Lucene search
K
NvdMost viewed

364838 matches found

NVD
NVD
added 2025/03/03 4:15 a.m.55 views

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

9.8CVSS0.26338EPSS
Exploits1References2
NVD
NVD
added 2025/02/11 11:15 p.m.55 views

CVE-2024-54772

An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those wit...

5.4CVSS0.00763EPSS
Exploits2References1
NVD
NVD
added 2025/01/29 11:15 p.m.55 views

CVE-2024-57665

JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering...

9.8CVSS0.00477EPSS
Exploits1References1
NVD
NVD
added 2025/01/21 6:15 p.m.55 views

CVE-2025-24019

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS0.00568EPSS
Exploits1References2
NVD
NVD
added 2025/01/10 4:15 p.m.55 views

CVE-2025-22599

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

6.5CVSS0.00393EPSS
Exploits1References1
NVD
NVD
added 2024/12/17 10:15 p.m.55 views

CVE-2023-37940

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

4.8CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.55 views

CVE-2023-36681

Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2...

9.8CVSS0.00906EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 2:15 p.m.55 views

CVE-2024-52453

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in photonicgnostic Library Bookshelves library-bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through = 5.8...

7.1CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 3:15 p.m.55 views

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

9.9CVSS0.01419EPSS
Exploits0References4
NVD
NVD
added 2024/09/30 4:15 p.m.55 views

CVE-2024-47532

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

8.7CVSS0.0071EPSS
Exploits1References2
NVD
NVD
added 2024/09/26 6:15 p.m.55 views

CVE-2024-47075

LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...

6.4CVSS0.0032EPSS
Exploits0References2
NVD
NVD
added 2024/09/12 9:15 a.m.55 views

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.63134EPSS
Exploits6References4
NVD
NVD
added 2024/09/10 5:15 p.m.55 views

CVE-2024-38240

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability...

9.8CVSS0.01486EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 2:15 p.m.55 views

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

8.1CVSS0.00392EPSS
Exploits0References4
NVD
NVD
added 2024/08/16 2:15 a.m.55 views

CVE-2024-7849

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-...

9CVSS0.0117EPSS
Exploits0References5
NVD
NVD
added 2024/08/13 11:15 a.m.55 views

CVE-2024-38787

Insertion of Sensitive Information Into Sent Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through = 1.26.8...

7.5CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2024/07/24 8:15 a.m.55 views

CVE-2023-32471

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits...

6CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 10:15 p.m.55 views

CVE-2024-37480

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Apollo13Themes Apollo13 Framework Extensions apollo13-framework-extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.3...

6.5CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 8:15 p.m.55 views

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.7CVSS0.0089EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.55 views

CVE-2024-35264

.NET and Visual Studio Remote Code Execution Vulnerability...

8.1CVSS0.02565EPSS
Exploits0References2
NVD
NVD
added 2024/07/04 2:15 p.m.55 views

CVE-2024-22277

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks...

6.4CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2024/06/17 8:15 p.m.55 views

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS0.01357EPSS
Exploits0References8
NVD
NVD
added 2024/06/11 3:16 p.m.55 views

CVE-2024-34820

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1...

6.5CVSS0.00437EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 7:15 p.m.55 views

CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS0.00382EPSS
Exploits1References5
NVD
NVD
added 2024/06/05 1:15 p.m.55 views

CVE-2024-3469

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

6.1CVSS6AI score0.00637EPSS
Exploits0References2
NVD
NVD
added 2024/06/04 10:15 p.m.55 views

CVE-2024-30889

Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widgettype, requestid, payload parameters...

5.4CVSS5.8AI score0.00485EPSS
Exploits1References1
NVD
NVD
added 2024/05/20 10:15 a.m.55 views

CVE-2024-35968

In the Linux kernel, the following vulnerability has been resolved: pdscore: Fix pdsccheckpcihealth function to use work thread When the driver notices fwstatus == 0xff it tries to perform a PCI reset on itself via pciresetfunction in the context of the driver's health thread. However,...

5.5CVSS6.3AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 8:15 a.m.55 views

CVE-2024-30565

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php...

