Lucene search
K
NvdMost viewed

363767 matches found

NVD
NVD
•added 2022/02/09 9:15 p.m.•61 views

CVE-2022-23615

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...

5.5CVSS0.00684EPSS
Exploits0References3
NVD
NVD
•added 2021/07/09 3:15 p.m.•61 views

CVE-2021-27034

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code...

7.8CVSS0.02208EPSS
Exploits0References9
NVD
NVD
•added 2021/04/16 6:15 p.m.•61 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS0.01167EPSS
Exploits0References2
NVD
NVD
•added 2021/03/22 8:15 p.m.•61 views

CVE-2021-22321

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include...

5.3CVSS0.00715EPSS
Exploits0References1
NVD
NVD
•added 2021/03/18 2:15 p.m.•61 views

CVE-2021-21625

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances...

4.3CVSS0.00722EPSS
Exploits0References2
NVD
NVD
•added 2021/03/01 10:15 p.m.•61 views

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

9CVSS0.23952EPSS
Exploits4References3
NVD
NVD
•added 2021/02/09 6:15 p.m.•61 views

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

6.5CVSS0.01555EPSS
Exploits0References4
NVD
NVD
•added 2020/05/04 4:15 p.m.•61 views

CVE-2020-12109

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...

9CVSS8.8AI score0.74338EPSS
Exploits6References4
NVD
NVD
•added 2020/04/30 11:15 p.m.•61 views

CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

9.1CVSS9.5AI score0.02334EPSS
Exploits0References4
NVD
NVD
•added 2019/12/16 4:15 p.m.•61 views

CVE-2019-19368

A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts...

6.1CVSS6.2AI score0.2102EPSS
Exploits5References3
NVD
NVD
•added 2019/10/11 5:15 p.m.•61 views

CVE-2019-6333

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service...

7.2CVSS6.8AI score0.00532EPSS
Exploits0References2
NVD
NVD
•added 2019/04/22 11:29 a.m.•61 views

CVE-2019-11416

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...

9.3CVSS8.7AI score0.0389EPSS
Exploits5References3
NVD
NVD
•added 2018/06/18 12:29 p.m.•61 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

9.8CVSS9.6AI score0.21375EPSS
Exploits1References7
NVD
NVD
•added 2018/03/14 1:29 p.m.•61 views

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

8.1CVSS8.1AI score0.73566EPSS
Exploits1References2
NVD
NVD
•added 2018/01/25 6:29 p.m.•61 views

CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...

6.5CVSS6.5AI score0.00994EPSS
Exploits0References1
NVD
NVD
•added 2015/04/24 2:59 p.m.•61 views

CVE-2015-0297

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...

9CVSS7.6AI score0.02196EPSS
Exploits0References2
NVD
NVD
•added 2015/04/10 3:0 p.m.•61 views

CVE-2015-3027

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...

5CVSS6.1AI score0.01299EPSS
Exploits0References4
NVD
NVD
•added 2013/12/21 12:55 a.m.•61 views

CVE-2013-2627

SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...

7.5CVSS8.3AI score0.01229EPSS
Exploits2References4
NVD
NVD
•added 2026/06/12 10:16 p.m.•60 views

CVE-2026-46716

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS0.00339EPSS
Exploits1References1
NVD
NVD
•added 2026/05/14 4:17 a.m.•60 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS0.00239EPSS
Exploits0References3
NVD
NVD
•added 2026/05/12 5:16 p.m.•60 views

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

8.3CVSS0.0012EPSS
Exploits0References1
NVD
NVD
•added 2025/06/02 8:15 p.m.•60 views

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS0.00313EPSS
Exploits0References2
NVD
NVD
•added 2025/05/06 9:16 p.m.•60 views

CVE-2025-46572

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS0.00369EPSS
Exploits0References2
NVD
NVD
•added 2025/04/30 8:15 p.m.•60 views

CVE-2025-2082

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

7.5CVSS0.00331EPSS
Exploits2References1
NVD
NVD
•added 2025/01/20 4:15 p.m.•60 views

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit...

