Lucene search
K
NvdMost viewed

364744 matches found

NVD
NVD
•added 2019/10/11 5:15 p.m.•61 views

CVE-2019-6333

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service...

7.2CVSS6.8AI score0.00532EPSS
Exploits0References2
NVD
NVD
•added 2019/06/28 9:15 p.m.•61 views

CVE-2019-10993

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code...

9.8CVSS9.9AI score0.10665EPSS
Exploits0References18
NVD
NVD
•added 2019/05/20 12:29 a.m.•61 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9CVSS9AI score0.18106EPSS
Exploits3References2
NVD
NVD
•added 2019/04/22 11:29 a.m.•61 views

CVE-2019-11416

A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...

9.3CVSS8.7AI score0.0389EPSS
Exploits5References3
NVD
NVD
•added 2018/03/14 1:29 p.m.•61 views

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

8.1CVSS8.1AI score0.73566EPSS
Exploits1References2
NVD
NVD
•added 2018/01/25 6:29 p.m.•61 views

CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...

6.5CVSS6.5AI score0.00994EPSS
Exploits0References1
NVD
NVD
•added 2015/04/10 3:0 p.m.•61 views

CVE-2015-3027

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program...

5CVSS6.1AI score0.01299EPSS
Exploits0References4
NVD
NVD
•added 2013/12/21 12:55 a.m.•61 views

CVE-2013-2627

SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...

7.5CVSS8.3AI score0.01229EPSS
Exploits2References4
NVD
NVD
•added 2011/02/09 1:0 a.m.•61 views

CVE-2011-0921

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the...

10CVSS7.7AI score0.11333EPSS
Exploits0References5
NVD
NVD
•added 2026/06/12 4:16 p.m.•60 views

CVE-2026-50020

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...

5.3CVSS0.00232EPSS
Exploits0References3
NVD
NVD
•added 2026/05/14 4:17 a.m.•60 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS0.00239EPSS
Exploits0References3
NVD
NVD
•added 2026/05/12 5:16 p.m.•60 views

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

8.3CVSS0.0012EPSS
Exploits0References1
NVD
NVD
•added 2025/06/02 8:15 p.m.•60 views

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS0.00313EPSS
Exploits0References2
NVD
NVD
•added 2025/05/06 9:16 p.m.•60 views

CVE-2025-46572

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a val...

9.3CVSS0.00369EPSS
Exploits0References2
NVD
NVD
•added 2025/01/14 8:15 p.m.•60 views

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8CVSS0.00251EPSS
Exploits0References2
NVD
NVD
•added 2025/01/05 4:15 p.m.•60 views

CVE-2025-0223

A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference...

6.8CVSS0.00349EPSS
Exploits1References4
NVD
NVD
•added 2025/01/02 4:15 p.m.•60 views

CVE-2024-12907

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...

5.3CVSS0.00385EPSS
Exploits0References1
NVD
NVD
•added 2024/12/19 7:15 a.m.•60 views

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

6.5CVSS0.00355EPSS
Exploits0References2
NVD
NVD
•added 2024/12/12 3:15 p.m.•60 views

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

7.1CVSS0.02562EPSS
Exploits0References2
NVD
NVD
•added 2024/12/12 9:15 a.m.•60 views

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

Exploits0
NVD
NVD
•added 2024/12/02 6:15 p.m.•60 views

CVE-2024-53990

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore aka cookie jar will silently replace explicitly defined Cookies with any that ha...

9.2CVSS0.00587EPSS
Exploits0References4
NVD
NVD
•added 2024/11/20 12:15 a.m.•60 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00305EPSS
Exploits0References1
NVD
NVD
•added 2024/11/14 6:15 p.m.•60 views

CVE-2024-52376

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through = 1.0.1...

10CVSS0.00496EPSS
Exploits0References1
NVD
NVD
•added 2024/09/27 6:15 p.m.•60 views

CVE-2024-46256

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate...

9.8CVSS0.03084EPSS
Exploits2References4
NVD
NVD
•added 2024/08/29 8:15 p.m.•60 views

CVE-2024-41347

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...

6.1CVSS0.00278EPSS
Exploits1References2
NVD
NVD
•added 2024/08/15 7:15 p.m.•60 views

CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

6.5CVSS0.00236EPSS
Exploits0References2
NVD
NVD
•added 2024/07/09 5:15 p.m.•60 views

CVE-2024-30013

Windows MultiPoint Services Remote Code Execution Vulnerability...

