Lucene search
K
NvdMost viewed

364537 matches found

NVD
NVD
•added 2024/11/11 3:15 p.m.•61 views

CVE-2024-39354

If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code...

8.4CVSS0.00298EPSS
Exploits0References2
NVD
NVD
•added 2024/10/28 1:15 a.m.•61 views

CVE-2024-50067

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large,...

7.8CVSS0.00233EPSS
Exploits0References5
NVD
NVD
•added 2024/10/08 6:15 p.m.•61 views

CVE-2024-43527

Windows Kernel Elevation of Privilege Vulnerability...

7.8CVSS0.00599EPSS
Exploits0References1
NVD
NVD
•added 2024/08/20 8:15 p.m.•61 views

CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS0.00607EPSS
Exploits1References3
NVD
NVD
•added 2024/08/12 4:15 p.m.•61 views

CVE-2024-42485

Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...

7.5CVSS0.0057EPSS
Exploits0References2
NVD
NVD
•added 2024/07/24 3:15 a.m.•61 views

CVE-2024-6750

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete pos...

7.5CVSS0.00285EPSS
Exploits0References2
NVD
NVD
•added 2024/07/19 6:15 a.m.•61 views

CVE-2024-6205

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability...

9.8CVSS0.04168EPSS
Exploits4References1
NVD
NVD
•added 2024/07/11 5:15 p.m.•61 views

CVE-2024-39549

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not...

8.7CVSS0.00466EPSS
Exploits0References1
NVD
NVD
•added 2024/07/11 9:15 a.m.•61 views

CVE-2024-5680

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...

7.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
•added 2024/07/10 8:15 p.m.•61 views

CVE-2024-39693

Next.js is a React framework. A Denial of Service DoS condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later...

7.5CVSS0.0049EPSS
Exploits0References1
NVD
NVD
•added 2024/07/09 5:15 p.m.•61 views

CVE-2024-35261

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability...

7.8CVSS0.00712EPSS
Exploits0References1
NVD
NVD
•added 2024/06/18 8:15 a.m.•61 views

CVE-2024-5533

The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web script...

6.4CVSS0.00263EPSS
Exploits0References2
NVD
NVD
•added 2024/06/18 6:15 a.m.•61 views

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance...

7.8CVSS0.04989EPSS
Exploits3References1
NVD
NVD
•added 2024/06/03 4:15 p.m.•61 views

CVE-2024-4540

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...

7.5CVSS7.3AI score0.00551EPSS
Exploits0References11
NVD
NVD
•added 2024/03/13 9:15 p.m.•61 views

CVE-2023-50726

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

6.4CVSS6.7AI score0.00532EPSS
Exploits0References3
NVD
NVD
•added 2024/02/27 4:15 p.m.•61 views

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS7.5AI score0.01498EPSS
Exploits0References5
NVD
NVD
•added 2024/02/21 3:15 a.m.•61 views

CVE-2024-25603

Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...

9CVSS7.3AI score0.00558EPSS
Exploits0References1
NVD
NVD
•added 2024/02/08 9:15 p.m.•61 views

CVE-2024-24496

An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components...

9.8CVSS9.4AI score0.19503EPSS
Exploits4References1
NVD
NVD
•added 2024/02/05 11:15 p.m.•61 views

CVE-2024-0964

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

9.4CVSS7.6AI score0.00951EPSS
Exploits1References2
NVD
NVD
•added 2023/12/29 12:15 a.m.•61 views

CVE-2023-7142

A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to th...

9.8CVSS0.00644EPSS
Exploits1References3
NVD
NVD
•added 2023/12/15 3:15 p.m.•61 views

CVE-2023-49176

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2...

7.1CVSS0.00403EPSS
Exploits0References1
NVD
NVD
•added 2023/12/04 11:15 p.m.•61 views

CVE-2023-40077

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.08423EPSS
Exploits0References2
NVD
NVD
•added 2023/08/31 6:15 p.m.•61 views

CVE-2023-41045

Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice sin...

5.3CVSS4.5AI score0.00295EPSS
Exploits1References3
NVD
NVD
•added 2023/08/15 5:15 p.m.•61 views

CVE-2023-38858

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039...

6.5CVSS7.6AI score0.00898EPSS
Exploits1References2
NVD
NVD
•added 2023/07/12 10:15 a.m.•61 views

CVE-2023-22887

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the runid parameter. This vulnerability is considered low since it requires an authenticated user to exploit i...

6.5CVSS6.2AI score0.01874EPSS
Exploits0References2
NVD
NVD
•added 2023/06/23 9:15 p.m.•61 views

CVE-2023-35165

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...

