Lucene search
K
NvdMost viewed

365126 matches found

NVD
NVD
added 2019/12/16 4:15 p.m.63 views

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

6.1CVSS6.2AI score0.2102EPSS
Exploits5References3
NVD
NVD
added 2019/07/03 9:15 p.m.63 views

CVE-2019-9827

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

9.8CVSS9.4AI score0.26803EPSS
Exploits3References1
NVD
NVD
added 2018/06/26 4:29 p.m.63 views

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

9.8CVSS9.7AI score0.0406EPSS
Exploits1References2
NVD
NVD
added 2018/06/18 12:29 p.m.63 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

9.8CVSS9.6AI score0.21375EPSS
Exploits1References7
NVD
NVD
added 2013/09/28 7:55 p.m.63 views

CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

9.4CVSS6.9AI score0.58624EPSS
Exploits4References3
NVD
NVD
added 2026/05/12 3:16 a.m.62 views

CVE-2026-40135

An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of...

6.5CVSS0.01398EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 12:16 a.m.62 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS0.00202EPSS
Exploits0References4
NVD
NVD
added 2026/04/15 10:16 a.m.62 views

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS0.00758EPSS
Exploits0References10
NVD
NVD
added 2026/01/08 10:15 a.m.62 views

CVE-2026-21873

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...

7.2CVSS0.00233EPSS
Exploits1References2
NVD
NVD
added 2026/01/07 5:16 p.m.62 views

CVE-2026-22536

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions...

8.6CVSS0.00121EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 4:15 p.m.62 views

CVE-2020-36915

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

8.7CVSS0.0033EPSS
Exploits1References6
NVD
NVD
added 2025/10/22 11:15 p.m.62 views

CVE-2025-62710

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...

5.9CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2025/05/14 11:16 a.m.62 views

CVE-2025-3834

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report...

8.1CVSS0.01285EPSS
Exploits0References1
NVD
NVD
added 2025/04/30 8:15 p.m.62 views

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

7.5CVSS0.00331EPSS
Exploits2References1
NVD
NVD
added 2025/04/12 2:15 a.m.62 views

CVE-2025-29803

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally...

7.3CVSS0.00622EPSS
Exploits0References1
NVD
NVD
added 2025/03/05 4:15 p.m.62 views

CVE-2025-27497

OpenDJ is an LDAPv3 compliant directory service. OpenDJ prior to 4.9.3 contains a denial-of-service DoS vulnerability that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an ldapsear...

8.7CVSS0.0036EPSS
Exploits0References2
NVD
NVD
added 2024/12/28 7:15 a.m.62 views

CVE-2020-1822

There are multiple out of bounds OOB read vulnerabilities in the implementation of the Common Open Policy Service COPS protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities...

5.3CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2024/12/10 6:15 p.m.62 views

CVE-2024-53866

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

9.8CVSS0.00942EPSS
Exploits1References2
NVD
NVD
added 2024/12/02 6:15 p.m.62 views

CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

9.2CVSS0.00587EPSS
Exploits0References4
NVD
NVD
added 2024/11/18 3:15 p.m.62 views

CVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include SSI Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.3.11...

9.9CVSS0.00726EPSS
Exploits0References1
NVD
NVD
added 2024/10/31 1:15 a.m.62 views

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

9.8CVSS0.4457EPSS
Exploits1References3
NVD
NVD
added 2024/10/28 1:15 a.m.62 views

CVE-2024-50067

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large,...

7.8CVSS0.00233EPSS
Exploits0References5
NVD
NVD
added 2024/10/15 8:15 p.m.62 views

CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

5.1CVSS0.00501EPSS
Exploits1References2
NVD
NVD
added 2024/09/10 3:15 p.m.62 views

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

4.3CVSS0.00304EPSS
Exploits0References2
NVD
NVD
added 2024/08/12 4:15 p.m.62 views

CVE-2024-42485

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

7.5CVSS0.0057EPSS
Exploits0References2
NVD
NVD
added 2024/08/08 2:15 a.m.62 views

CVE-2024-21302

Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...

