06/21 5:15 p.m.•63 views

CVE-2021-0522

In ConnectionHandler::SdpCb of connectionhandler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.5CVSS0.01383EPSS
Exploits0References1
NVD
NVD
•added 2021/05/14 8:15 p.m.•63 views

CVE-2021-29575

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

5.5CVSS0.00198EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 8:15 p.m.•63 views

CVE-2021-29546

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS0.00201EPSS
Exploits1References2
NVD
NVD
•added 2020/03/19 2:15 p.m.•63 views

CVE-2020-10675

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service infinite loop via a Delete call...

7.5CVSS7.2AI score0.02473EPSS
Exploits1References3
NVD
NVD
•added 2018/09/17 4:29 a.m.•63 views

CVE-2018-17132

admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...

7.2CVSS7.3AI score0.01841EPSS
Exploits1References1
NVD
NVD
•added 2018/06/26 4:29 p.m.•63 views

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

9.8CVSS9.7AI score0.0406EPSS
Exploits1References2
NVD
NVD
•added 2026/04/15 10:16 a.m.•62 views

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS0.00758EPSS
Exploits0References10
NVD
NVD
•added 2026/01/08 10:15 a.m.•62 views

CVE-2026-21873

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...

7.2CVSS0.00233EPSS
Exploits1References2
NVD
NVD
•added 2026/01/07 5:16 p.m.•62 views

CVE-2026-22536

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

8.6CVSS0.00121EPSS
Exploits0References1
NVD
NVD
•added 2026/01/06 4:15 p.m.•62 views

CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

8.7CVSS0.0033EPSS
Exploits1References6
NVD
NVD
•added 2025/05/23 4:15 p.m.•62 views

CVE-2025-48377

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue...

6CVSS0.00198EPSS
Exploits0References2
NVD
NVD
•added 2025/05/14 11:16 a.m.•62 views

CVE-2025-3834

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...

8.1CVSS0.01285EPSS
Exploits0References1
NVD
NVD
•added 2025/04/12 2:15 a.m.•62 views

CVE-2025-29803

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally...

7.3CVSS0.00622EPSS
Exploits0References1
NVD
NVD
•added 2025/03/05 4:15 p.m.•62 views

CVE-2025-27497

OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service DoS vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsear...

8.7CVSS0.0036EPSS
Exploits0References2
NVD
NVD
•added 2025/01/21 10:15 p.m.•62 views

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using sh -c. An attacker with authenticated...

8.8CVSS0.01236EPSS
Exploits0References2
NVD
NVD
•added 2024/12/28 7:15 a.m.•62 views

CVE-2020-1822

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

5.3CVSS0.00249EPSS
Exploits0References1
NVD
NVD
•added 2024/12/27 10:15 a.m.•62 views

CVE-2024-3393

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall t...

8.7CVSS0.26636EPSS
Exploits0References2
NVD
NVD
•added 2024/11/18 3:15 p.m.•62 views

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

9.9CVSS0.00726EPSS
Exploits0References1
NVD
NVD
•added 2024/10/31 1:15 a.m.•62 views

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS0.4457EPSS
Exploits1References3
NVD
NVD
•added 2024/10/15 8:15 p.m.•62 views

CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

5.1CVSS0.00501EPSS
Exploits1References2
NVD
NVD
•added 2024/09/17 8:15 p.m.•62 views

CVE-2024-45812

Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptle...

6.4CVSS0.00636EPSS
Exploits0References5
NVD
NVD
•added 2024/09/10 3:15 p.m.•62 views

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

4.3CVSS0.00304EPSS
Exploits0References2
NVD
NVD
•added 2024/09/04 5:15 p.m.•62 views

CVE-2024-20439

A vulnerability in Cisco Smart Licensing Utility CSLU could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could...

9.8CVSS0.9201EPSS
Exploits0References2
NVD
NVD
•added 2024/08/08 2:15 a.m.•62 views

CVE-2024-21302

Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...

6.7CVSS0.01559EPSS
Exploits0References1
NVD
NVD
•added 2024/08/05 3:15 p.m.•62 views

CVE-2024-23383

Memory corruption when kernel driver attempts to trigger hardware fences...

