Lucene search
K
NvdMost viewed

364597 matches found

NVD
NVD
•added 2024/09/10 5:15 p.m.•56 views

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability...

9.8CVSS0.01381EPSS
Exploits0References1
NVD
NVD
•added 2024/09/09 7:15 p.m.•56 views

CVE-2024-7318

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

4.8CVSS0.00393EPSS
Exploits0References4
NVD
NVD
•added 2024/09/09 7:15 a.m.•56 views

CVE-2024-45203

Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a...

4.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2024/08/15 3:15 p.m.•56 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS0.01773EPSS
Exploits0References2
NVD
NVD
•added 2024/08/03 9:15 a.m.•56 views

CVE-2024-7031

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

8.8CVSS0.00624EPSS
Exploits0References4
NVD
NVD
•added 2024/07/30 9:15 p.m.•56 views

CVE-2024-5901

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00393EPSS
Exploits0References3
NVD
NVD
•added 2024/07/09 7:15 p.m.•56 views

CVE-2024-39899

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication toke...

5.3CVSS0.00627EPSS
Exploits0References3
NVD
NVD
•added 2024/07/09 5:15 p.m.•56 views

CVE-2024-30105

.NET and Visual Studio Denial of Service Vulnerability...

7.5CVSS0.02915EPSS
Exploits0References1
NVD
NVD
•added 2024/07/01 3:15 p.m.•56 views

CVE-2024-21482

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs image...

7.8CVSS0.00109EPSS
Exploits0References1
NVD
NVD
•added 2024/06/19 6:15 p.m.•56 views

CVE-2024-36116

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the...

9.8CVSS0.01475EPSS
Exploits1References3
NVD
NVD
•added 2024/06/09 7:15 p.m.•56 views

CVE-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

8.8CVSS0.28807EPSS
Exploits1References6
NVD
NVD
•added 2024/06/07 4:15 a.m.•56 views

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

9.8CVSS0.01477EPSS
Exploits0References3
NVD
NVD
•added 2024/04/16 6:15 p.m.•56 views

CVE-2023-40000

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7...

8.3CVSS8.2AI score0.54872EPSS
Exploits5References2
NVD
NVD
•added 2024/03/20 11:15 p.m.•56 views

CVE-2024-2443

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub...

9.1CVSS9.6AI score0.02086EPSS
Exploits0References5
NVD
NVD
•added 2024/03/18 7:15 a.m.•56 views

CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

6.5CVSS6.2AI score0.0074EPSS
Exploits0References4
NVD
NVD
•added 2024/02/27 2:15 p.m.•56 views

CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.3AI score0.01045EPSS
Exploits0References4
NVD
NVD
•added 2024/02/06 1:15 a.m.•56 views

CVE-2023-6231

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...

9.8CVSS9.9AI score0.01383EPSS
Exploits0References4
NVD
NVD
•added 2024/01/30 4:15 p.m.•56 views

CVE-2024-22193

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

4.3CVSS3.9AI score0.00257EPSS
Exploits0References2
NVD
NVD
•added 2024/01/18 12:15 a.m.•56 views

CVE-2024-22416

pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...

9.6CVSS9.4AI score0.00948EPSS
Exploits1References3
NVD
NVD
•added 2024/01/17 7:15 a.m.•56 views

CVE-2023-51724

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of...

6.9CVSS6.4AI score0.00358EPSS
Exploits0References1
NVD
NVD
•added 2023/12/28 5:15 a.m.•56 views

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

7.8CVSS0.09123EPSS
Exploits4References2
NVD
NVD
•added 2023/12/12 3:15 p.m.•56 views

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

9.8CVSS0.23466EPSS
Exploits4References1
NVD
NVD
•added 2023/11/20 6:15 p.m.•56 views

CVE-2023-48292

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

9.6CVSS0.22938EPSS
Exploits2References3
NVD
NVD
•added 2023/08/06 12:15 a.m.•56 views

CVE-2023-32600

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Rank Math SEO plugin = 1.0.119 versions...

