Lucene search
K
NvdMost viewed

364639 matches found

NVD
NVD
added 2020/03/12 2:15 p.m.59 views

CVE-2020-10389

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...

7.2CVSS7.3AI score0.04884EPSS
Exploits5References4
NVD
NVD
added 2019/09/25 4:15 p.m.59 views

CVE-2019-10418

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS9.6AI score0.01205EPSS
Exploits0References2
NVD
NVD
added 2018/08/25 7:29 p.m.59 views

CVE-2018-15870

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

6.5CVSS6.3AI score0.01163EPSS
Exploits1References1
NVD
NVD
added 2013/06/05 2:39 p.m.59 views

CVE-2013-3950

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLDSHAREDCACHEDIR environment variable...

5CVSS6.2AI score0.01865EPSS
Exploits2References6
NVD
NVD
added 2009/09/04 10:30 a.m.59 views

CVE-2009-2521

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services IIS 5.0 through 7.0 allows remote authenticated users to cause a denial of service daemon crash via a list ls -R command containing a wildcard that references a subdirectory, followed by a .. dot dot, ak...

5CVSS6AI score0.82265EPSS
Exploits9References5
NVD
NVD
added 2026/05/13 4:16 p.m.58 views

CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

7.1CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 11:16 p.m.58 views

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

7.6CVSS0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/05/07 12:16 p.m.58 views

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

7.5CVSS0.00503EPSS
Exploits1References2
NVD
NVD
added 2026/05/01 11:16 a.m.58 views

CVE-2026-42404

Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...

7.2CVSS0.00497EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 7:16 p.m.58 views

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 6:29 p.m.58 views

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

7.8CVSS0.001EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 5:23 p.m.58 views

CVE-2026-27514

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...

7.1CVSS0.00216EPSS
Exploits0References2
NVD
NVD
added 2025/08/09 9:15 p.m.58 views

CVE-2025-8775

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

9.8CVSS0.00377EPSS
Exploits1References5
NVD
NVD
added 2025/06/24 1:15 a.m.58 views

CVE-2025-34035

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected...

10CVSS0.12334EPSS
Exploits2References5
NVD
NVD
added 2025/04/16 5:15 p.m.58 views

CVE-2025-20236

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...

8.8CVSS0.00939EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 8:15 p.m.58 views

CVE-2025-30645

A NULL Pointer Dereference vulnerability in the flow daemon flowd of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack DS Lite tunnel to crash the flowd process, resulting in a Denial of Service DoS. Continuous...

8.7CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 9:15 a.m.58 views

CVE-2025-25053

OS command injection vulnerability in the WEB UI the setting page exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product...

8.8CVSS0.00884EPSS
Exploits0References2
NVD
NVD
added 2025/01/29 9:15 p.m.58 views

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

7.8CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2024/12/27 4:15 p.m.58 views

CVE-2024-56509

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read LFR or path traversal attacks. These vulnerabilities occur when user input is...

8.6CVSS0.00691EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 11:15 a.m.58 views

CVE-2024-10400

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘ratingfilter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.82589EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 7:15 p.m.58 views

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

9.8CVSS0.00589EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 5:15 p.m.58 views

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in...

3.5CVSS0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/10/31 5:15 p.m.58 views

CVE-2024-51478

YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5...

9.9CVSS0.00368EPSS
Exploits1References3
NVD
NVD
added 2024/10/08 4:15 a.m.58 views

CVE-2024-45277

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact ...

4.3CVSS0.00589EPSS
Exploits0References3
NVD
NVD
added 2024/10/02 8:15 p.m.58 views

CVE-2024-46977

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllersh...

6.5CVSS0.00912EPSS
Exploits0References3
NVD
NVD
added 2024/09/18 6:15 p.m.58 views

CVE-2024-46986

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

9.9CVSS0.35461EPSS
Exploits2References5
NVD
NVD
added 2024/09/09 7:15 p.m.58 views

CVE-2024-7260

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referreruri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it...

6.1CVSS0.00546EPSS
Exploits0References4
NVD
NVD
added 2024/08/16 6:15 p.m.58 views

CVE-2024-42758

A Cross-site Scripting XSS vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki Open Source Wiki Engine. A malicious attacker can input XSS payloads for example when creating or editing existing page, to trigger the XSS on Dokuwiki, which is the...

5.4CVSS0.007EPSS
Exploits0References4
NVD
NVD
added 2024/08/06 5:15 a.m.58 views

CVE-2024-39817

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App...

6.5CVSS0.00417EPSS
Exploits0References2
NVD
NVD
added 2024/07/27 12:15 p.m.58 views

CVE-2024-6627

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00329EPSS
Exploits0References4
NVD
NVD
added 2024/07/24 5:15 p.m.58 views

CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

9.9CVSS0.16496EPSS
Exploits0References14
NVD
NVD
added 2024/07/07 4:15 p.m.58 views

CVE-2024-6229

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...

6.8CVSS0.00341EPSS
Exploits1References1
NVD
NVD
added 2024/06/22 5:15 a.m.58 views

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed it does not have ...

8.1CVSS0.1908EPSS
Exploits2References3
NVD
NVD
added 2024/06/18 5:15 p.m.58 views

CVE-2024-21685

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosur...

7.4CVSS0.00439EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 8:15 p.m.58 views

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

10CVSS0.05692EPSS
Exploits1References1
NVD
NVD
added 2024/06/06 7:16 p.m.58 views

CVE-2024-5480

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 2024/05/14 4:17 p.m.58 views

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting XSS vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled throu...

9.6CVSS8.2AI score0.5617EPSS
Exploits2References2
NVD
NVD
added 2024/04/09 5:16 p.m.58 views

CVE-2024-29905

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

8.1CVSS8AI score0.00317EPSS
Exploits0References2
NVD
NVD
added 2024/02/26 5:15 p.m.58 views

CVE-2024-27081

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

8.8CVSS7.3AI score0.01535EPSS
Exploits1References2
NVD
NVD
added 2024/02/09 12:15 a.m.58 views

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...

5.3CVSS4.9AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2024/01/30 4:15 p.m.58 views

CVE-2024-21653

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...

9.8CVSS7.2AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 6:15 p.m.58 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS5.6AI score0.00564EPSS
Exploits0References2
NVD
NVD
added 2024/01/24 6:15 p.m.58 views

CVE-2024-23649

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

7.5CVSS7.5AI score0.00505EPSS
Exploits0References2
NVD
NVD
added 2024/01/17 7:15 a.m.58 views

CVE-2023-51723

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

6.9CVSS6.4AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2024/01/11 9:15 a.m.58 views

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

9.8CVSS9.5AI score0.08544EPSS
Exploits1References2
NVD
NVD
added 2024/01/05 9:15 p.m.58 views

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

6.5CVSS7.4AI score0.01067EPSS
Exploits0References3
NVD
NVD
added 2023/11/12 10:15 p.m.58 views

CVE-2023-29425

Cross-Site Request Forgery CSRF vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin = 4.9.23 versions...

8.8CVSS0.00264EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 3:15 p.m.58 views

CVE-2023-27470

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportServiceN-Central\PushUpdates, leading to arbitrary file deletion...

7CVSS6.9AI score0.00537EPSS
Exploits2References1
NVD
NVD
added 2023/07/15 7:15 p.m.58 views

CVE-2023-30791

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

7.1CVSS0.00458EPSS
Exploits1References2
NVD
NVD
added 2023/06/15 8:15 p.m.58 views

CVE-2023-33243

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

8.1CVSS8.2AI score0.04421EPSS
Exploits4References2
Total number of security vulnerabilities5000