Lucene search
K
NvdMost viewed

364584 matches found

NVD
NVD
added 2022/09/13 6:15 p.m.60 views

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

6.3CVSS0.00681EPSS
Exploits0References3
NVD
NVD
added 2022/09/09 7:15 p.m.60 views

CVE-2022-31006

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

7.5CVSS0.00924EPSS
Exploits0References2
NVD
NVD
added 2022/08/31 7:15 p.m.60 views

CVE-2022-36046

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

5.3CVSS0.00999EPSS
Exploits0References2
NVD
NVD
added 2022/04/11 8:15 p.m.60 views

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to chang...

10CVSS0.05013EPSS
Exploits0References1
NVD
NVD
added 2021/12/15 7:15 p.m.60 views

CVE-2021-1008

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product:...

4.4CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2021/11/02 6:15 p.m.60 views

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

6.3CVSS0.00496EPSS
Exploits0References2
NVD
NVD
added 2021/09/27 5:15 p.m.60 views

CVE-2021-41753

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames...

7.8CVSS0.0482EPSS
Exploits0References1
NVD
NVD
added 2021/09/07 10:15 a.m.60 views

CVE-2021-36162

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

8.8CVSS0.02019EPSS
Exploits0References1
NVD
NVD
added 2021/08/12 9:15 p.m.60 views

CVE-2021-37700

@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...

6.5CVSS0.0166EPSS
Exploits1References4
NVD
NVD
added 2021/08/12 6:15 p.m.60 views

CVE-2021-34478

Microsoft Office Remote Code Execution Vulnerability...

7.8CVSS0.54383EPSS
Exploits0References2
NVD
NVD
added 2021/06/22 12:15 p.m.60 views

CVE-2021-0549

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.4CVSS0.00117EPSS
Exploits0References1
NVD
NVD
added 2021/04/15 7:15 p.m.60 views

CVE-2021-31402

The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669...

7.5CVSS0.01158EPSS
Exploits1References1
NVD
NVD
added 2021/03/10 5:15 p.m.60 views

CVE-2021-0463

In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS0.00136EPSS
Exploits0References1
NVD
NVD
added 2020/12/21 10:15 p.m.60 views

CVE-2020-26277

DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a syst...

6.1CVSS6.2AI score0.01186EPSS
Exploits0References2
NVD
NVD
added 2020/10/14 2:15 p.m.60 views

CVE-2020-0400

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2019/05/20 12:29 a.m.60 views

CVE-2019-12185

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...

9CVSS9AI score0.18106EPSS
Exploits3References2
NVD
NVD
added 2011/10/25 7:55 p.m.60 views

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS UXSS attacks via vectors related to 1 the DOMWindow::clear function and use of a selection object, 2 the...

4.3CVSS5.5AI score0.01779EPSS
Exploits0References15
NVD
NVD
added 2007/03/02 9:18 p.m.60 views

CVE-2007-1167

inc/filebrowser/browser.php in deV!Lz Clanportal DZCP 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter...

5CVSS6.6AI score0.03924EPSS
Exploits1References6
NVD
NVD
added 2026/06/12 4:16 p.m.59 views

CVE-2026-50020

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...

5.3CVSS0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 10:16 p.m.59 views

CVE-2026-32993

Improper sanitization of the status query parameter of the /unprotected/novaerror endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response...

8.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 8:16 p.m.59 views

CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

6.5CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.59 views

CVE-2026-44572

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat t...

5.9CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.59 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 1:16 p.m.59 views

CVE-2022-50968

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

6.1CVSS0.00252EPSS
Exploits0References4
NVD
NVD
added 2026/05/10 1:16 a.m.59 views

CVE-2026-8216

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendo...

7.5CVSS0.00391EPSS
Exploits0References4
NVD
NVD
added 2026/05/09 11:16 p.m.59 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/05/09 9:16 p.m.59 views

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS0.00463EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 12:16 p.m.59 views

CVE-2026-43530

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weak...

8.8CVSS0.00356EPSS
Exploits0References3
NVD
NVD
added 2025/12/02 3:16 a.m.59 views

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

8.4CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2025/08/19 3:15 p.m.59 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS0.00356EPSS
Exploits0References2
NVD
NVD
added 2025/05/27 9:15 p.m.59 views

CVE-2025-5198

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...

5.4CVSS0.00227EPSS
Exploits0References3
NVD
NVD
added 2025/03/14 9:15 p.m.59 views

CVE-2025-2308

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Zscaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed...

7.8CVSS0.00364EPSS
Exploits1References4
NVD
NVD
added 2025/03/11 5:16 p.m.59 views

CVE-2025-24071

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS0.25068EPSS
Exploits21References3
NVD
NVD
added 2025/02/19 5:15 p.m.59 views

CVE-2025-27089

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS0.0022EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 6:15 p.m.59 views

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...

9.1CVSS0.12829EPSS
Exploits3References2
NVD
NVD
added 2024/12/04 9:15 p.m.59 views

CVE-2024-38829

A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase and...

3.7CVSS0.00379EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 10:15 a.m.59 views

CVE-2024-11032

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00449EPSS
Exploits0References4
NVD
NVD
added 2024/11/25 6:15 p.m.59 views

CVE-2024-7915

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

7.8CVSS0.00151EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 11:15 a.m.59 views

CVE-2021-3841

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

5.4CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2024/10/24 9:15 p.m.59 views

CVE-2024-48208

pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd function of the ls.c file...

8.6CVSS0.01511EPSS
Exploits1References1
NVD
NVD
added 2024/10/21 8:15 p.m.59 views

CVE-2022-48998

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests testbpf tail call tests end up as: testbpf: 0 Tail call leaf jited:1 85 PASS testbpf: 1 Tail call 2 jited:1 111 PASS testbpf: 2 Tail call 3 jited:1 145 PASS testbpf: 3 Tail call 4 jited...

7.8CVSS0.00227EPSS
Exploits0References2
NVD
NVD
added 2024/09/20 8:15 a.m.59 views

CVE-2024-8853

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a...

9.8CVSS0.00642EPSS
Exploits0References3
NVD
NVD
added 2024/09/17 7:15 p.m.59 views

CVE-2024-38183

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network...

9.8CVSS0.00788EPSS
Exploits0References1
NVD
NVD
added 2024/09/14 8:15 p.m.59 views

CVE-2024-8862

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be...

9.8CVSS0.01328EPSS
Exploits1References4
NVD
NVD
added 2024/08/29 8:15 p.m.59 views

CVE-2024-41347

openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/settings.php...

6.1CVSS0.00278EPSS
Exploits1References2
NVD
NVD
added 2024/08/13 6:15 p.m.59 views

CVE-2024-38186

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability...

7.8CVSS0.00839EPSS
Exploits0References2
NVD
NVD
added 2024/08/06 10:15 p.m.59 views

CVE-2024-38206

An authenticated attacker can bypass Server-Side Request Forgery SSRF protection in Microsoft Copilot Studio to leak sensitive information over a network...

8.5CVSS0.12341EPSS
Exploits0References1
NVD
NVD
added 2024/07/11 4:15 p.m.59 views

CVE-2024-39905

Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...

5.3CVSS0.0041EPSS
Exploits0References3
NVD
NVD
added 2024/07/10 6:15 p.m.59 views

CVE-2024-6646

A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information...

6.9CVSS0.45681EPSS
Exploits0References4
NVD
NVD
added 2024/06/28 8:15 p.m.59 views

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS0.03452EPSS
Exploits0References1
Total number of security vulnerabilities5000