Lucene search
K
NvdMost viewed

363779 matches found

NVD
NVD
added 2023/08/08 8:15 p.m.60 views

CVE-2023-36344

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature...

7.8CVSS7.8AI score0.00395EPSS
Exploits2References2
NVD
NVD
added 2023/07/07 5:15 p.m.60 views

CVE-2023-27845

SQL injection vulnerability found in PrestaShop lekerawenocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components...

9.8CVSS9.9AI score0.00783EPSS
Exploits1References2
NVD
NVD
added 2023/07/04 2:15 a.m.60 views

CVE-2022-32666

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014...

7.5CVSS7.5AI score0.0099EPSS
Exploits0References1
NVD
NVD
added 2023/05/27 4:15 a.m.60 views

CVE-2023-33195

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6...

6.1CVSS5.2AI score0.00651EPSS
Exploits1References3
NVD
NVD
added 2023/04/26 7:15 p.m.60 views

CVE-2023-30841

Baremetal Operator BMO is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh store their .htpasswd files as ConfigMaps instead of Secrets. This causes the plain-text usernam...

6CVSS5.9AI score0.00191EPSS
Exploits1References2
NVD
NVD
added 2023/03/27 10:15 p.m.60 views

CVE-2022-48361

The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...

5.3CVSS5.3AI score0.004EPSS
Exploits0References2
NVD
NVD
added 2023/03/23 9:15 p.m.60 views

CVE-2023-24788

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customerdelivery.php...

8.8CVSS8.9AI score0.03088EPSS
Exploits4References5
NVD
NVD
added 2023/03/08 6:15 p.m.60 views

CVE-2023-1275

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross...

6.1CVSS4.6AI score0.00557EPSS
Exploits1References3
NVD
NVD
added 2023/02/28 11:15 p.m.60 views

CVE-2023-25575

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS7.4AI score0.00604EPSS
Exploits0References2
NVD
NVD
added 2023/01/26 9:18 p.m.60 views

CVE-2023-24452

A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

8.8CVSS8.7AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 9:18 p.m.60 views

CVE-2023-24423

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

6.5CVSS6.4AI score0.00487EPSS
Exploits0References1
NVD
NVD
added 2022/09/13 6:15 p.m.60 views

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

6.3CVSS0.00681EPSS
Exploits0References3
NVD
NVD
added 2022/04/11 8:15 p.m.60 views

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

10CVSS0.05013EPSS
Exploits0References1
NVD
NVD
added 2021/12/15 7:15 p.m.60 views

CVE-2021-1008

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product:...

4.4CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2021/11/02 6:15 p.m.60 views

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

6.3CVSS0.00496EPSS
Exploits0References2
NVD
NVD
added 2021/09/27 5:15 p.m.60 views

CVE-2021-41753

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames...

7.8CVSS0.0482EPSS
Exploits0References1
NVD
NVD
added 2021/09/07 10:15 a.m.60 views

CVE-2021-36162

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS0.02019EPSS
Exploits0References1
NVD
NVD
added 2021/08/12 9:15 p.m.60 views

CVE-2021-37700

@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...

6.5CVSS0.0166EPSS
Exploits1References4
NVD
NVD
added 2021/08/12 6:15 p.m.60 views

CVE-2021-34478

Microsoft Office Remote Code Execution Vulnerability...

7.8CVSS0.54383EPSS
Exploits0References2
NVD
NVD
added 2021/06/22 12:15 p.m.60 views

CVE-2021-0549

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.4CVSS0.00117EPSS
Exploits0References1
NVD
NVD
added 2021/04/15 7:15 p.m.60 views

CVE-2021-31402

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669...

7.5CVSS0.01158EPSS
Exploits1References1
NVD
NVD
added 2021/03/10 5:15 p.m.60 views

CVE-2021-0463

In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS0.00136EPSS
Exploits0References1
NVD
NVD
added 2021/03/04 9:15 p.m.60 views

CVE-2021-26293

An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files such as an executable file under the web root. This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x...

9.8CVSS0.0711EPSS
Exploits2References1
NVD
NVD
added 2020/12/21 10:15 p.m.60 views

CVE-2020-26277

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a syst...

6.1CVSS6.2AI score0.01186EPSS
Exploits0References2
NVD
NVD
added 2020/10/14 2:15 p.m.60 views

CVE-2020-0400

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added 2019/06/28 9:15 p.m.60 views

CVE-2019-10993

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code...

9.8CVSS9.9AI score0.10665EPSS
Exploits0References18
NVD
NVD
added 2019/05/20 12:29 a.m.60 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9CVSS9AI score0.18106EPSS
Exploits3References2
NVD
NVD
added 2011/10/25 7:55 p.m.60 views

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors related to 1 the DOMWindow::clear function and use of a selection object, 2 the...

4.3CVSS5.5AI score0.01779EPSS
Exploits0References15
NVD
NVD
added 2011/02/09 1:0 a.m.60 views

CVE-2011-0921

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the...

10CVSS7.7AI score0.11333EPSS
Exploits0References5
NVD
NVD
added 2007/03/02 9:18 p.m.60 views

CVE-2007-1167

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

5CVSS6.6AI score0.03924EPSS
Exploits1References6
NVD
NVD
added 2026/06/12 4:16 p.m.59 views

CVE-2026-50020

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...

5.3CVSS0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 10:16 p.m.59 views

CVE-2026-32993

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

8.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.59 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 1:16 p.m.59 views

CVE-2022-50968

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS0.00252EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 1:16 a.m.59 views

CVE-2026-8216

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

7.5CVSS0.00391EPSS
Exploits0References4
NVD
NVD
added 2026/05/09 11:16 p.m.59 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/05/09 9:16 p.m.59 views

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS0.00463EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 12:16 p.m.59 views

CVE-2026-43530

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...

8.8CVSS0.00356EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 3:16 a.m.59 views

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

8.4CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2025/05/27 9:15 p.m.59 views

CVE-2025-5198

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...

5.4CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 2025/03/14 9:15 p.m.59 views

CVE-2025-2308

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Zscaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed...

7.8CVSS0.00364EPSS
Exploits1References4
NVD
NVD
added 2025/03/11 5:16 p.m.59 views

CVE-2025-24071

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS0.25068EPSS
Exploits21References3
NVD
NVD
added 2025/02/19 5:15 p.m.59 views

CVE-2025-27089

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS0.0022EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 6:15 p.m.59 views

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...

9.1CVSS0.12829EPSS
Exploits3References2
NVD
NVD
added 2025/01/05 4:15 p.m.59 views

CVE-2025-0223

A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference...

6.8CVSS0.00349EPSS
Exploits1References4
NVD
NVD
added 2024/12/19 7:15 a.m.59 views

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

6.5CVSS0.00355EPSS
Exploits0References2
NVD
NVD
added 2024/12/04 9:15 p.m.59 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00376EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 10:15 a.m.59 views

CVE-2024-11032

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00449EPSS
Exploits0References4
NVD
NVD
added 2024/11/25 6:15 p.m.59 views

CVE-2024-7915

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

7.8CVSS0.00151EPSS
Exploits0References1
NVD
NVD
added 2024/11/20 12:15 a.m.59 views

CVE-2018-9467

In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00305EPSS
Exploits0References1
Total number of security vulnerabilities5000