6.7CVSS0.01559EPSS
Exploits0References1
NVD
NVD
added 2024/08/05 3:15 p.m.62 views

CVE-2024-23383

Memory corruption when kernel driver attempts to trigger hardware fences...

8.4CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2024/07/24 3:15 a.m.62 views

CVE-2024-6750

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete pos...

7.5CVSS0.00285EPSS
Exploits0References2
NVD
NVD
added 2024/07/19 6:15 a.m.62 views

CVE-2024-6205

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...

9.8CVSS0.04168EPSS
Exploits4References1
NVD
NVD
added 2024/07/09 8:15 a.m.62 views

CVE-2024-6317

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...

8.8CVSS0.00605EPSS
Exploits0References3
NVD
NVD
added 2024/07/02 9:15 p.m.62 views

CVE-2024-39322

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13,...

5.5CVSS0.00481EPSS
Exploits0References6
NVD
NVD
added 2024/06/20 2:15 a.m.62 views

CVE-2023-3204

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

6.5CVSS0.00369EPSS
Exploits0References3
NVD
NVD
added 2024/06/18 8:15 a.m.62 views

CVE-2024-5533

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web script...

6.4CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2024/06/18 6:15 a.m.62 views

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance...

7.8CVSS0.04989EPSS
Exploits3References1
NVD
NVD
added 2024/06/03 4:15 p.m.62 views

CVE-2024-4540

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS7.3AI score0.00551EPSS
Exploits0References11
NVD
NVD
added 2024/05/03 3:15 a.m.62 views

CVE-2023-39472

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS6.2AI score0.01212EPSS
Exploits0References1
NVD
NVD
added 2024/03/13 9:15 p.m.62 views

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.7AI score0.00532EPSS
Exploits0References3
NVD
NVD
added 2024/02/27 4:15 p.m.62 views

CVE-2024-25399

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting XSS via adminer.php...

6.1CVSS5.7AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2024/02/27 4:15 p.m.62 views

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS7.5AI score0.01498EPSS
Exploits0References5
NVD
NVD
added 2024/01/29 12:15 a.m.62 views

CVE-2024-0988

A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument AppUserid/AppuserToken leads to improper authentication. The explo...

9.8CVSS7.2AI score0.00976EPSS
Exploits0References3
NVD
NVD
added 2023/12/15 3:15 p.m.62 views

CVE-2023-49176

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2...

7.1CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 2023/04/13 11:15 a.m.62 views

CVE-2022-45064

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

9CVSS8AI score0.01121EPSS
Exploits0References2
NVD
NVD
added 2023/02/16 9:15 p.m.62 views

CVE-2022-36369

Improper access control in some QATzip software maintained by IntelR before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.8AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2023/02/12 4:15 a.m.62 views

CVE-2022-25734

Denial of service in modem due to missing null check while processing IP packets with padding...

7.5CVSS7.5AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 9:18 p.m.62 views

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS9.5AI score0.01215EPSS
Exploits0References1
NVD
NVD
added 2023/01/11 9:15 p.m.62 views

CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS by crashing the httpd process or an arbitrary code execution...

9.8CVSS9.7AI score0.01781EPSS
Exploits0References2
NVD
NVD
added 2023/01/06 10:15 p.m.62 views

CVE-2022-41613

Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code...

7.8CVSS7.8AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2022/11/10 8:15 p.m.62 views

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

7.4CVSS0.00577EPSS
Exploits0References2
NVD
NVD
added 2022/10/11 9:15 p.m.62 views

CVE-2022-39803

Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly .sat, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

7.8CVSS0.0051EPSS
Exploits0References2
NVD
NVD
added 2022/10/11 1:15 a.m.62 views

CVE-2022-32234

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted...

9.8CVSS0.00891EPSS
Exploits0References2
Total number of security vulnerabilities5000