Lucene search
K
NvdMost viewed

364746 matches found

NVD
NVD
added 2022/01/21 12:15 a.m.56 views

CVE-2022-22893

Jerryscript 3.0.0 was discovered to contain a stack overflow via vmloop.ltopriv.304 in /jerry-core/vm/vm.c...

7.8CVSS0.00742EPSS
Exploits1References1
NVD
NVD
added 2021/07/12 11:15 a.m.56 views

CVE-2021-22916

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure...

5.9CVSS0.01826EPSS
Exploits0References1
NVD
NVD
added 2021/06/24 12:15 p.m.56 views

CVE-2021-33604

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

2.5CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2021/06/10 5:15 p.m.56 views

CVE-2021-31839

Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server...

4.8CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 2021/06/07 12:15 p.m.56 views

CVE-2021-33904

In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

6.1CVSS0.10053EPSS
Exploits5References2
NVD
NVD
added 2021/04/14 2:15 p.m.56 views

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

6.1CVSS0.97461EPSS
Exploits1References1
NVD
NVD
added 2021/03/25 9:15 p.m.56 views

CVE-2021-29097

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

7.8CVSS0.02412EPSS
Exploits0References9
NVD
NVD
added 2021/03/09 1:15 a.m.56 views

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

6.8CVSS0.03289EPSS
Exploits1References2
NVD
NVD
added 2021/02/01 3:15 p.m.56 views

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

9.3CVSS9.2AI score0.07164EPSS
Exploits3References4
NVD
NVD
added 2020/09/09 7:15 p.m.56 views

CVE-2020-1912

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...

8.1CVSS0.01813EPSS
Exploits0References2
NVD
NVD
added 2020/06/08 2:15 p.m.56 views

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...

8.8CVSS8.3AI score0.04264EPSS
Exploits1References1
NVD
NVD
added 2020/02/25 5:15 p.m.56 views

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files e.g., on some Linux distributions because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c...

4.7CVSS5.5AI score0.009EPSS
Exploits4References5
NVD
NVD
added 2020/01/21 5:15 p.m.56 views

CVE-2020-6857

CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary...

5.5CVSS5.5AI score0.00967EPSS
Exploits8References6
NVD
NVD
added 2019/10/02 2:15 p.m.56 views

CVE-2019-17091

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled...

6.1CVSS6.6AI score0.02469EPSS
Exploits1References17
NVD
NVD
added 2019/02/28 6:29 p.m.56 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS7.1AI score0.01549EPSS
Exploits0References15
NVD
NVD
added 2017/12/12 6:29 p.m.56 views

CVE-2017-17561

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...

7.2CVSS7.1AI score0.01409EPSS
Exploits4References2
NVD
NVD
added 2014/01/19 6:2 p.m.56 views

CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

7.5CVSS7.6AI score0.07199EPSS
Exploits0References5
NVD
NVD
added 2010/08/31 8:0 p.m.56 views

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control UfPBCtrl.dll in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer...

9.3CVSS7.4AI score0.39216EPSS
Exploits14References8
NVD
NVD
added 2006/06/05 5:2 p.m.56 views

CVE-2006-2806

The SMTP server in Apache Java Mail Enterprise Server aka Apache James 2.2.0 allows remote attackers to cause a denial of service CPU consumption via a long argument to the MAIL command...

7.8CVSS6.6AI score0.06258EPSS
Exploits1References5
NVD
NVD
added 2026/05/15 3:16 a.m.55 views

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

9.3CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 4:16 p.m.55 views

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

7CVSS0.00505EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.55 views

CVE-2026-6800

The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

4.4CVSS0.00195EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 4:16 a.m.55 views

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS0.00457EPSS
Exploits0References11
NVD
NVD
added 2026/05/06 8:16 p.m.55 views

CVE-2026-44109

OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...

9.8CVSS0.00718EPSS
Exploits1References3
NVD
NVD
added 2025/10/01 4:15 p.m.55 views

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

8.8CVSS0.00481EPSS
Exploits1References3
NVD
NVD
added 2025/09/26 4:15 p.m.55 views

CVE-2025-58385

In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users there is hard-coded and predictable data...

7.1CVSS0.00136EPSS
Exploits0References2
NVD
NVD
added 2025/09/16 10:15 p.m.55 views

CVE-2025-9708

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

6.8CVSS0.00288EPSS
Exploits0References3
NVD
NVD
added 2025/08/15 6:15 p.m.55 views

CVE-2025-55285

@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If $ secrets.x is not passed...

2.6CVSS0.0021EPSS
Exploits0References2
NVD
NVD
added 2025/08/12 3:15 a.m.55 views

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

4.5CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 2025/06/16 5:15 p.m.55 views

CVE-2025-5309

The chat feature within Remote Support RS and Privileged Remote Access PRA is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution...

9.8CVSS0.00875EPSS
Exploits0References1
NVD
NVD
added 2025/06/04 6:15 p.m.55 views

CVE-2025-5600

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated...

10CVSS0.00995EPSS
Exploits1References5
NVD
NVD
added 2025/05/02 9:15 p.m.55 views

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information...

5CVSS0.01189EPSS
Exploits4References4
NVD
NVD
added 2025/04/30 3:16 p.m.55 views

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS0.00618EPSS
Exploits1References2
NVD
NVD
added 2025/04/27 1:15 a.m.55 views

CVE-2025-46672

NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking...

8.8CVSS0.00434EPSS
Exploits1References3
NVD
NVD
added 2025/03/25 9:15 p.m.55 views

CVE-2025-25372

NASA cFS Core Flight System Aquila is vulnerable to segmentation fault via sending a malicious telecommand to the Memory Management Module...

7.5CVSS0.00458EPSS
Exploits1References1
NVD
NVD
added 2025/03/21 6:15 a.m.55 views

CVE-2025-30345

An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...

4.1CVSS0.0026EPSS
Exploits1References1
NVD
NVD
added 2025/03/03 4:15 a.m.55 views

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

9.8CVSS0.26338EPSS
Exploits1References2
NVD
NVD
added 2025/02/11 11:15 p.m.55 views

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

5.4CVSS0.00763EPSS
Exploits2References1
NVD
NVD
added 2025/01/21 6:15 p.m.55 views

CVE-2025-24019

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS0.00568EPSS
Exploits1References2
NVD
NVD
added 2025/01/10 4:15 p.m.55 views

CVE-2025-22599

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

6.5CVSS0.00393EPSS
Exploits1References1
NVD
NVD
added 2024/12/17 10:15 p.m.55 views

CVE-2023-37940

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.55 views

CVE-2023-36681

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2...

9.8CVSS0.00906EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 2:15 p.m.55 views

CVE-2024-52453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in photonicgnostic Library Bookshelves library-bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through = 5.8...

7.1CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 3:15 p.m.55 views

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

9.9CVSS0.01419EPSS
Exploits0References4
NVD
NVD
added 2024/10/22 11:15 p.m.55 views

CVE-2024-7587

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and...

7.8CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2024/09/30 4:15 p.m.55 views

CVE-2024-47532

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

8.7CVSS0.0071EPSS
Exploits1References2
NVD
NVD
added 2024/09/26 6:15 p.m.55 views

CVE-2024-47075

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

6.4CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2024/09/12 9:15 a.m.55 views

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.63134EPSS
Exploits6References4
NVD
NVD
added 2024/09/10 5:15 p.m.55 views

CVE-2024-38240

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability...

9.8CVSS0.01486EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 2:15 p.m.55 views

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

8.1CVSS0.00392EPSS
Exploits0References4
Total number of security vulnerabilities5000