8.8CVSS7.7AI score0.01613EPSS
Exploits1References1
NVD
NVD
added 2024/03/18 7:15 p.m.55 views

CVE-2024-21661

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service DoS attack, rendering the application inoperable and affecting all users. The issue...

7.5CVSS7.4AI score0.01176EPSS
Exploits1References5
NVD
NVD
added 2024/03/06 7:15 p.m.55 views

CVE-2024-27302

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

9.1CVSS9.1AI score0.00774EPSS
Exploits2References2
NVD
NVD
added 2024/02/05 9:15 p.m.55 views

CVE-2024-24559

Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the IR for sha364. Concretely, the height variable is miscalculated. The vulnerability can't be triggered without writing the IR by hand that is, it cannot be triggered from regular...

5.3CVSS4.7AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2024/01/12 9:15 a.m.55 views

CVE-2023-48909

An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function...

8.8CVSS9AI score0.0091EPSS
Exploits1References2
NVD
NVD
added 2024/01/11 7:15 p.m.55 views

CVE-2024-0422

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /newitem of the component New Item Creation Page. The manipulation of the argument newitem leads to cross sit...

5.4CVSS4.2AI score0.00497EPSS
Exploits1References3
NVD
NVD
added 2023/11/17 2:15 p.m.55 views

CVE-2023-26364

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

5.3CVSS0.00985EPSS
Exploits0References1
NVD
NVD
added 2023/11/13 8:15 p.m.55 views

CVE-2023-47621

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...

8.8CVSS0.01022EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.55 views

CVE-2023-26571

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers...

7.5CVSS7.7AI score0.00603EPSS
Exploits0References1
NVD
NVD
added 2023/10/14 5:15 a.m.55 views

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

9.8CVSS8.9AI score0.02079EPSS
Exploits1References2
NVD
NVD
added 2023/10/10 11:15 a.m.55 views

CVE-2023-44082

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0009, Tecnomatix Plant Simulation V2302 All versions V2302.0003. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. Thi...

7.8CVSS7.8AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2023/09/18 10:15 p.m.55 views

CVE-2023-42454

SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the sqlpage/sqlpage.json configuration file not in an environment variable, with the webroot is the current working...

10CVSS9.4AI score0.00602EPSS
Exploits1References3
NVD
NVD
added 2023/08/17 2:15 p.m.55 views

CVE-2023-40272

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.5CVSS7.3AI score0.01667EPSS
Exploits0References3
NVD
NVD
added 2023/08/14 8:15 p.m.55 views

CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

6.1CVSS5.6AI score0.00438EPSS
Exploits1References2
NVD
NVD
added 2023/08/07 9:15 p.m.55 views

CVE-2023-39527

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

8.3CVSS7.9AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2023/08/07 6:15 a.m.55 views

CVE-2023-0425

ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make th...

8.6CVSS8.8AI score0.004EPSS
Exploits0References1
NVD
NVD
added 2023/07/14 10:15 p.m.55 views

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

9.8CVSS0.01763EPSS
Exploits1References1
NVD
NVD
added 2023/06/16 5:15 p.m.55 views

CVE-2023-30625

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS9.3AI score0.85825EPSS
Exploits4References8
NVD
NVD
added 2023/06/08 10:15 p.m.55 views

CVE-2023-34243

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct respon...

5.8CVSS5.5AI score0.0046EPSS
Exploits0References2
NVD
NVD
added 2023/06/01 2:15 a.m.55 views

CVE-2023-28937

DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and...

8.8CVSS8.7AI score0.00812EPSS
Exploits0References8
NVD
NVD
added 2023/05/18 10:15 p.m.55 views

CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

9.8CVSS9.9AI score0.01249EPSS
Exploits0References2
NVD
NVD
added 2023/05/02 1:15 p.m.55 views

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

7.5CVSS5.3AI score0.00929EPSS
Exploits0References3
NVD
NVD
added 2023/04/19 8:15 p.m.55 views

CVE-2023-30797

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...

7.5CVSS7.6AI score0.00784EPSS
Exploits0References4
Total number of security vulnerabilities5000