Lucene search
K
NvdMost viewed

363706 matches found

NVD
NVD
added 2026/05/13 4:16 p.m.58 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.58 views

CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

7.1CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 11:16 p.m.58 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00244EPSS
Exploits0References4
NVD
NVD
added 2026/05/07 12:16 p.m.58 views

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS0.00503EPSS
Exploits1References2
NVD
NVD
added 2026/05/01 11:16 a.m.58 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS0.00497EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 7:16 p.m.58 views

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 6:29 p.m.58 views

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

7.8CVSS0.001EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 5:23 p.m.58 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS0.00216EPSS
Exploits0References2
NVD
NVD
added 2025/12/02 3:16 a.m.58 views

CVE-2024-45675

IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password...

8.4CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2025/08/19 3:15 p.m.58 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

5.3CVSS0.00356EPSS
Exploits0References2
NVD
NVD
added 2025/08/09 9:15 p.m.58 views

CVE-2025-8775

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

9.8CVSS0.00377EPSS
Exploits1References5
NVD
NVD
added 2025/04/16 5:15 p.m.58 views

CVE-2025-20236

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

8.8CVSS0.00908EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 8:15 p.m.58 views

CVE-2025-30645

A NULL Pointer Dereference vulnerability in the flow daemon flowd of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack DS Lite tunnel to crash the flowd process, resulting in a Denial of Service DoS. Continuous...

8.7CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/01/29 9:15 p.m.58 views

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

7.8CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2024/12/27 4:15 p.m.58 views

CVE-2024-56509

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...

8.6CVSS0.00691EPSS
Exploits0References2
NVD
NVD
added 2024/12/19 7:15 a.m.58 views

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...

6.5CVSS0.00355EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 11:15 a.m.58 views

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.82589EPSS
Exploits0References2
NVD
NVD
added 2024/11/15 11:15 a.m.58 views

CVE-2021-3841

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

5.4CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 7:15 p.m.58 views

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

9.8CVSS0.00589EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 5:15 p.m.58 views

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/10/21 8:15 p.m.58 views

CVE-2022-48998

In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf/32: Fix Oops on tail call tests testbpf tail call tests end up as: testbpf: 0 Tail call leaf jited:1 85 PASS testbpf: 1 Tail call 2 jited:1 111 PASS testbpf: 2 Tail call 3 jited:1 145 PASS testbpf: 3 Tail call 4 jited...

7.8CVSS0.00227EPSS
Exploits0References2
NVD
NVD
added 2024/10/02 8:15 p.m.58 views

CVE-2024-46977

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...

6.5CVSS0.00932EPSS
Exploits0References3
NVD
NVD
added 2024/09/18 6:15 p.m.58 views

CVE-2024-46986

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

9.9CVSS0.35461EPSS
Exploits2References5
NVD
NVD
added 2024/08/16 6:15 p.m.58 views

CVE-2024-42758

A Cross-site Scripting XSS vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki Open Source Wiki Engine. A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is the...

5.4CVSS0.007EPSS
Exploits0References4
NVD
NVD
added 2024/08/06 5:15 a.m.58 views

CVE-2024-39817

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...

6.5CVSS0.00417EPSS
Exploits0References2
NVD
NVD
added 2024/07/27 12:15 p.m.58 views

CVE-2024-6627

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00329EPSS
Exploits0References4
NVD
NVD
added 2024/07/24 5:15 p.m.58 views

CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

9.9CVSS0.16496EPSS
Exploits0References14
NVD
NVD
added 2024/07/11 4:15 p.m.58 views

CVE-2024-39905

Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...

5.3CVSS0.0041EPSS
Exploits0References3
NVD
NVD
added 2024/07/07 4:15 p.m.58 views

CVE-2024-6229

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...

6.8CVSS0.00341EPSS
Exploits1References1
NVD
NVD
added 2024/06/22 5:15 a.m.58 views

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

8.1CVSS0.1908EPSS
Exploits2References3
NVD
NVD
added 2024/06/18 5:15 p.m.58 views

CVE-2024-21685

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosur...

7.4CVSS0.00439EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 7:16 p.m.58 views

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 2024/05/14 4:17 p.m.58 views

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting XSS vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled throu...

9.6CVSS8.2AI score0.5617EPSS
Exploits2References2
NVD
NVD
added 2024/04/10 6:15 p.m.58 views

CVE-2024-31214

Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file...

9.6CVSS9.5AI score0.17631EPSS
Exploits5References4
NVD
NVD
added 2024/03/26 9:15 p.m.58 views

CVE-2024-25421

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...

9.8CVSS6.8AI score0.0165EPSS
Exploits2References3
NVD
NVD
added 2024/02/26 5:15 p.m.58 views

CVE-2024-27081

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

8.8CVSS7.3AI score0.01535EPSS
Exploits1References2
NVD
NVD
added 2024/02/09 12:15 a.m.58 views

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...

5.3CVSS4.9AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2024/02/02 2:15 a.m.58 views

CVE-2023-48793

Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature...

9.8CVSS10AI score0.06951EPSS
Exploits0References2
NVD
NVD
added 2024/01/30 4:15 p.m.58 views

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

9.8CVSS7.2AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 6:15 p.m.58 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS5.6AI score0.00564EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 6:15 p.m.58 views

CVE-2024-23649

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

7.5CVSS7.5AI score0.00505EPSS
Exploits0References2
NVD
NVD
added 2024/01/17 7:15 a.m.58 views

CVE-2023-51723

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

6.9CVSS6.4AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2024/01/05 9:15 p.m.58 views

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

6.5CVSS7.4AI score0.01067EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 12:15 a.m.58 views

CVE-2023-46131

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...

7.5CVSS0.00722EPSS
Exploits0References5
NVD
NVD
added 2023/11/12 10:15 p.m.58 views

CVE-2023-29425

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

8.8CVSS0.00264EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 3:15 p.m.58 views

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

7CVSS6.9AI score0.00537EPSS
Exploits2References1
NVD
NVD
added 2023/09/06 6:15 p.m.58 views

CVE-2023-41050

AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...

7.7CVSS7AI score0.00519EPSS
Exploits0References2
NVD
NVD
added 2023/09/04 6:15 p.m.58 views

CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5.3CVSS4.4AI score0.00418EPSS
Exploits1References1
NVD
NVD
added 2023/07/15 7:15 p.m.58 views

CVE-2023-30791

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

7.1CVSS0.00458EPSS
Exploits1References2
NVD
NVD
added 2023/06/01 1:15 p.m.58 views

CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...

9.9CVSS9.1AI score0.00715EPSS
Exploits0References2
Total number of security vulnerabilities5000