Lucene search
K
NvdMost viewed

364597 matches found

NVD
NVD
•added 2024/06/27 11:15 a.m.•59 views

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS0.05582EPSS
Exploits1References21
NVD
NVD
•added 2024/06/25 9:16 p.m.•59 views

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges...

7.5CVSS0.00771EPSS
Exploits0References2
NVD
NVD
•added 2024/06/05 6:15 p.m.•59 views

CVE-2024-5037

A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue "iss" check during JSON web token JWT authentication...

7.5CVSS7.5AI score0.00814EPSS
Exploits0References9
NVD
NVD
•added 2024/05/16 7:15 p.m.•59 views

CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

4.9CVSS5.1AI score0.00217EPSS
Exploits0References3
NVD
NVD
•added 2024/04/16 6:15 a.m.•59 views

CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS7.9AI score0.01191EPSS
Exploits2References2
NVD
NVD
•added 2024/04/10 6:15 p.m.•59 views

CVE-2024-31214

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file...

9.6CVSS9.5AI score0.17631EPSS
Exploits5References4
NVD
NVD
•added 2024/03/26 9:15 p.m.•59 views

CVE-2024-25421

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...

9.8CVSS6.8AI score0.0165EPSS
Exploits2References3
NVD
NVD
•added 2024/02/13 7:15 a.m.•59 views

CVE-2023-6815

Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...

6.5CVSS6.2AI score0.00697EPSS
Exploits0References3
NVD
NVD
•added 2024/02/02 2:15 a.m.•59 views

CVE-2023-48793

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature...

9.8CVSS10AI score0.06951EPSS
Exploits0References2
NVD
NVD
•added 2024/01/29 8:15 p.m.•59 views

CVE-2023-51842

An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16...

7.5CVSS7.5AI score0.00835EPSS
Exploits1References3
NVD
NVD
•added 2024/01/17 9:15 p.m.•59 views

CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

6.5CVSS6.9AI score0.00409EPSS
Exploits1References1
NVD
NVD
•added 2024/01/02 10:15 p.m.•59 views

CVE-2024-21632

omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...

9.8CVSS8.9AI score0.00904EPSS
Exploits1References3
NVD
NVD
•added 2023/12/29 2:15 p.m.•59 views

CVE-2023-51473

Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...

10CVSS0.00617EPSS
Exploits0References1
NVD
NVD
•added 2023/12/21 12:15 a.m.•59 views

CVE-2023-46131

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...

7.5CVSS0.00722EPSS
Exploits0References5
NVD
NVD
•added 2023/10/10 6:15 p.m.•59 views

CVE-2023-36561

Azure DevOps Server Elevation of Privilege Vulnerability...

7.3CVSS7.2AI score0.00847EPSS
Exploits0References1
NVD
NVD
•added 2023/09/04 6:15 p.m.•59 views

CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5.3CVSS4.4AI score0.00418EPSS
Exploits1References1
NVD
NVD
•added 2023/07/12 6:15 p.m.•59 views

CVE-2023-3643

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...

9.8CVSS0.75206EPSS
Exploits6References3
NVD
NVD
•added 2023/06/27 2:15 p.m.•59 views

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

6.5CVSS6.5AI score0.00307EPSS
Exploits1References1
NVD
NVD
•added 2023/05/02 10:15 a.m.•59 views

CVE-2023-30869

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1...

9.8CVSS9.6AI score0.031EPSS
Exploits0References2
NVD
NVD
•added 2023/04/12 2:15 p.m.•59 views

CVE-2023-1874

The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...

8.8CVSS7.7AI score0.02726EPSS
Exploits3References6
NVD
NVD
•added 2023/03/28 1:15 p.m.•59 views

CVE-2022-47529

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protectio...

6.7CVSS6.5AI score0.0157EPSS
Exploits5References8
NVD
NVD
•added 2023/03/06 5:15 a.m.•59 views

CVE-2023-26106

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...

7.5CVSS7.5AI score0.00947EPSS
Exploits1References2
NVD
NVD
•added 2023/02/08 11:15 p.m.•59 views

CVE-2023-0250

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code...

7.8CVSS7.8AI score0.02163EPSS
Exploits0References1
NVD
NVD
•added 2022/12/26 7:15 a.m.•59 views

CVE-2021-30134

php-mod/curl a wrapper of the PHP cURL extension before 2.3.2 allows XSS via the postfilepathupload.php key parameter and the POST data to postmultidimensional.php...