8.1CVSS0.00239EPSS
Exploits1References2
NVD
NVD
•added 2025/01/02 4:15 p.m.•60 views

CVE-2024-12907

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...

5.3CVSS0.00385EPSS
Exploits0References1
NVD
NVD
•added 2024/12/12 3:15 p.m.•60 views

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

7.1CVSS0.02562EPSS
Exploits0References2
NVD
NVD
•added 2024/12/12 9:15 a.m.•60 views

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

Exploits0
NVD
NVD
•added 2024/12/03 5:15 p.m.•60 views

CVE-2024-25019

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

9.8CVSS0.00275EPSS
Exploits0References1
NVD
NVD
•added 2024/11/20 7:15 a.m.•60 views

CVE-2024-10855

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirvuploadfilebychunks function and lack of in all versions up to, and including...

8.1CVSS0.00517EPSS
Exploits0References3
NVD
NVD
•added 2024/11/14 6:15 p.m.•60 views

CVE-2024-52376

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through = 1.0.1...

10CVSS0.00496EPSS
Exploits0References1
NVD
NVD
•added 2024/09/30 9:15 a.m.•60 views

CVE-2024-45772

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users ar...

8CVSS0.00582EPSS
Exploits0References2
NVD
NVD
•added 2024/07/01 4:15 p.m.•60 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS0.99813EPSS
Exploits25References7
NVD
NVD
•added 2024/06/19 5:15 p.m.•60 views

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

8.1CVSS0.34085EPSS
Exploits1References3
NVD
NVD
•added 2024/06/18 8:15 a.m.•60 views

CVE-2024-5533

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web script...

6.4CVSS0.00263EPSS
Exploits0References2
NVD
NVD
•added 2024/06/09 7:15 p.m.•60 views

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS0.12117EPSS
Exploits1References7
NVD
NVD
•added 2024/06/06 6:15 p.m.•60 views

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS0.26488EPSS
Exploits3References2
NVD
NVD
•added 2024/06/06 4:15 p.m.•60 views

CVE-2024-37152

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in...

7.5CVSS0.02348EPSS
Exploits0References2
NVD
NVD
•added 2024/05/01 6:15 a.m.•60 views

CVE-2024-27018

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaroun...

7.8CVSS7.2AI score0.00234EPSS
Exploits0References8
NVD
NVD
•added 2024/04/09 7:15 p.m.•60 views

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

5.3CVSS5.2AI score0.27997EPSS
Exploits1References2
NVD
NVD
•added 2024/03/23 11:15 p.m.•60 views

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/importrun.php&type=externalAssessment&step=4 URI...

8.8CVSS6.2AI score0.5132EPSS
Exploits7References2
NVD
NVD
•added 2024/03/13 9:15 p.m.•60 views

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.7AI score0.00532EPSS
Exploits0References3
NVD
NVD
•added 2024/03/05 5:15 p.m.•60 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

6.5CVSS6.9AI score0.00417EPSS
Exploits1References1
NVD
NVD
•added 2024/02/27 4:15 p.m.•60 views

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS7.5AI score0.01498EPSS
Exploits0References5
NVD
NVD
•added 2024/02/21 3:15 a.m.•60 views

CVE-2024-25603

Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...

9CVSS7.3AI score0.00558EPSS
Exploits0References1
NVD
NVD
•added 2024/02/05 11:15 p.m.•60 views

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

9.4CVSS7.6AI score0.00951EPSS
Exploits1References2
NVD
NVD
•added 2024/02/02 6:15 a.m.•60 views

CVE-2024-1162

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS4.2AI score0.00234EPSS
Exploits0References2
NVD
NVD
•added 2023/12/29 12:15 a.m.•60 views

CVE-2023-7142

A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to th...

9.8CVSS0.00644EPSS
Exploits1References3
NVD
NVD
•added 2023/09/13 5:15 p.m.•60 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

7.8CVSS6.8AI score0.00095EPSS
Exploits0References1
NVD
NVD
•added 2023/09/12 8:15 p.m.•60 views

CVE-2023-41331

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

9.8CVSS10AI score0.01344EPSS
Exploits0References2
Total number of security vulnerabilities5000