Lucene search
K
NvdMost viewed

363745 matches found

NVD
NVD
added 2024/07/10 6:15 p.m.59 views

CVE-2024-6646

A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information...

6.9CVSS0.45681EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 5:15 p.m.59 views

CVE-2024-35261

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability...

7.8CVSS0.00712EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.59 views

CVE-2024-30013

Windows MultiPoint Services Remote Code Execution Vulnerability...

8.8CVSS0.01614EPSS
Exploits0References1
NVD
NVD
added 2024/06/28 8:15 p.m.59 views

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS0.03452EPSS
Exploits0References1
NVD
NVD
added 2024/06/27 11:15 a.m.59 views

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS0.05582EPSS
Exploits1References21
NVD
NVD
added 2024/06/25 9:16 p.m.59 views

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...

7.5CVSS0.00771EPSS
Exploits0References2
NVD
NVD
added 2024/06/19 5:15 p.m.59 views

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...

8.1CVSS0.34085EPSS
Exploits1References3
NVD
NVD
added 2024/06/05 6:15 p.m.59 views

CVE-2024-5037

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue "iss" check during JSON web token JWT authentication...

7.5CVSS7.5AI score0.00814EPSS
Exploits0References9
NVD
NVD
added 2024/05/16 7:15 p.m.59 views

CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

4.9CVSS5.1AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2024/04/16 6:15 a.m.59 views

CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS7.9AI score0.01191EPSS
Exploits2References2
NVD
NVD
added 2024/03/23 11:15 p.m.59 views

CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/importrun.php&type=externalAssessment&step=4 URI...

8.8CVSS6.2AI score0.5132EPSS
Exploits7References2
NVD
NVD
added 2024/02/13 7:15 a.m.59 views

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS6.2AI score0.00697EPSS
Exploits0References3
NVD
NVD
added 2024/01/17 9:15 p.m.59 views

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

6.5CVSS6.9AI score0.00409EPSS
Exploits1References1
NVD
NVD
added 2024/01/02 10:15 p.m.59 views

CVE-2024-21632

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

9.8CVSS8.9AI score0.00904EPSS
Exploits1References3
NVD
NVD
added 2023/12/29 2:15 p.m.59 views

CVE-2023-51473

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...

10CVSS0.00617EPSS
Exploits0References1
NVD
NVD
added 2023/11/02 2:15 p.m.59 views

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

5.4CVSS5.3AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.59 views

CVE-2023-37913

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

9.9CVSS9.6AI score0.01076EPSS
Exploits1References3
NVD
NVD
added 2023/10/10 6:15 p.m.59 views

CVE-2023-36561

Azure DevOps Server Elevation of Privilege Vulnerability...

7.3CVSS7.2AI score0.00847EPSS
Exploits0References1
NVD
NVD
added 2023/09/27 9:15 p.m.59 views

CVE-2023-40026

Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 starting at least in v0.1.0, but likely in any version using Helm before 2.3, using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to le...

5CVSS4.9AI score0.005EPSS
Exploits0References2
NVD
NVD
added 2023/07/25 9:15 a.m.59 views

CVE-2023-3897

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version...

5.3CVSS4.9AI score0.01808EPSS
Exploits4References2
NVD
NVD
added 2023/07/12 6:15 p.m.59 views

CVE-2023-3643

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...

9.8CVSS0.75206EPSS
Exploits6References3
NVD
NVD
added 2023/06/27 2:15 p.m.59 views

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

6.5CVSS6.5AI score0.00307EPSS
Exploits1References1
NVD
NVD
added 2023/05/02 10:15 a.m.59 views

CVE-2023-30869

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1...

9.8CVSS9.6AI score0.031EPSS
Exploits0References2
NVD
NVD
added 2023/04/12 2:15 p.m.59 views

CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

8.8CVSS7.7AI score0.02726EPSS
Exploits3References6
NVD
NVD
added 2023/03/28 1:15 p.m.59 views

CVE-2022-47529

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protectio...