6.5CVSS5.8AI score0.00332EPSS
Exploits0References1
NVD
NVD
•added 2023/08/02 11:15 p.m.•56 views

CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

9.8CVSS9.9AI score0.02798EPSS
Exploits0References1
NVD
NVD
•added 2023/07/17 10:15 p.m.•56 views

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

7.8CVSS0.00632EPSS
Exploits0References4
NVD
NVD
•added 2023/06/14 6:15 p.m.•56 views

CVE-2023-2976

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

7.1CVSS6.4AI score0.00248EPSS
Exploits0References4
NVD
NVD
•added 2023/05/10 2:15 p.m.•56 views

CVE-2023-25568

Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users acceptin...

8.2CVSS8.2AI score0.00856EPSS
Exploits0References4
NVD
NVD
•added 2023/05/08 2:15 p.m.•56 views

CVE-2023-0268

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1
NVD
NVD
•added 2023/05/02 6:15 a.m.•56 views

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool...

8.4CVSS8.6AI score0.0018EPSS
Exploits2References2
NVD
NVD
•added 2023/03/14 7:15 a.m.•56 views

CVE-2022-47162

Cross-Site Request Forgery CSRF vulnerability in Dannie Herdyawan DH – Anti AdBlocker plugin = 36 versions...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References1
NVD
NVD
•added 2023/02/28 3:15 p.m.•56 views

CVE-2022-47612

Cross-Site Request Forgery CSRF vulnerability in Roland Barker, xnau webdesign Participants Database plugin = 2.4.5 leads to list column update...

4.3CVSS4.7AI score0.00231EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 9:15 p.m.•56 views

CVE-2023-23941

SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card, the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has bee...

7.5CVSS7.5AI score0.00297EPSS
Exploits0References2
NVD
NVD
•added 2022/10/13 11:15 p.m.•56 views

CVE-2022-39278

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

7.5CVSS0.01063EPSS
Exploits0References4
NVD
NVD
•added 2022/09/21 6:15 p.m.•56 views

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

3.7CVSS0.00467EPSS
Exploits0References1
NVD
NVD
•added 2022/07/14 3:15 p.m.•56 views

CVE-2022-29593

relaycgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request...

5.9CVSS0.10436EPSS
Exploits5References3
NVD
NVD
•added 2022/06/01 3:15 p.m.•56 views

CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability...

7.5CVSS0.01031EPSS
Exploits0References2
NVD
NVD
•added 2022/05/21 12:15 a.m.•56 views

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

6.5CVSS0.00793EPSS
Exploits0References2
NVD
NVD
•added 2022/03/09 11:15 p.m.•56 views

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...

7.7CVSS0.00329EPSS
Exploits0References2
NVD
NVD
•added 2022/02/04 11:15 p.m.•56 views

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

7.5CVSS0.00973EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•56 views

CVE-2022-23579

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS0.00821EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•56 views

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS0.70511EPSS
Exploits3References2
NVD
NVD
•added 2022/01/21 12:15 a.m.•56 views

CVE-2022-22893

Jerryscript 3.0.0 was discovered to contain a stack overflow via vmloop.ltopriv.304 in /jerry-core/vm/vm.c...

7.8CVSS0.00742EPSS
Exploits1References1
NVD
NVD
•added 2021/07/12 11:15 a.m.•56 views

CVE-2021-22916

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure...

5.9CVSS0.01826EPSS
Exploits0References1
NVD
NVD
•added 2021/06/10 5:15 p.m.•56 views

CVE-2021-31839

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server...

4.8CVSS0.00182EPSS
Exploits0References1
NVD
NVD
•added 2021/06/07 12:15 p.m.•56 views

CVE-2021-33904

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

6.1CVSS0.10053EPSS
Exploits5References2
NVD
NVD
•added 2021/04/14 2:15 p.m.•56 views

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

6.1CVSS0.97461EPSS
Exploits1References1
NVD
NVD
•added 2021/03/25 9:15 p.m.•56 views

CVE-2021-29097

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

7.8CVSS0.02412EPSS
Exploits0References9
NVD
NVD
•added 2021/03/09 1:15 a.m.•56 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS0.03289EPSS
Exploits1References2
NVD
NVD
•added 2021/02/01 3:15 p.m.•56 views

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

9.3CVSS9.2AI score0.07164EPSS
Exploits3References4
Total number of security vulnerabilities5000