Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2024/01/05 9:15 p.m.58 views

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

6.5CVSS7.4AI score0.01067EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 12:15 a.m.58 views

CVE-2023-46131

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...

7.5CVSS0.00722EPSS
Exploits0References5
NVD
NVD
added 2023/11/12 10:15 p.m.58 views

CVE-2023-29425

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

8.8CVSS0.00264EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 3:15 p.m.58 views

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

7CVSS6.9AI score0.00537EPSS
Exploits2References1
NVD
NVD
added 2023/09/04 6:15 p.m.58 views

CVE-2023-40015

Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...

5.3CVSS4.4AI score0.00418EPSS
Exploits1References1
NVD
NVD
added 2023/07/15 7:15 p.m.58 views

CVE-2023-30791

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

7.1CVSS0.00458EPSS
Exploits1References2
NVD
NVD
added 2023/06/01 1:15 p.m.58 views

CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...

9.9CVSS9.1AI score0.00715EPSS
Exploits0References2
NVD
NVD
added 2023/05/30 8:15 a.m.58 views

CVE-2023-2223

The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00552EPSS
Exploits3References2
NVD
NVD
added 2023/05/26 12:15 p.m.58 views

CVE-2023-25976

Cross-Site Request Forgery CSRF vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin = 1.2.2 versions...

8.8CVSS5.9AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 6:15 p.m.58 views

CVE-2023-30851

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...

5.3CVSS4.2AI score0.00655EPSS
Exploits0References4
NVD
NVD
added 2023/05/11 10:15 p.m.58 views

CVE-2023-32059

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.4AI score0.00725EPSS
Exploits1References2
NVD
NVD
added 2023/05/11 11:15 a.m.58 views

CVE-2023-30256

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and emailcreate parameters in the AuthController.php file...

6.1CVSS5.9AI score0.08731EPSS
Exploits5References4
NVD
NVD
added 2023/04/23 11:15 a.m.58 views

CVE-2023-27425

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in James Irving-Swift Electric Studio Client Login plugin = 0.8.1 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/14 7:15 p.m.58 views

CVE-2023-29194

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...

4.1CVSS4AI score0.00782EPSS
Exploits0References3
NVD
NVD
added 2023/03/06 5:15 a.m.58 views

CVE-2023-26106

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...

7.5CVSS7.5AI score0.00947EPSS
Exploits1References2
NVD
NVD
added 2023/02/27 4:15 p.m.58 views

CVE-2023-0381

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

8.8CVSS8.9AI score0.01301EPSS
Exploits2References1
NVD
NVD
added 2023/02/17 10:15 p.m.58 views

CVE-2023-21620

FrameMaker 2020 Update 4 and earlier, 2022 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS5AI score0.00325EPSS
Exploits0References1
NVD
NVD
added 2023/01/27 7:15 p.m.58 views

CVE-2021-41144

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

8.8CVSS8.8AI score0.01166EPSS
Exploits0References4
NVD
NVD
added 2023/01/02 7:15 p.m.58 views

CVE-2014-125036

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local...

4.3CVSS4AI score0.00399EPSS
Exploits0References3
NVD
NVD
added 2022/11/10 6:15 p.m.58 views

CVE-2022-39395

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

9.9CVSS0.01067EPSS
Exploits0References10
NVD
NVD
added 2022/06/15 2:15 p.m.58 views

CVE-2022-20156

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS0.00113EPSS
Exploits0References1
NVD
NVD
added 2022/06/07 6:15 p.m.58 views

CVE-2020-36542

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is...

9.8CVSS0.01332EPSS
Exploits1References3
NVD
NVD
added 2022/03/11 6:15 p.m.58 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS0.01157EPSS
Exploits0References1
NVD
NVD
added 2022/03/08 12:15 p.m.58 views

CVE-2021-41542

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.44, Climatix POL909 AWM module All versions V11.36. The User Management page of affected devices is vulnerable to cross-site scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code whi...

