Lucene search
K
NvdMost viewed

364673 matches found

NVD
NVD
added 2020/09/09 7:15 p.m.55 views

CVE-2020-1913

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

8.1CVSS0.01202EPSS
Exploits0References2
NVD
NVD
added 2020/04/28 2:15 p.m.55 views

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

9CVSS8.7AI score0.09999EPSS
Exploits3References4
NVD
NVD
added 2020/04/22 4:15 p.m.55 views

CVE-2020-10712

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from...

8.2CVSS7.3AI score0.0097EPSS
Exploits0References1
NVD
NVD
added 2019/09/30 12:15 p.m.55 views

CVE-2019-16676

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...

9.8CVSS9.5AI score0.034EPSS
Exploits1References3
NVD
NVD
added 2019/09/12 2:15 p.m.55 views

CVE-2019-10400

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...

4.9CVSS5.1AI score0.01047EPSS
Exploits0References2
NVD
NVD
added 2019/09/05 10:15 p.m.55 views

CVE-2019-2123

In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

7.8CVSS7.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2019/08/09 1:15 p.m.55 views

CVE-2019-14312

Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI...

6.5CVSS6.3AI score0.20586EPSS
Exploits5References2
NVD
NVD
added 2018/07/11 12:29 a.m.55 views

CVE-2018-8171

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2...

7.5CVSS7.4AI score0.09832EPSS
Exploits0References3
NVD
NVD
added 2014/02/11 5:55 p.m.55 views

CVE-2014-1459

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...

6.5CVSS7.9AI score0.02269EPSS
Exploits5References7
NVD
NVD
added 2011/08/29 3:55 p.m.55 views

CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS7.4AI score0.98945EPSS
Exploits17References72
NVD
NVD
added 2010/03/16 7:0 p.m.55 views

CVE-2010-0970

SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.3AI score0.00981EPSS
Exploits1References3
NVD
NVD
added 1999/06/03 4:0 a.m.55 views

CVE-1999-1412

A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service crash via a flood of HTTP GET requests to CGI programs, which generates a large number of processes...

5CVSS6.2AI score0.35342EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 5:16 p.m.54 views

CVE-2026-9087

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

8.1CVSS0.00312EPSS
Exploits0References6
NVD
NVD
added 2026/05/13 10:16 p.m.54 views

CVE-2026-44194

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...

9.1CVSS0.06355EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 6:16 p.m.54 views

CVE-2026-44996

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

6.3CVSS0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/05/10 1:16 p.m.54 views

CVE-2022-50947

WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...

6.4CVSS0.00197EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 3:16 p.m.54 views

CVE-2026-43458

In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...

7.8CVSS0.00117EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 10:16 p.m.54 views

CVE-2026-33109

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9.9CVSS0.00711EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 7:16 p.m.54 views

CVE-2026-42228

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

6.5CVSS0.00383EPSS
Exploits1References1
NVD
NVD
added 2026/05/02 9:16 p.m.54 views

CVE-2026-7668

A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1STRINGdata in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated...

7.5CVSS0.003EPSS
Exploits0References4
NVD
NVD
added 2025/10/01 8:18 p.m.54 views

CVE-2025-58769

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

3.3CVSS0.00329EPSS
Exploits0References6
NVD
NVD
added 2025/07/30 1:15 a.m.54 views

CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

5.1CVSS0.00197EPSS
Exploits1References3
NVD
NVD
added 2025/07/28 2:15 p.m.54 views

CVE-2025-8279

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...

9.8CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 6:15 p.m.54 views

CVE-2025-53483

ArchivePage.php, UnarchivePage.php, and VoterEligibilityPageexecuteClear do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42....

8.8CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2025/06/09 6:15 p.m.54 views

CVE-2025-49651

Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...

8.1CVSS0.00286EPSS
Exploits0References1
NVD
NVD
added 2025/06/02 12:15 p.m.54 views

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

5.4CVSS0.00117EPSS
Exploits0References2
NVD
NVD
added 2025/05/30 7:15 p.m.54 views

CVE-2025-48943

vLLM is an inference and serving engine for large language models LLMs. Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service ReDoS that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to...

6.5CVSS0.004EPSS
Exploits0References4
NVD
NVD
added 2025/05/23 4:15 p.m.54 views

CVE-2025-48376

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser Host could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue...

3.5CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2025/05/13 1:15 a.m.54 views

CVE-2025-43010

SAP S/4HANA Cloud Private Edition or on Premise SCM Master Data Layer MDL allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation an...

8.3CVSS0.00414EPSS
Exploits0References2
NVD
NVD
added 2025/04/30 3:16 p.m.54 views

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS0.00618EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 2:15 p.m.54 views

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

4.8CVSS0.00214EPSS
Exploits1References2
NVD
NVD
added 2025/02/08 10:15 a.m.54 views

CVE-2025-1115

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function...

5.5CVSS0.00289EPSS
Exploits1References4
NVD
NVD
added 2025/01/21 6:15 p.m.54 views

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting XSS vulnerabilities in the create/edit forms of the worksheet designer function...

5.4CVSS0.00497EPSS
Exploits3References2
NVD
NVD
added 2025/01/04 2:15 p.m.54 views

CVE-2024-10957

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

8.8CVSS0.00712EPSS
Exploits0References3
NVD
NVD
added 2024/12/17 1:15 p.m.54 views

CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS0.43663EPSS
Exploits13References5
NVD
NVD
added 2024/12/05 11:15 a.m.54 views

CVE-2024-52270

User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...

8.2CVSS0.00191EPSS
Exploits0References6
NVD
NVD
added 2024/11/25 8:15 a.m.54 views

CVE-2024-10451

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...

5.9CVSS0.00937EPSS
Exploits0References6
NVD
NVD
added 2024/11/22 8:15 p.m.54 views

CVE-2023-51648

Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a...

7.5CVSS0.01904EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 8:15 p.m.54 views

CVE-2024-2207

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities...

6CVSS0.00136EPSS
Exploits0References1
NVD
NVD
added 2024/10/03 6:15 p.m.54 views

CVE-2024-41988

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

9.3CVSS0.00594EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 9:15 a.m.54 views

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.63134EPSS
Exploits6References4
NVD
NVD
added 2024/09/10 5:15 p.m.54 views

CVE-2024-38240

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability...

9.8CVSS0.01486EPSS
Exploits0References1
NVD
NVD
added 2024/09/09 7:15 p.m.54 views

CVE-2024-7341

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authenticati...

7.1CVSS0.008EPSS
Exploits0References12
NVD
NVD
added 2024/09/04 4:15 p.m.54 views

CVE-2024-8391

In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client. This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty...

7.5CVSS0.0058EPSS
Exploits0References2
NVD
NVD
added 2024/09/04 4:15 p.m.54 views

CVE-2024-45314

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

5.5CVSS0.00262EPSS
Exploits0References2
NVD
NVD
added 2024/08/27 8:15 p.m.54 views

CVE-2024-8212

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue...

9.8CVSS0.07482EPSS
Exploits1References6
NVD
NVD
added 2024/08/01 3:15 p.m.54 views

CVE-2024-39777

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...

9.6CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2024/07/30 9:15 a.m.54 views

CVE-2024-41141

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed th...

6.1CVSS0.00271EPSS
Exploits0References2
NVD
NVD
added 2024/07/29 9:15 p.m.54 views

CVE-2023-42925

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments...

3.3CVSS0.00165EPSS
Exploits0References2
NVD
NVD
added 2024/07/16 8:15 p.m.54 views

CVE-2024-21686

This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.7CVSS0.0089EPSS
Exploits0References2
Total number of security vulnerabilities5000