Lucene search
K
NvdMost viewed

363661 matches found

NVD
NVD
•added 2024/01/17 7:15 a.m.•56 views

CVE-2023-51724

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of...

6.9CVSS6.4AI score0.00358EPSS
Exploits0References1
NVD
NVD
•added 2024/01/09 10:15 p.m.•56 views

CVE-2023-6476

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node...

7.5CVSS6.4AI score0.00859EPSS
Exploits0References4
NVD
NVD
•added 2023/12/28 5:15 a.m.•56 views

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

7.8CVSS0.09123EPSS
Exploits4References2
NVD
NVD
•added 2023/12/12 3:15 p.m.•56 views

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

9.8CVSS0.23466EPSS
Exploits4References1
NVD
NVD
•added 2023/11/20 6:15 p.m.•56 views

CVE-2023-48292

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

9.6CVSS0.22938EPSS
Exploits2References3
NVD
NVD
•added 2023/08/02 11:15 p.m.•56 views

CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

9.8CVSS9.9AI score0.02798EPSS
Exploits0References1
NVD
NVD
•added 2023/07/17 10:15 p.m.•56 views

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

7.8CVSS0.00632EPSS
Exploits0References4
NVD
NVD
•added 2023/06/15 8:15 p.m.•56 views

CVE-2023-33243

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

8.1CVSS8.2AI score0.04421EPSS
Exploits4References2
NVD
NVD
•added 2023/05/10 2:15 p.m.•56 views

CVE-2023-25568

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

8.2CVSS8.2AI score0.00856EPSS
Exploits0References4
NVD
NVD
•added 2023/04/03 8:15 a.m.•56 views

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.9AI score0.00654EPSS
Exploits0References2
NVD
NVD
•added 2023/03/14 7:15 a.m.•56 views

CVE-2022-47162

Cross-Site Request Forgery CSRF vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin = 36 versions...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References1
NVD
NVD
•added 2023/03/06 5:15 a.m.•56 views

CVE-2023-26106

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...

7.5CVSS7.5AI score0.00947EPSS
Exploits1References2
NVD
NVD
•added 2023/02/28 3:15 p.m.•56 views

CVE-2022-47612

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

4.3CVSS4.7AI score0.00231EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 9:15 p.m.•56 views

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

7.5CVSS7.5AI score0.00297EPSS
Exploits0References2
NVD
NVD
•added 2022/10/13 11:15 p.m.•56 views

CVE-2022-39278

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

7.5CVSS0.01063EPSS
Exploits0References4
NVD
NVD
•added 2022/09/22 12:15 a.m.•56 views

CVE-2022-39975

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation...

4.3CVSS0.00471EPSS
Exploits0References2
NVD
NVD
•added 2022/09/21 6:15 p.m.•56 views

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

3.7CVSS0.00467EPSS
Exploits0References1
NVD
NVD
•added 2022/06/01 3:15 p.m.•56 views

CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability...

7.5CVSS0.01031EPSS
Exploits0References2
NVD
NVD
•added 2022/05/21 12:15 a.m.•56 views

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

6.5CVSS0.00793EPSS
Exploits0References2
NVD
NVD
•added 2022/03/09 11:15 p.m.•56 views

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

7.7CVSS0.00321EPSS
Exploits0References2
NVD
NVD
•added 2022/02/04 11:15 p.m.•56 views

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

7.5CVSS0.00973EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•56 views

CVE-2022-23579

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS0.00821EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•56 views

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS0.70511EPSS
Exploits3References2
NVD
NVD
•added 2021/11/02 6:15 p.m.•56 views

CVE-2021-26107

An improper access control vulnerability CWE-284 in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager...

6.3CVSS0.00496EPSS
Exploits0References2
NVD
NVD
•added 2021/07/12 11:15 a.m.•56 views

CVE-2021-22916

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure...

5.9CVSS0.01826EPSS
Exploits0References1
NVD
NVD
•added 2021/06/07 12:15 p.m.•56 views

CVE-2021-33904

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

6.1CVSS0.10053EPSS
Exploits5References2
NVD
NVD
•added 2021/05/11 7:15 p.m.•56 views

CVE-2021-31200

Common Utilities Remote Code Execution Vulnerability...

