Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2014/01/31 3:7 p.m.56 views

CVE-2013-6235

Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...

4.3CVSS5.7AI score0.02232EPSS
Exploits2References8
NVD
NVD
added 2014/01/19 6:2 p.m.56 views

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

7.5CVSS7.6AI score0.07199EPSS
Exploits0References5
NVD
NVD
added 2010/08/31 8:0 p.m.56 views

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control UfPBCtrl.dll in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer...

9.3CVSS7.4AI score0.39216EPSS
Exploits14References8
NVD
NVD
added 2026/05/15 10:16 p.m.55 views

CVE-2026-45347

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

5.4CVSS0.00186EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 4:16 p.m.55 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00505EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 6:16 p.m.55 views

CVE-2026-44580

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...

6.1CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.55 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 4:16 a.m.55 views

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS0.00457EPSS
Exploits0References11
NVD
NVD
added 2026/05/06 8:16 p.m.55 views

CVE-2026-44109

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

9.8CVSS0.00718EPSS
Exploits1References3
NVD
NVD
added 2026/05/06 12:16 p.m.55 views

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

7.8CVSS0.00138EPSS
Exploits0References4
NVD
NVD
added 2025/11/27 6:15 p.m.55 views

CVE-2025-12421

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...

9.9CVSS0.0031EPSS
Exploits0References1
NVD
NVD
added 2025/10/01 4:15 p.m.55 views

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

8.8CVSS0.00481EPSS
Exploits1References3
NVD
NVD
added 2025/08/15 6:15 p.m.55 views

CVE-2025-55285

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...

2.6CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 3:15 a.m.55 views

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

4.5CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 2025/06/04 6:15 p.m.55 views

CVE-2025-5600

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated...

10CVSS0.00995EPSS
Exploits1References5
NVD
NVD
added 2025/05/02 9:15 p.m.55 views

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information...

5CVSS0.01189EPSS
Exploits4References4
NVD
NVD
added 2025/03/25 9:15 p.m.55 views

CVE-2025-25372

NASA cFS Core Flight System Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module...

7.5CVSS0.00458EPSS
Exploits1References1
NVD
NVD
added 2025/03/24 5:15 p.m.55 views

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

8CVSS0.00317EPSS
Exploits1References5
NVD
NVD
added 2025/03/21 6:15 a.m.55 views

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...

4.1CVSS0.0026EPSS
Exploits1References1
NVD
NVD
added 2025/01/10 4:15 p.m.55 views

CVE-2025-22599

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

6.5CVSS0.00393EPSS
Exploits1References1
NVD
NVD
added 2025/01/05 4:15 p.m.55 views

CVE-2025-0222

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

6.8CVSS0.00349EPSS
Exploits1References4
NVD
NVD
added 2024/12/17 10:15 p.m.55 views

CVE-2023-37940

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.55 views

CVE-2023-36681

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2...

9.8CVSS0.00719EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 3:15 p.m.55 views

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

9.9CVSS0.01419EPSS
Exploits0References4
NVD
NVD
added 2024/10/22 11:15 p.m.55 views

CVE-2024-7587

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and...

7.8CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2024/09/26 6:15 p.m.55 views

CVE-2024-47075

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

6.4CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 2:15 a.m.55 views

CVE-2024-6342

UNSUPPORTED WHEN ASSIGNED A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21AAZF.18C0 and NAS542 firmware versions through V5.21ABAG.15C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...

9.8CVSS0.02064EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 2:15 p.m.55 views

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

8.1CVSS0.00392EPSS
Exploits0References4
NVD
NVD
added 2024/08/16 2:15 a.m.55 views

CVE-2024-7849

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-...

9CVSS0.0117EPSS
Exploits0References5
NVD
NVD
added 2024/08/13 11:15 a.m.55 views

CVE-2024-38787

Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through = 1.26.8...

7.5CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2024/07/04 2:15 p.m.55 views

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

6.4CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2024/06/26 12:15 a.m.55 views

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1...

7.2CVSS0.03832EPSS
Exploits0References4
NVD
NVD
added 2024/06/17 8:15 p.m.55 views

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS0.01357EPSS
Exploits0References8
NVD
NVD
added 2024/06/09 7:15 p.m.55 views

CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS0.00382EPSS
Exploits1References5
NVD
NVD
added 2024/06/07 4:15 a.m.55 views

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via imconvertpath and imidentifypath. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641...

9.8CVSS0.01477EPSS
Exploits0References3
NVD
NVD
added 2024/06/04 10:15 p.m.55 views

CVE-2024-30889

Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widgettype, requestid, payload parameters...

5.4CVSS5.8AI score0.00485EPSS
Exploits1References1
NVD
NVD
added 2024/05/20 10:15 a.m.55 views

CVE-2024-35968

In the Linux kernel, the following vulnerability has been resolved: pdscore: Fix pdsccheckpcihealth function to use work thread When the driver notices fwstatus == 0xff it tries to perform a PCI reset on itself via pciresetfunction in the context of the driver's health thread. However,...

5.5CVSS6.3AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 8:15 a.m.55 views

CVE-2024-30565

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...

8.8CVSS7.7AI score0.01613EPSS
Exploits1References1
NVD
NVD
added 2024/03/18 7:15 p.m.55 views

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

7.5CVSS7.4AI score0.01176EPSS
Exploits1References5
NVD
NVD
added 2024/02/05 9:15 p.m.55 views

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

5.3CVSS4.7AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2023/11/17 2:15 p.m.55 views

CVE-2023-26364

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

5.3CVSS0.00985EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 6:17 p.m.55 views

CVE-2023-26571

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers...

7.5CVSS7.7AI score0.00603EPSS
Exploits0References1
NVD
NVD
added 2023/10/10 11:15 a.m.55 views

CVE-2023-44082

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0009, Tecnomatix Plant Simulation V2302 All versions V2302.0003. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. Thi...

7.8CVSS7.8AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2023/09/18 10:15 p.m.55 views

CVE-2023-42454

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

10CVSS9.4AI score0.00602EPSS
Exploits1References3
NVD
NVD
added 2023/08/29 5:15 p.m.55 views

CVE-2023-41037

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS4.4AI score0.00309EPSS
Exploits1References2
NVD
NVD
added 2023/08/17 2:15 p.m.55 views

CVE-2023-40272

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.5CVSS7.3AI score0.01667EPSS
Exploits0References3
NVD
NVD
added 2023/08/14 8:15 p.m.55 views

CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

6.1CVSS5.6AI score0.00438EPSS
Exploits1References2
NVD
NVD
added 2023/08/07 6:15 a.m.55 views

CVE-2023-0425

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

8.6CVSS8.8AI score0.004EPSS
Exploits0References1
NVD
NVD
added 2023/07/14 10:15 p.m.55 views

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

9.8CVSS0.01763EPSS
Exploits1References1
NVD
NVD
added 2023/06/16 5:15 p.m.55 views

CVE-2023-30625

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS9.3AI score0.85825EPSS
Exploits4References8
Total number of security vulnerabilities5000