Lucene search
K
NvdMost viewed

363622 matches found

NVD
NVD
•added 2023/05/18 9:15 a.m.•53 views

CVE-2023-30868

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jon Christopher CMS Tree Page View plugin = 1.6.7 versions...

7.1CVSS6.2AI score0.03995EPSS
Exploits3References2
NVD
NVD
•added 2023/05/10 8:15 a.m.•53 views

CVE-2023-22711

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Agent Evolution IMPress Listings plugin = 2.6.2 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
NVD
NVD
•added 2023/05/02 6:15 a.m.•53 views

CVE-2023-21666

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool...

8.4CVSS8.6AI score0.0018EPSS
Exploits2References2
NVD
NVD
•added 2023/04/17 10:15 p.m.•53 views

CVE-2023-30543

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

5.7CVSS5.2AI score0.00378EPSS
Exploits0References2
NVD
NVD
•added 2023/04/14 7:15 p.m.•53 views

CVE-2023-29199

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

10CVSS9.9AI score0.03852EPSS
Exploits1References5
NVD
NVD
•added 2023/03/24 8:15 p.m.•53 views

CVE-2023-21055

In dithalioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References:...

6.4CVSS6.6AI score0.00087EPSS
Exploits0References1
NVD
NVD
•added 2023/03/10 1:15 p.m.•53 views

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

9.8CVSS9.8AI score0.00877EPSS
Exploits2References1
NVD
NVD
•added 2023/03/07 8:15 a.m.•53 views

CVE-2023-1243

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

6CVSS5AI score0.00526EPSS
Exploits1References2
NVD
NVD
•added 2023/03/06 5:15 a.m.•53 views

CVE-2023-26106

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set function in index.js file...

7.5CVSS7.5AI score0.00947EPSS
Exploits1References2
NVD
NVD
•added 2023/03/02 7:15 p.m.•53 views

CVE-2023-26052

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...

5.3CVSS4.5AI score0.00751EPSS
Exploits0References7
NVD
NVD
•added 2023/02/11 1:23 a.m.•53 views

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

9.8CVSS6.9AI score0.00392EPSS
Exploits0References2
NVD
NVD
•added 2023/02/01 7:15 a.m.•53 views

CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities...

7.8CVSS8.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
•added 2023/01/26 10:15 p.m.•53 views

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.7AI score0.03701EPSS
Exploits1References2
NVD
NVD
•added 2023/01/10 10:15 p.m.•53 views

CVE-2023-21782

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00939EPSS
Exploits0References1
NVD
NVD
•added 2023/01/09 3:15 p.m.•53 views

CVE-2023-22473

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no...

2.1CVSS3.4AI score0.0056EPSS
Exploits1References3
NVD
NVD
•added 2022/12/27 11:15 p.m.•53 views

CVE-2019-25091

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to...

5.3CVSS0.00612EPSS
Exploits0References4
NVD
NVD
•added 2022/08/03 9:15 p.m.•53 views

CVE-2022-35161

GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp...

9.8CVSS0.00866EPSS
Exploits1References1
NVD
NVD
•added 2022/07/25 7:15 p.m.•53 views

CVE-2022-34966

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ipaddress/:port/ossn/home...

7.5CVSS0.01137EPSS
Exploits1References4
NVD
NVD
•added 2022/07/25 6:22 p.m.•53 views

CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...

7.5CVSS0.01409EPSS
Exploits1References3
NVD
NVD
•added 2022/07/17 11:15 p.m.•53 views

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

8.8CVSS0.01132EPSS
Exploits2References1
NVD
NVD
•added 2022/04/15 7:15 p.m.•53 views

CVE-2022-24857

django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be...

8.8CVSS0.011EPSS
Exploits0References4
NVD
NVD
•added 2022/03/24 2:15 p.m.•53 views

CVE-2021-43659

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability...