8.4CVSS0.00111EPSS
Exploits0References1
NVD
NVD
•added 2024/07/02 9:15 p.m.•62 views

CVE-2024-39322

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...

5.5CVSS0.00481EPSS
Exploits0References6
NVD
NVD
•added 2024/06/20 2:15 a.m.•62 views

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

6.5CVSS0.00369EPSS
Exploits0References3
NVD
NVD
•added 2024/05/03 3:15 a.m.•62 views

CVE-2023-39472

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS6.2AI score0.01212EPSS
Exploits0References1
NVD
NVD
•added 2024/05/01 6:15 a.m.•62 views

CVE-2024-27018

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaroun...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References8
NVD
NVD
•added 2024/01/29 12:15 a.m.•62 views

CVE-2024-0988

A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument AppUserid/AppuserToken leads to improper authentication. The explo...

9.8CVSS7.2AI score0.00976EPSS
Exploits0References3
NVD
NVD
•added 2023/08/10 2:15 p.m.•62 views

CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

4.8CVSS5AI score0.00446EPSS
Exploits0References3
NVD
NVD
•added 2023/06/06 7:15 p.m.•62 views

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS8.1AI score0.0087EPSS
Exploits1References5
NVD
NVD
•added 2023/02/16 9:15 p.m.•62 views

CVE-2022-36369

Improper access control in some QATzip software maintained by IntelR before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.8AI score0.00251EPSS
Exploits0References1
NVD
NVD
•added 2023/02/12 4:15 a.m.•62 views

CVE-2022-25734

Denial of service in modem due to missing null check while processing IP packets with padding...

7.5CVSS7.5AI score0.00406EPSS
Exploits0References1
NVD
NVD
•added 2023/01/26 9:18 p.m.•62 views

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS9.5AI score0.01215EPSS
Exploits0References1
NVD
NVD
•added 2022/10/11 9:15 p.m.•62 views

CVE-2022-39803

Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly .sat, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

7.8CVSS0.0051EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 11:15 p.m.•62 views

CVE-2022-36012

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

7.5CVSS0.00547EPSS
Exploits0References3
NVD
NVD
•added 2022/07/19 3:15 p.m.•62 views

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

9.8CVSS0.09477EPSS
Exploits5References2
NVD
NVD
•added 2022/06/24 4:15 p.m.•62 views

CVE-2022-20828

A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerabilit...

9CVSS0.4831EPSS
Exploits4References3
NVD
NVD
•added 2022/04/13 7:15 p.m.•62 views

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

9.8CVSS0.00948EPSS
Exploits0References2
NVD
NVD
•added 2022/03/25 8:15 p.m.•62 views

CVE-2022-27920

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0...

6.1CVSS0.00855EPSS
Exploits0References3
NVD
NVD
•added 2022/03/23 10:15 p.m.•62 views

CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5...

9.9CVSS0.01201EPSS
Exploits0References5
NVD
NVD
•added 2021/03/12 5:15 p.m.•62 views

CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running in discoverable mode, Bluetooth service requests and pairing requests are automatically accepted, allowing physically...

8.1CVSS0.00514EPSS
Exploits0References6
NVD
NVD
•added 2021/03/04 1:15 p.m.•62 views

CVE-2020-24914

A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...

9.8CVSS0.05554EPSS
Exploits3References5
NVD
NVD
•added 2021/02/26 5:15 p.m.•62 views

CVE-2021-21297

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...

7.7CVSS0.01397EPSS
Exploits0References4
NVD
NVD
•added 2020/12/31 9:15 a.m.•62 views

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

9.8CVSS9.4AI score0.01515EPSS
Exploits0References1
NVD
NVD
•added 2020/09/17 8:15 p.m.•62 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

6.1CVSS0.01982EPSS
Exploits5References3
NVD
NVD
•added 2020/05/18 10:15 p.m.•62 views

CVE-2020-13094

Dolibarr before 11.0.4 allows XSS...

5.4CVSS5.4AI score0.01145EPSS
Exploits4References3
Total number of security vulnerabilities5000