Lucene search
K
NvdMost viewed

363614 matches found

NVD
NVD
added 2024/07/29 9:15 p.m.53 views

CVE-2023-42925

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments...

3.3CVSS0.00165EPSS
Exploits0References2
NVD
NVD
added 2024/07/25 10:15 a.m.53 views

CVE-2024-37084

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...

9.8CVSS0.35211EPSS
Exploits4References1
NVD
NVD
added 2024/07/16 11:15 p.m.53 views

CVE-2024-21181

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

9.8CVSS0.01119EPSS
Exploits0References1
NVD
NVD
added 2024/07/11 7:15 a.m.53 views

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

9.8CVSS0.0287EPSS
Exploits2References4
NVD
NVD
added 2024/07/11 4:15 a.m.53 views

CVE-2024-6397

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS0.00706EPSS
Exploits0References6
NVD
NVD
added 2024/07/09 5:15 p.m.53 views

CVE-2024-38021

Microsoft Outlook Remote Code Execution Vulnerability...

8.8CVSS0.03526EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 9:15 a.m.53 views

CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'aysquestions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS0.11755EPSS
Exploits0References6
NVD
NVD
added 2024/06/18 5:15 p.m.53 views

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

5.7CVSS0.0046EPSS
Exploits0References4
NVD
NVD
added 2024/06/11 5:15 p.m.53 views

CVE-2024-30064

Windows Kernel Elevation of Privilege Vulnerability...

8.8CVSS0.00791EPSS
Exploits0References1
NVD
NVD
added 2024/06/07 12:15 p.m.53 views

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

7.8CVSS0.00758EPSS
Exploits0References2
NVD
NVD
added 2024/05/26 12:15 a.m.53 views

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

9.8CVSS6.4AI score0.00769EPSS
Exploits1References4
NVD
NVD
added 2024/05/07 4:15 p.m.53 views

CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6AI score0.00784EPSS
Exploits0References6
NVD
NVD
added 2024/05/07 3:15 p.m.53 views

CVE-2024-32370

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component...

9.8CVSS6AI score0.01043EPSS
Exploits1References2
NVD
NVD
added 2024/04/09 6:15 p.m.53 views

CVE-2024-31457

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

7.7CVSS7.8AI score0.00904EPSS
Exploits0References3
NVD
NVD
added 2024/03/26 9:15 p.m.53 views

CVE-2024-25421

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOMCACHE component...

9.8CVSS6.8AI score0.0165EPSS
Exploits2References3
NVD
NVD
added 2024/03/21 2:52 a.m.53 views

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.8CVSS8.4AI score0.02276EPSS
Exploits1References10
NVD
NVD
added 2024/03/21 12:15 a.m.53 views

CVE-2024-28916

Xbox Gaming Services Elevation of Privilege Vulnerability...

8.8CVSS8.8AI score0.00652EPSS
Exploits0References1
NVD
NVD
added 2023/12/24 7:15 a.m.53 views

CVE-2023-51767

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

7CVSS0.00661EPSS
Exploits0References34
NVD
NVD
added 2023/12/18 11:15 p.m.53 views

CVE-2023-49155

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

8.8CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2023/12/05 11:15 p.m.53 views

CVE-2023-49282

msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...

5.4CVSS0.02203EPSS
Exploits0References5
NVD
NVD
added 2023/10/26 9:15 p.m.53 views

CVE-2023-33558

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames...

7.5CVSS7.2AI score0.00527EPSS
Exploits0References2
NVD
NVD
added 2023/10/14 5:15 a.m.53 views

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

9.8CVSS8.9AI score0.02079EPSS
Exploits1References2
NVD
NVD
added 2023/09/06 1:15 p.m.53 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

4.3CVSS5AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2023/08/30 12:15 p.m.53 views

CVE-2023-32742

Unauth. Reflected Cross-Site Scripting XSS vulnerability in VeronaLabs WP SMS plugin = 6.1.4 versions...