6.7CVSS6.5AI score0.0157EPSS
Exploits5References8
NVD
NVD
added 2023/02/03 8:15 p.m.59 views

CVE-2023-23937

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

8.2CVSS8.1AI score0.00476EPSS
Exploits0References2
NVD
NVD
added 2022/12/26 7:15 a.m.59 views

CVE-2021-30134

php-mod/curl a wrapper of the PHP cURL extension before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php...

6.1CVSS0.01261EPSS
Exploits2References1
NVD
NVD
added 2022/12/23 12:15 a.m.59 views

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

5.3CVSS0.40162EPSS
Exploits4References3
NVD
NVD
added 2022/11/23 12:15 a.m.59 views

CVE-2022-38724

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...

5.4CVSS0.00653EPSS
Exploits1References4
NVD
NVD
added 2022/11/19 1:15 a.m.59 views

CVE-2022-41939

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

7.4CVSS0.00891EPSS
Exploits1References4
NVD
NVD
added 2022/11/10 8:15 p.m.59 views

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

7.4CVSS0.00577EPSS
Exploits0References2
NVD
NVD
added 2022/11/08 10:15 p.m.59 views

CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS0.00731EPSS
Exploits0References1
NVD
NVD
added 2022/10/21 11:15 p.m.59 views

CVE-2022-39259

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...

5.5CVSS0.00312EPSS
Exploits1References1
NVD
NVD
added 2022/09/09 7:15 p.m.59 views

CVE-2022-31006

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

7.5CVSS0.00924EPSS
Exploits0References2
NVD
NVD
added 2022/08/31 7:15 p.m.59 views

CVE-2022-36046

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

5.3CVSS0.00999EPSS
Exploits0References2
NVD
NVD
added 2022/08/01 7:15 p.m.59 views

CVE-2022-31155

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...

4.3CVSS0.00417EPSS
Exploits0References2
NVD
NVD
added 2022/07/11 1:15 a.m.59 views

CVE-2022-31534

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01118EPSS
Exploits1References1
NVD
NVD
added 2022/06/15 7:15 p.m.59 views

CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

7.5CVSS0.00603EPSS
Exploits0References2
NVD
NVD
added 2022/04/13 4:15 p.m.59 views

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

9.3CVSS0.261EPSS
Exploits0References1
NVD
NVD
added 2022/03/22 6:15 p.m.59 views

CVE-2021-41736

Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate at propagate.cpp...

9.8CVSS0.01377EPSS
Exploits1References1
NVD
NVD
added 2022/02/28 9:15 a.m.59 views

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

4.3CVSS0.03205EPSS
Exploits5References3
NVD
NVD
added 2022/01/02 12:15 a.m.59 views

CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...

5.4CVSS0.00744EPSS
Exploits1References2
NVD
NVD
added 2021/11/16 12:15 p.m.59 views

CVE-2021-42114

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS0.02889EPSS
Exploits1References3
NVD
NVD
added 2021/05/10 8:15 p.m.59 views

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

6.2CVSS0.00404EPSS
Exploits1References3
NVD
NVD
added 2021/04/05 7:15 p.m.59 views

CVE-2021-24169

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS...

6.1CVSS0.10348EPSS
Exploits5References2
NVD
NVD
added 2021/03/11 4:15 p.m.59 views

CVE-2021-27080

Azure Sphere Unsigned Code Execution Vulnerability...

9.3CVSS0.01216EPSS
Exploits1References2
NVD
NVD
added 2021/01/06 2:15 p.m.59 views

CVE-2020-10655

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The...

9.8CVSS9.4AI score0.02582EPSS
Exploits0References2
NVD
NVD
added 2020/08/14 2:15 p.m.59 views

CVE-2020-16205

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5...

9CVSS7AI score0.60435EPSS
Exploits4References2
NVD
NVD
added 2020/05/15 7:15 p.m.59 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.8CVSS9.7AI score0.02645EPSS
Exploits1References2
NVD
NVD
added 2020/03/12 2:15 p.m.59 views

CVE-2020-10389

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...

7.2CVSS7.3AI score0.04884EPSS
Exploits5References4
Total number of security vulnerabilities5000