Lucene search
K
NvdMost viewed

364500 matches found

NVD
NVD
added 2021/05/12 3:15 p.m.57 views

CVE-2021-20202

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...

7.3CVSS0.00299EPSS
Exploits0References1
NVD
NVD
added 2021/05/11 7:15 p.m.57 views

CVE-2021-31200

Common Utilities Remote Code Execution Vulnerability...

7.2CVSS0.02482EPSS
Exploits0References1
NVD
NVD
added 2021/04/13 8:15 p.m.57 views

CVE-2021-28459

Azure DevOps Server Spoofing Vulnerability...

6.1CVSS0.02317EPSS
Exploits3References3
NVD
NVD
added 2021/03/04 1:15 p.m.57 views

CVE-2020-24913

A SQL injection vulnerability in qcubed all versions including 3.1.1 in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request...

9.8CVSS0.40621EPSS
Exploits5References5
NVD
NVD
added 2021/02/16 8:15 p.m.57 views

CVE-2021-20070

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs...

4.8CVSS0.00468EPSS
Exploits0References1
NVD
NVD
added 2020/12/15 4:15 p.m.57 views

CVE-2020-27029

In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875...

6.5CVSS7AI score0.00694EPSS
Exploits0References1
NVD
NVD
added 2020/10/20 3:15 p.m.57 views

CVE-2020-16246

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site...

6.1CVSS0.0068EPSS
Exploits0References1
NVD
NVD
added 2020/07/15 9:15 p.m.57 views

CVE-2020-13788

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet...

4.3CVSS0.01278EPSS
Exploits1References3
NVD
NVD
added 2020/02/12 3:15 p.m.57 views

CVE-2019-19194

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...

8.8CVSS8.9AI score0.01002EPSS
Exploits1References2
NVD
NVD
added 2020/02/04 8:15 p.m.57 views

CVE-2019-15624

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

4.9CVSS5.9AI score0.01472EPSS
Exploits1References4
NVD
NVD
added 2015/04/10 3:0 p.m.57 views

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

10CVSS7.7AI score0.05216EPSS
Exploits0References7
NVD
NVD
added 2014/11/26 3:59 p.m.57 views

CVE-2014-9097

Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow 1 remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php ...

7.5CVSS8.2AI score0.05017EPSS
Exploits2References3
NVD
NVD
added 2014/10/02 2:55 p.m.57 views

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

6.5CVSS8.2AI score0.04155EPSS
Exploits6References7
NVD
NVD
added 2026/06/25 5:17 p.m.56 views

CVE-2026-9099

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS0.00288EPSS
Exploits0References7
NVD
NVD
added 2026/05/12 11:16 a.m.56 views

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.56 views

CVE-2026-44412

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/05/10 1:16 p.m.56 views

CVE-2021-47948

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 10:16 p.m.56 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS0.00206EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 9:16 a.m.56 views

CVE-2025-2514

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One...

5.3CVSS0.003EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 12:16 p.m.56 views

CVE-2026-43276

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroyworkqueue on service rescan PCI path While testing corner cases in the driver, a use-after-free crash was found on the service rescan PCI path. When manaservreset calls managdsuspend, managdcleanup...

7.8CVSS0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 12:16 p.m.56 views

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

7.8CVSS0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/05/05 10:16 p.m.56 views

CVE-2026-40075

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

8.2CVSS0.00558EPSS
Exploits1References1
NVD
NVD
added 2026/05/02 6:16 a.m.56 views

CVE-2026-5111

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...

7.2CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 5:15 p.m.56 views

CVE-2025-12477

Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS0.00317EPSS
Exploits0References1
NVD
NVD
added 2025/10/06 8:15 p.m.56 views

CVE-2025-59447

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS0.00168EPSS
Exploits0References3
NVD
NVD
added 2025/09/23 8:15 a.m.56 views

CVE-2025-9588

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection. This issue affects enVision: before 250563...