6.1CVSS0.01261EPSS
Exploits2References1
NVD
NVD
•added 2022/12/23 12:15 a.m.•59 views

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

5.3CVSS0.40162EPSS
Exploits4References3
NVD
NVD
•added 2022/11/23 12:15 a.m.•59 views

CVE-2022-38724

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...

5.4CVSS0.00653EPSS
Exploits1References4
NVD
NVD
•added 2022/11/19 1:15 a.m.•59 views

CVE-2022-41939

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

7.4CVSS0.00891EPSS
Exploits1References4
NVD
NVD
•added 2022/11/08 10:15 p.m.•59 views

CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS0.00731EPSS
Exploits0References1
NVD
NVD
•added 2022/10/21 11:15 p.m.•59 views

CVE-2022-39259

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...

5.5CVSS0.00312EPSS
Exploits1References1
NVD
NVD
•added 2022/08/01 7:15 p.m.•59 views

CVE-2022-31155

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...

4.3CVSS0.00417EPSS
Exploits0References2
NVD
NVD
•added 2022/07/11 1:15 a.m.•59 views

CVE-2022-31534

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01242EPSS
Exploits1References1
NVD
NVD
•added 2022/06/15 7:15 p.m.•59 views

CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

7.5CVSS0.00603EPSS
Exploits0References2
NVD
NVD
•added 2022/06/15 2:15 p.m.•59 views

CVE-2022-20156

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS0.00113EPSS
Exploits0References1
NVD
NVD
•added 2022/06/07 6:15 p.m.•59 views

CVE-2020-36542

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is...

9.8CVSS0.01332EPSS
Exploits1References3
NVD
NVD
•added 2022/05/25 9:15 p.m.•59 views

CVE-2022-29251

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the FlamingoThemesCode.WebHomeSheet wiki page related to the "newThemeName" form field. The...

7.4CVSS0.01263EPSS
Exploits0References3
NVD
NVD
•added 2022/04/13 4:15 p.m.•59 views

CVE-2021-22797

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal vulnerability exists that could cause malicious script to be deployed in an unauthorized location and may result in code execution on the engineering workstation when a malicious project file is loaded in the...

9.3CVSS0.261EPSS
Exploits0References1
NVD
NVD
•added 2022/03/22 6:15 p.m.•59 views

CVE-2021-41736

Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate at propagate.cpp...

9.8CVSS0.01377EPSS
Exploits1References1
NVD
NVD
•added 2022/03/11 6:15 p.m.•59 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS0.01157EPSS
Exploits0References1
NVD
NVD
•added 2022/02/28 9:15 a.m.•59 views

CVE-2022-0377

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...

4.3CVSS0.03205EPSS
Exploits5References3
NVD
NVD
•added 2022/01/02 12:15 a.m.•59 views

CVE-2022-22293

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...

5.4CVSS0.00744EPSS
Exploits1References2
NVD
NVD
•added 2021/12/14 4:15 p.m.•59 views

CVE-2021-42063

A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data...

6.1CVSS0.22318EPSS
Exploits3References4
NVD
NVD
•added 2021/11/16 12:15 p.m.•59 views

CVE-2021-42114

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS0.02889EPSS
Exploits1References3
NVD
NVD
•added 2021/07/08 7:15 p.m.•59 views

CVE-2021-1585

A vulnerability in the Cisco Adaptive Security Device Manager ASDM Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...

9.3CVSS0.19958EPSS
Exploits2References3
NVD
NVD
•added 2021/05/10 8:15 p.m.•59 views

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

6.2CVSS0.00404EPSS
Exploits1References3
NVD
NVD
•added 2021/04/05 7:15 p.m.•59 views

CVE-2021-24169

This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS...

6.1CVSS0.10348EPSS
Exploits5References2
NVD
NVD
•added 2021/03/11 4:15 p.m.•59 views

CVE-2021-27080

Azure Sphere Unsigned Code Execution Vulnerability...

9.3CVSS0.01216EPSS
Exploits1References2
NVD
NVD
•added 2021/01/06 2:15 p.m.•59 views

CVE-2020-10655

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The...

9.8CVSS9.4AI score0.02582EPSS
Exploits0References2
NVD
NVD
•added 2020/08/14 2:15 p.m.•59 views

CVE-2020-16205

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5...

9CVSS7AI score0.60435EPSS
Exploits4References2
NVD
NVD
•added 2020/05/15 7:15 p.m.•59 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.8CVSS9.7AI score0.02645EPSS
Exploits1References2
NVD
NVD
•added 2020/03/12 2:15 p.m.•59 views

CVE-2020-10389

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...

7.2CVSS7.3AI score0.04884EPSS
Exploits5References4
Total number of security vulnerabilities5000