Lucene search
K
NvdMost viewed

363567 matches found

NVD
NVD
added 2021/03/11 4:15 p.m.56 views

CVE-2021-27080

Azure Sphere Unsigned Code Execution Vulnerability...

9.3CVSS0.01216EPSS
Exploits1References2
NVD
NVD
added 2021/02/01 3:15 p.m.56 views

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

9.3CVSS9.2AI score0.07164EPSS
Exploits3References4
NVD
NVD
added 2021/01/27 9:15 p.m.56 views

CVE-2021-3331

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...

10CVSS9.7AI score0.07408EPSS
Exploits0References4
NVD
NVD
added 2021/01/06 2:15 p.m.56 views

CVE-2020-10655

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The...

9.8CVSS9.4AI score0.02582EPSS
Exploits0References2
NVD
NVD
added 2020/09/09 7:15 p.m.56 views

CVE-2020-1912

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...

8.1CVSS0.01813EPSS
Exploits0References2
NVD
NVD
added 2020/02/25 5:15 p.m.56 views

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files e.g., on some Linux distributions because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c...

4.7CVSS5.5AI score0.009EPSS
Exploits4References5
NVD
NVD
added 2020/01/21 5:15 p.m.56 views

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

5.5CVSS5.5AI score0.00967EPSS
Exploits8References6
NVD
NVD
added 2019/10/02 2:15 p.m.56 views

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled...

6.1CVSS6.6AI score0.02469EPSS
Exploits1References17
NVD
NVD
added 2019/09/26 4:15 p.m.56 views

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

5.3CVSS5.2AI score0.01203EPSS
Exploits0References3
NVD
NVD
added 2018/12/20 5:29 p.m.56 views

CVE-2018-1000881

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a...

9.8CVSS9.7AI score0.03819EPSS
Exploits1References1
NVD
NVD
added 2014/10/02 2:55 p.m.56 views

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

6.5CVSS8.2AI score0.04155EPSS
Exploits6References7
NVD
NVD
added 2014/01/31 3:7 p.m.56 views

CVE-2013-6235

Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...

4.3CVSS5.7AI score0.02232EPSS
Exploits2References8
NVD
NVD
added 2014/01/19 6:2 p.m.56 views

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

7.5CVSS7.6AI score0.07199EPSS
Exploits0References5
NVD
NVD
added 2010/08/31 8:0 p.m.56 views

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control UfPBCtrl.dll in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer...

9.3CVSS7.4AI score0.39216EPSS
Exploits14References8
NVD
NVD
added 2026/05/28 10:16 a.m.55 views

CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

8.8CVSS0.00126EPSS
Exploits0References6
NVD
NVD
added 2026/05/15 10:16 p.m.55 views

CVE-2026-45347

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

5.4CVSS0.00186EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 4:16 p.m.55 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00505EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 6:16 p.m.55 views

CVE-2026-44580

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...

6.1CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.55 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 4:16 a.m.55 views

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS0.00457EPSS
Exploits0References11
NVD
NVD
added 2026/05/06 12:16 p.m.55 views

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

7.8CVSS0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 6:16 p.m.55 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

6.5CVSS0.00223EPSS
Exploits0References2
NVD
NVD
added 2025/10/01 4:15 p.m.55 views

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

8.8CVSS0.00481EPSS
Exploits1References3
NVD
NVD
added 2025/08/15 6:15 p.m.55 views

CVE-2025-55285

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...

2.6CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 3:15 a.m.55 views

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

4.5CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 2025/06/04 6:15 p.m.55 views

CVE-2025-5600

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated...

10CVSS0.00995EPSS
Exploits1References5
NVD
NVD
added 2025/06/03 4:15 p.m.55 views

CVE-2025-5508

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched...

4.8CVSS0.00334EPSS
Exploits1References5
NVD
NVD
added 2025/05/02 9:15 p.m.55 views

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information...

5CVSS0.01189EPSS
Exploits4References4
NVD
NVD
added 2025/03/25 9:15 p.m.55 views

CVE-2025-25372

NASA cFS Core Flight System Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module...

7.5CVSS0.00458EPSS
Exploits1References1
NVD
NVD
added 2025/03/24 5:15 p.m.55 views

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

8CVSS0.00317EPSS
Exploits1References5
NVD
NVD
added 2025/01/29 9:15 p.m.55 views

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

7.8CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 6:15 p.m.55 views

CVE-2024-54794

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution...

9.1CVSS0.12829EPSS
Exploits3References2
NVD
NVD
added 2025/01/10 4:15 p.m.55 views

CVE-2025-22599

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

6.5CVSS0.00393EPSS
Exploits1References1
NVD
NVD
added 2025/01/05 4:15 p.m.55 views

CVE-2025-0222

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

6.8CVSS0.00349EPSS
Exploits1References4
NVD
NVD
added 2024/12/17 10:15 p.m.55 views

CVE-2023-37940

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.55 views

CVE-2023-36681

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2...

9.8CVSS0.00719EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 3:15 p.m.55 views

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

9.9CVSS0.01419EPSS
Exploits0References4
NVD
NVD
added 2024/10/22 11:15 p.m.55 views

CVE-2024-7587

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and...

7.8CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2024/10/08 6:15 p.m.55 views

CVE-2024-47823

Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to 2.12.7 and v3.5.2, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not...

9.8CVSS0.00823EPSS
Exploits1References4
NVD
NVD
added 2024/10/01 2:15 p.m.55 views

CVE-2024-46276

cutepng v1.05 was discovered to contain a heap buffer overflow via the cpchunk function at cutepng.h...

7.8CVSS0.00464EPSS
Exploits1References5
NVD
NVD
added 2024/09/26 6:15 p.m.55 views

CVE-2024-47075

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

6.4CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 3:15 p.m.55 views

CVE-2024-27257

IBM OpenPages 8.3 and 9.0 potentially exposes information about client-side source code through use of JavaScript source maps to unauthorized users...

4.3CVSS0.00304EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 2:15 a.m.55 views

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS0.02064EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 2:15 p.m.55 views

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

8.1CVSS0.00392EPSS
Exploits0References4
NVD
NVD
added 2024/08/20 3:15 p.m.55 views

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

5.3CVSS0.00455EPSS
Exploits0References2
NVD
NVD
added 2024/08/16 2:15 a.m.55 views

CVE-2024-7849

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-...

9CVSS0.0117EPSS
Exploits0References5
NVD
NVD
added 2024/08/13 11:15 a.m.55 views

CVE-2024-38787

Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through = 1.26.8...

7.5CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 3:15 p.m.55 views

CVE-2024-21482

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image...

7.8CVSS0.00109EPSS
Exploits0References1
NVD
NVD
added 2024/06/26 12:15 a.m.55 views

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

7.2CVSS0.03832EPSS
Exploits0References4
NVD
NVD
added 2024/06/17 8:15 p.m.55 views

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS0.01357EPSS
Exploits0References8
Total number of security vulnerabilities5000