8.8CVSS0.01601EPSS
Exploits0References1
NVD
NVD
•added 2024/07/01 4:15 p.m.•60 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS0.99813EPSS
Exploits25References7
NVD
NVD
•added 2024/06/25 9:16 p.m.•60 views

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...

7.5CVSS0.00771EPSS
Exploits0References2
NVD
NVD
•added 2024/06/19 5:15 p.m.•60 views

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

8.1CVSS0.34085EPSS
Exploits1References3
NVD
NVD
•added 2024/06/09 7:15 p.m.•60 views

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

5.3CVSS0.12117EPSS
Exploits1References7
NVD
NVD
•added 2024/06/06 6:15 p.m.•60 views

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS0.26488EPSS
Exploits3References2
NVD
NVD
•added 2024/06/06 4:15 p.m.•60 views

CVE-2024-37152

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in...

7.5CVSS0.02348EPSS
Exploits0References2
NVD
NVD
•added 2024/04/09 7:15 p.m.•60 views

CVE-2024-2340

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with ...

5.3CVSS5.2AI score0.27997EPSS
Exploits1References2
NVD
NVD
•added 2024/03/23 11:15 p.m.•60 views

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/importrun.php&type=externalAssessment&step=4 URI...

8.8CVSS6.2AI score0.5132EPSS
Exploits7References2
NVD
NVD
•added 2024/03/05 5:15 p.m.•60 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

6.5CVSS6.9AI score0.00417EPSS
Exploits1References1
NVD
NVD
•added 2024/02/02 6:15 a.m.•60 views

CVE-2024-1162

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS4.2AI score0.00234EPSS
Exploits0References2
NVD
NVD
•added 2023/11/02 2:15 p.m.•60 views

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

5.4CVSS5.3AI score0.00383EPSS
Exploits0References2
NVD
NVD
•added 2023/10/25 6:17 p.m.•60 views

CVE-2023-37913

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

9.9CVSS9.6AI score0.01076EPSS
Exploits1References3
NVD
NVD
•added 2023/09/27 9:15 p.m.•60 views

CVE-2023-40026

Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 starting at least in v0.1.0, but likely in any version using Helm before 2.3, using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to le...

5CVSS4.9AI score0.005EPSS
Exploits0References2
NVD
NVD
•added 2023/09/13 5:15 p.m.•60 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

7.8CVSS6.8AI score0.00095EPSS
Exploits0References1
NVD
NVD
•added 2023/09/12 8:15 p.m.•60 views

CVE-2023-41331

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

9.8CVSS10AI score0.01344EPSS
Exploits0References2
NVD
NVD
•added 2023/08/31 6:15 p.m.•60 views

CVE-2023-41034

Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE Attacks. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if the...

9.8CVSS7.1AI score0.00568EPSS
Exploits0References5
NVD
NVD
•added 2023/08/08 8:15 p.m.•60 views

CVE-2023-36344

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...

7.8CVSS7.8AI score0.00395EPSS
Exploits2References2
NVD
NVD
•added 2023/07/25 9:15 a.m.•60 views

CVE-2023-3897

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version...

5.3CVSS4.9AI score0.01808EPSS
Exploits4References2
NVD
NVD
•added 2023/07/07 5:15 p.m.•60 views

CVE-2023-27845

SQL injection vulnerability found in PrestaShop lekerawenocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components...

9.8CVSS9.9AI score0.01038EPSS
Exploits1References2
NVD
NVD
•added 2023/07/04 2:15 a.m.•60 views

CVE-2022-32666

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014...

7.5CVSS7.5AI score0.0099EPSS
Exploits0References1
NVD
NVD
•added 2023/06/27 2:15 p.m.•60 views

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

6.5CVSS6.5AI score0.00307EPSS
Exploits1References1
NVD
NVD
•added 2023/05/27 4:15 a.m.•60 views

CVE-2023-33195

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6...

6.1CVSS5.2AI score0.00651EPSS
Exploits1References3
NVD
NVD
•added 2023/04/26 7:15 p.m.•60 views

CVE-2023-30841

Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...

6CVSS5.9AI score0.00191EPSS
Exploits1References2
Total number of security vulnerabilities5000