7.1CVSS6.2AI score0.00396EPSS
Exploits0References1
NVD
NVD
added 2023/08/07 9:15 p.m.53 views

CVE-2023-39527

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

8.3CVSS7.9AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2023/07/18 3:15 a.m.53 views

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

7.8CVSS0.00148EPSS
Exploits0References1
NVD
NVD
added 2023/07/13 1:15 a.m.53 views

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

8.8CVSS0.86733EPSS
Exploits1References3
NVD
NVD
added 2023/07/11 6:15 p.m.53 views

CVE-2023-33152

Microsoft ActiveX Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00479EPSS
Exploits0References1
NVD
NVD
added 2023/07/06 4:15 p.m.53 views

CVE-2023-34193

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...

8.8CVSS8.7AI score0.01169EPSS
Exploits0References3
NVD
NVD
added 2023/07/06 3:15 p.m.53 views

CVE-2023-24519

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

8.8CVSS8.9AI score0.0345EPSS
Exploits1References2
NVD
NVD
added 2023/06/28 6:15 p.m.53 views

CVE-2023-21178

In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-14076241...

4.1CVSS4AI score0.00054EPSS
Exploits0References1
NVD
NVD
added 2023/06/08 2:15 a.m.53 views

CVE-2023-2986

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

9.8CVSS9.8AI score0.41077EPSS
Exploits5References8
NVD
NVD
added 2023/05/29 12:15 a.m.53 views

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

8.8CVSS8.8AI score0.04898EPSS
Exploits3References1
NVD
NVD
added 2023/05/18 10:15 p.m.53 views

CVE-2023-23556

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...

9.8CVSS9.8AI score0.00891EPSS
Exploits0References2
NVD
NVD
added 2023/05/18 9:15 a.m.53 views

CVE-2023-30868

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jon Christopher CMS Tree Page View plugin = 1.6.7 versions...

7.1CVSS6.2AI score0.03995EPSS
Exploits3References2
NVD
NVD
added 2023/05/10 8:15 a.m.53 views

CVE-2023-22711

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Agent Evolution IMPress Listings plugin = 2.6.2 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2023/05/02 6:15 a.m.53 views

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool...

8.4CVSS8.6AI score0.0018EPSS
Exploits2References2
NVD
NVD
added 2023/04/17 10:15 p.m.53 views

CVE-2023-30543

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

5.7CVSS5.2AI score0.00378EPSS
Exploits0References2
NVD
NVD
added 2023/04/14 7:15 p.m.53 views

CVE-2023-29199

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

10CVSS9.9AI score0.03852EPSS
Exploits1References5
NVD
NVD
added 2023/03/24 8:15 p.m.53 views

CVE-2023-21055

In dithalioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References:...

6.4CVSS6.6AI score0.00087EPSS
Exploits0References1
NVD
NVD
added 2023/03/10 1:15 p.m.53 views

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

9.8CVSS9.8AI score0.00877EPSS
Exploits2References1
NVD
NVD
added 2023/03/07 8:15 a.m.53 views

CVE-2023-1243

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

6CVSS5AI score0.00526EPSS
Exploits1References2
NVD
NVD
added 2023/03/03 11:15 p.m.53 views

CVE-2023-26483

gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memor...

5.3CVSS5.2AI score0.00964EPSS
Exploits0References4
NVD
NVD
added 2023/03/02 7:15 p.m.53 views

CVE-2023-26052

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...

5.3CVSS4.5AI score0.00751EPSS
Exploits0References7
NVD
NVD
added 2023/02/11 1:23 a.m.53 views

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

9.8CVSS6.9AI score0.00392EPSS
Exploits0References2
NVD
NVD
added 2023/02/01 7:15 a.m.53 views

CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities...

7.8CVSS8.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 10:15 p.m.53 views

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.7AI score0.03701EPSS
Exploits1References2
NVD
NVD
added 2023/01/10 10:15 p.m.53 views

CVE-2023-21782

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00939EPSS
Exploits0References1
NVD
NVD
added 2023/01/09 3:15 p.m.53 views

CVE-2023-22473

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

2.1CVSS3.4AI score0.0056EPSS
Exploits1References3
NVD
NVD
added 2022/12/27 11:15 p.m.53 views

CVE-2019-25091

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to...

5.3CVSS0.00612EPSS
Exploits0References4
Total number of security vulnerabilities5000