8.8CVSS7.5AI score0.00897EPSS
Exploits1References2
NVD
NVD
•added 2023/05/11 10:15 p.m.•61 views

CVE-2023-32059

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.4AI score0.00725EPSS
Exploits1References2
NVD
NVD
•added 2023/05/04 2:15 a.m.•61 views

CVE-2023-25438

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files...

7.8CVSS8.1AI score0.02094EPSS
Exploits4References2
NVD
NVD
•added 2023/04/28 4:15 p.m.•61 views

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

7.6CVSS7.6AI score0.00285EPSS
Exploits0References2
NVD
NVD
•added 2023/04/13 11:15 a.m.•61 views

CVE-2022-45064

The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and...

9CVSS8AI score0.01121EPSS
Exploits0References2
NVD
NVD
•added 2023/04/03 3:15 p.m.•61 views

CVE-2022-38922

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload...

9.8CVSS9.6AI score0.01081EPSS
Exploits2References3
NVD
NVD
•added 2023/03/29 7:15 p.m.•61 views

CVE-2022-47613

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in QuantumCloud AI ChatBot plugin = 4.3.0 versions...

5.9CVSS5.4AI score0.00421EPSS
Exploits0References1
NVD
NVD
•added 2022/11/10 11:15 p.m.•61 views

CVE-2022-41878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

9.8CVSS0.00875EPSS
Exploits0References1
NVD
NVD
•added 2022/10/11 1:15 a.m.•61 views

CVE-2022-32234

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted...

9.8CVSS0.00891EPSS
Exploits0References2
NVD
NVD
•added 2022/10/07 10:15 p.m.•61 views

CVE-2022-41442

PicUploader v2.6.3 was discovered to contain cross-site scripting XSS vulnerability via the setStorageParams function in SettingController.php...

6.1CVSS0.00433EPSS
Exploits1References2
NVD
NVD
•added 2022/08/19 9:15 p.m.•61 views

CVE-2022-36009

gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the "eventsdefault" key of the m.room.powerlevels event, defaulting the event default...

8.8CVSS0.0065EPSS
Exploits0References3
NVD
NVD
•added 2022/02/09 9:15 p.m.•61 views

CVE-2022-23615

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...

5.5CVSS0.00684EPSS
Exploits0References3
NVD
NVD
•added 2021/07/09 3:15 p.m.•61 views

CVE-2021-27034

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code...

7.8CVSS0.02208EPSS
Exploits0References9
NVD
NVD
•added 2021/04/16 6:15 p.m.•61 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS0.01167EPSS
Exploits0References2
NVD
NVD
•added 2021/03/18 2:15 p.m.•61 views

CVE-2021-21625

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances...

4.3CVSS0.00722EPSS
Exploits0References2
NVD
NVD
•added 2021/03/04 9:15 p.m.•61 views

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

9.8CVSS0.0711EPSS
Exploits2References1
NVD
NVD
•added 2021/03/01 10:15 p.m.•61 views

CVE-2021-27878

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to ga...

9CVSS0.23952EPSS
Exploits4References3
NVD
NVD
•added 2021/02/09 6:15 p.m.•61 views

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

6.5CVSS0.01555EPSS
Exploits0References4
NVD
NVD
•added 2020/05/04 4:15 p.m.•61 views

CVE-2020-12109

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304...

9CVSS8.8AI score0.74338EPSS
Exploits6References4
NVD
NVD
•added 2020/04/30 11:15 p.m.•61 views

CVE-2020-11016

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue...

9.1CVSS9.5AI score0.02334EPSS
Exploits0References4
NVD
NVD
•added 2019/10/11 5:15 p.m.•61 views

CVE-2019-6333

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service...

7.2CVSS6.8AI score0.00532EPSS
Exploits0References2
NVD
NVD
•added 2019/06/28 9:15 p.m.•61 views

CVE-2019-10993

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code...

9.8CVSS9.9AI score0.10665EPSS
Exploits0References18
NVD
NVD
•added 2019/04/22 11:29 a.m.•61 views

CVE-2019-11416

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...

9.3CVSS8.7AI score0.0389EPSS
Exploits5References3
NVD
NVD
•added 2018/03/14 1:29 p.m.•61 views

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

8.1CVSS8.1AI score0.73566EPSS
Exploits1References2
NVD
NVD
•added 2018/01/25 6:29 p.m.•61 views

CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...

6.5CVSS6.5AI score0.00994EPSS
Exploits0References1
Total number of security vulnerabilities5000