6.1CVSS0.00553EPSS
Exploits0References1
NVD
NVD
added 2022/02/14 12:15 p.m.58 views

CVE-2022-0212

The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.02291EPSS
Exploits2References1
NVD
NVD
added 2022/02/04 11:15 p.m.58 views

CVE-2022-23580

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS0.00821EPSS
Exploits1References3
NVD
NVD
added 2021/12/06 4:15 p.m.58 views

CVE-2021-24931

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an SQL injection...

9.8CVSS0.78812EPSS
Exploits7References2
NVD
NVD
added 2021/11/23 12:15 a.m.58 views

CVE-2021-40830

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...

8.8CVSS0.00375EPSS
Exploits0References5
NVD
NVD
added 2021/11/02 6:15 p.m.58 views

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

6.3CVSS0.00496EPSS
Exploits0References2
NVD
NVD
added 2021/09/22 8:15 p.m.58 views

CVE-2020-23478

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

7.5CVSS0.01193EPSS
Exploits1References2
NVD
NVD
added 2021/07/08 7:15 p.m.58 views

CVE-2021-1585

A vulnerability in the Cisco Adaptive Security Device Manager ASDM Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...

9.3CVSS0.19958EPSS
Exploits2References3
NVD
NVD
added 2021/01/11 10:15 p.m.58 views

CVE-2021-0313

In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...

7.8CVSS7.4AI score0.0168EPSS
Exploits0References1
NVD
NVD
added 2020/11/12 10:15 a.m.58 views

CVE-2020-11193

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W,...

10CVSS9.3AI score0.00896EPSS
Exploits0References1
NVD
NVD
added 2020/10/13 6:15 p.m.58 views

CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

7.7CVSS0.01128EPSS
Exploits0References6
NVD
NVD
added 2020/08/31 5:15 p.m.58 views

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

9.8CVSS9.4AI score0.01659EPSS
Exploits0References1
NVD
NVD
added 2020/08/26 7:15 p.m.58 views

CVE-2020-17376

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

8.3CVSS8.2AI score0.01715EPSS
Exploits1References3
NVD
NVD
added 2020/04/09 2:15 p.m.58 views

CVE-2020-10617

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS versions prior to 3.0.2 to gain access to sensitive information...

7.5CVSS8.6AI score0.01263EPSS
Exploits0References1
NVD
NVD
added 2013/06/05 2:39 p.m.58 views

CVE-2013-3950

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLDSHAREDCACHEDIR environment variable...

5CVSS6.2AI score0.01865EPSS
Exploits2References6
NVD
NVD
added 2026/05/14 9:16 p.m.57 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.57 views

CVE-2026-22707

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

5.4CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 11:16 p.m.57 views

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

7.6CVSS0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 1:16 p.m.57 views

CVE-2026-39440

Improper Control of Generation of Code 'Code Injection' vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1...

9.9CVSS0.00364EPSS
Exploits1References1
NVD
NVD
added 2026/02/12 8:16 p.m.57 views

CVE-2019-25344

Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...

8.5CVSS0.00162EPSS
Exploits1References4
NVD
NVD
added 2025/11/30 5:16 a.m.57 views

CVE-2025-66433

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

4.2CVSS0.00087EPSS
Exploits0References1
NVD
NVD
added 2025/09/08 8:15 p.m.57 views

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

9.3CVSS0.01371EPSS
Exploits0References3
NVD
NVD
added 2025/06/24 1:15 a.m.57 views

CVE-2025-34035

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected...

10CVSS0.12334EPSS
Exploits2References5
NVD
NVD
added 2025/06/18 1:15 a.m.57 views

CVE-2025-23252

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure...

7.5CVSS0.0028EPSS
Exploits0References1
NVD
NVD
added 2025/05/10 5:15 a.m.57 views

CVE-2025-4496

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buff...

9.8CVSS0.00944EPSS
Exploits0References5
NVD
NVD
added 2025/05/08 8:15 p.m.57 views

CVE-2025-45789

TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules...

9.8CVSS0.00674EPSS
Exploits1References1
NVD
NVD
added 2025/04/24 6:15 p.m.57 views

CVE-2025-43858

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting yt-dlp from a commands prompt running on Windows OS with...

9.2CVSS0.00222EPSS
Exploits0References3
Total number of security vulnerabilities5000