7.2CVSS0.02482EPSS
Exploits0References1
NVD
NVD
•added 2021/04/14 2:15 p.m.•56 views

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

6.1CVSS0.97461EPSS
Exploits1References1
NVD
NVD
•added 2021/03/25 9:15 p.m.•56 views

CVE-2021-29097

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

7.8CVSS0.02412EPSS
Exploits0References9
NVD
NVD
•added 2021/02/01 3:15 p.m.•56 views

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

9.3CVSS9.2AI score0.07164EPSS
Exploits3References4
NVD
NVD
•added 2021/01/27 9:15 p.m.•56 views

CVE-2021-3331

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...

10CVSS9.7AI score0.07408EPSS
Exploits0References4
NVD
NVD
•added 2020/09/09 7:15 p.m.•56 views

CVE-2020-1912

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...

8.1CVSS0.01813EPSS
Exploits0References2
NVD
NVD
•added 2020/04/09 2:15 p.m.•56 views

CVE-2020-10617

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS versions prior to 3.0.2 to gain access to sensitive information...

7.5CVSS8.6AI score0.01263EPSS
Exploits0References1
NVD
NVD
•added 2020/02/25 5:15 p.m.•56 views

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files e.g., on some Linux distributions because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c...

4.7CVSS5.5AI score0.009EPSS
Exploits4References5
NVD
NVD
•added 2020/01/21 5:15 p.m.•56 views

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

5.5CVSS5.5AI score0.00967EPSS
Exploits8References6
NVD
NVD
•added 2019/10/02 2:15 p.m.•56 views

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled...

6.1CVSS6.6AI score0.02469EPSS
Exploits1References17
NVD
NVD
•added 2019/09/26 4:15 p.m.•56 views

CVE-2019-16409

In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...

5.3CVSS5.2AI score0.01203EPSS
Exploits0References3
NVD
NVD
•added 2014/10/02 2:55 p.m.•56 views

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

6.5CVSS8.2AI score0.04155EPSS
Exploits6References7
NVD
NVD
•added 2014/01/31 3:7 p.m.•56 views

CVE-2013-6235

Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...

4.3CVSS5.7AI score0.02232EPSS
Exploits2References8
NVD
NVD
•added 2014/01/19 6:2 p.m.•56 views

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

7.5CVSS7.6AI score0.07199EPSS
Exploits0References5
NVD
NVD
•added 2010/08/31 8:0 p.m.•56 views

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control UfPBCtrl.dll in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer...

9.3CVSS7.4AI score0.39216EPSS
Exploits14References8
NVD
NVD
•added 2026/05/15 10:16 p.m.•55 views

CVE-2026-45347

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

5.4CVSS0.00186EPSS
Exploits1References1
NVD
NVD
•added 2026/05/14 4:16 p.m.•55 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00505EPSS
Exploits0References1
NVD
NVD
•added 2026/05/13 6:16 p.m.•55 views

CVE-2026-44580

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...

6.1CVSS0.00205EPSS
Exploits0References1
NVD
NVD
•added 2026/05/12 10:16 a.m.•55 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS
Exploits0References5
NVD
NVD
•added 2026/05/12 10:16 a.m.•55 views

CVE-2026-44412

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.00106EPSS
Exploits0References1
NVD
NVD
•added 2026/05/07 4:16 a.m.•55 views

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS0.00457EPSS
Exploits0References11
NVD
NVD
•added 2026/05/06 8:16 p.m.•55 views

CVE-2026-44109

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

9.8CVSS0.00718EPSS
Exploits1References3
NVD
NVD
•added 2026/05/06 12:16 p.m.•55 views

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

7.8CVSS0.00138EPSS
Exploits0References4
NVD
NVD
•added 2026/02/03 6:16 p.m.•55 views

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

6.5CVSS0.00223EPSS
Exploits0References2
Total number of security vulnerabilities5000