10CVSS0.01125EPSS
Exploits0References2
NVD
NVD
added 2025/09/02 12:15 p.m.56 views

CVE-2025-5662

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

9.8CVSS0.0064EPSS
Exploits0References2
NVD
NVD
added 2025/06/03 4:15 p.m.56 views

CVE-2025-5508

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched...

4.8CVSS0.00334EPSS
Exploits1References5
NVD
NVD
added 2025/05/13 5:16 p.m.56 views

CVE-2025-30397

Access of resource using incompatible type 'type confusion' in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network...

7.5CVSS0.21562EPSS
Exploits7References4
NVD
NVD
added 2025/05/08 2:15 p.m.56 views

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as...

4.9CVSS0.00407EPSS
Exploits0References4
NVD
NVD
added 2025/04/08 11:15 a.m.56 views

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

4.8CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 2025/03/27 2:15 p.m.56 views

CVE-2025-2867

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

6.5CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 5:15 p.m.56 views

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

8CVSS0.00317EPSS
Exploits1References5
NVD
NVD
added 2025/03/06 7:15 p.m.56 views

CVE-2025-27509

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time JIT provisioning is enabled, or create new...

9.3CVSS0.00623EPSS
Exploits0References2
NVD
NVD
added 2025/03/05 6:15 a.m.56 views

CVE-2025-27663

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007...

9.8CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/02/16 9:15 a.m.56 views

CVE-2025-1336

A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimgaction in the library lib/admin/imageadmin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The explo...

8.1CVSS0.00951EPSS
Exploits1References4
NVD
NVD
added 2025/01/14 8:15 p.m.56 views

CVE-2024-55921

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8.8CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added 2025/01/05 4:15 p.m.56 views

CVE-2025-0222

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

6.8CVSS0.00349EPSS
Exploits1References4
NVD
NVD
added 2024/12/20 3:15 a.m.56 views

CVE-2022-34159

Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. Vulnerability ID: HWPSIRT-2022-80078 This vulnerability has been assigned a Common Vulnerabilities and Exposures CVE ID: CVE-2022-34159...

7.5CVSS0.00508EPSS
Exploits0References1
NVD
NVD
added 2024/12/17 9:15 p.m.56 views

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

6.1CVSS0.00319EPSS
Exploits0References1
NVD
NVD
added 2024/12/06 4:15 p.m.56 views

CVE-2024-54745

WAVLINK WN701AE M01AEV240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

9.8CVSS0.00543EPSS
Exploits1References2
NVD
NVD
added 2024/11/21 11:15 a.m.56 views

CVE-2024-52067

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

6.9CVSS0.00737EPSS
Exploits0References2
NVD
NVD
added 2024/11/09 2:15 p.m.56 views

CVE-2024-51628

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EzyOnlineBookings EzyOnlineBookings Online Booking System Widget ezyonlinebookings-online-booking-system allows DOM-Based XSS.This issue affects EzyOnlineBookings Online Booking System Widget: from...

6.5CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2024/10/24 6:15 p.m.56 views

CVE-2024-10337

A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection. It is possible to launch the attack...

7.2CVSS0.00441EPSS
Exploits1References3
NVD
NVD
added 2024/10/16 9:15 a.m.56 views

CVE-2023-32188

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

9.4CVSS0.00461EPSS
Exploits0References2
NVD
NVD
added 2024/10/08 9:15 a.m.56 views

CVE-2024-47563

A vulnerability has been identified in SINEC Security Monitor All versions V4.9.0. The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable...

6.9CVSS0.00537EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 2:15 p.m.56 views

CVE-2024-46276

cutepng v1.05 was discovered to contain a heap buffer overflow via the cpchunk function at cutepng.h...

7.8CVSS0.00462EPSS
Exploits1References5
NVD
NVD
added 2024/09/12 7:15 p.m.56 views

CVE-2024-45182

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service...

5.5CVSS0.00199EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 5:15 p.m.56 views

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability...

9.8CVSS0.01381EPSS
Exploits0References1
NVD
NVD
added 2024/09/09 7:15 p.m.56 views

CVE-2024-7318

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

4.8CVSS0.00393EPSS
Exploits0References4
Total number of security vulnerabilities5000