5.4CVSS0.00542EPSS
Exploits1References1
NVD
NVD
•added 2022/02/11 6:15 p.m.•53 views

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

7.5CVSS0.00954EPSS
Exploits0References1
NVD
NVD
•added 2022/02/04 11:15 p.m.•53 views

CVE-2022-23585

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
•added 2021/12/27 12:15 a.m.•53 views

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

9.8CVSS0.01191EPSS
Exploits0References2
NVD
NVD
•added 2021/11/02 10:15 p.m.•53 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS0.36139EPSS
Exploits5References5
NVD
NVD
•added 2021/10/20 4:15 p.m.•53 views

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

4.3CVSS0.55709EPSS
Exploits0References1
NVD
NVD
•added 2021/10/07 4:15 p.m.•53 views

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

9.8CVSS0.99964EPSS
Exploits173References31
NVD
NVD
•added 2021/10/04 9:15 p.m.•53 views

CVE-2020-21495

A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...

6.1CVSS0.00672EPSS
Exploits1References2
NVD
NVD
•added 2021/10/04 2:15 p.m.•53 views

CVE-2021-41867

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...

5.3CVSS0.01737EPSS
Exploits1References2
NVD
NVD
•added 2021/09/27 12:15 p.m.•53 views

CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter...

8.8CVSS0.02425EPSS
Exploits0References2
NVD
NVD
•added 2021/07/30 9:15 p.m.•53 views

CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

4.3CVSS0.00698EPSS
Exploits1References1
NVD
NVD
•added 2021/06/11 4:15 p.m.•53 views

CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks...

7.5CVSS0.01106EPSS
Exploits0References1
NVD
NVD
•added 2021/05/14 8:15 p.m.•53 views

CVE-2021-29532

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

7.1CVSS0.00198EPSS
Exploits1References2
NVD
NVD
•added 2021/05/06 1:15 p.m.•53 views

CVE-2021-32062

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MSMAPNOPATH and MSMAPPATTERN restrictions that are intended to control the locations from which a mapfile may be loaded with MapServer CGI...

5.3CVSS0.01478EPSS
Exploits0References6
NVD
NVD
•added 2021/04/13 5:15 p.m.•53 views

CVE-2021-29998

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client...

9.8CVSS0.02373EPSS
Exploits0References4
NVD
NVD
•added 2021/04/12 9:15 p.m.•53 views

CVE-2021-3163

A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...

6.1CVSS0.01311EPSS
Exploits1References4
NVD
NVD
•added 2021/03/11 3:15 a.m.•53 views

CVE-2021-21364

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

5.5CVSS0.00282EPSS
Exploits0References2
NVD
NVD
•added 2020/12/08 10:15 p.m.•53 views

CVE-2020-27754

In IntensityCompare of /magick/quantize.c, there are calls to PixelPacketIntensity which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity function, which forces the pixel...

4.3CVSS4.2AI score0.01124EPSS
Exploits1References3
NVD
NVD
•added 2020/11/10 1:15 p.m.•53 views

CVE-2020-0438

In the AIBinderClass constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinderndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

7.8CVSS8AI score0.00164EPSS
Exploits0References1
NVD
NVD
•added 2020/10/26 9:15 p.m.•53 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS0.01584EPSS
Exploits0References2
NVD
NVD
•added 2020/08/17 1:15 p.m.•53 views

CVE-2020-13941

Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...

8.8CVSS8.8AI score0.03805EPSS
Exploits0References4
NVD
NVD
•added 2020/04/28 2:15 p.m.•53 views

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

9CVSS8.7AI score0.09999EPSS
Exploits3References4
NVD
NVD
•added 2020/04/22 4:15 p.m.•53 views

CVE-2020-10712

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from...

8.2CVSS7.3AI score0.0097EPSS
Exploits0References1
NVD
NVD
•added 2019/11/20 9:15 p.m.•53 views

CVE-2013-2092

Cross-site Scripting XSS in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php...

6.1CVSS6AI score0.01347EPSS
Exploits0References3
NVD
NVD
•added 2019/06/03 7:29 p.m.•53 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS6.5AI score0.01421EPSS
Exploits0References3
NVD
NVD
•added 2019/03/08 9:29 p.m.•53 views

CVE-2019-1003030

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...

9.9CVSS9.8AI score0.75594EPSS
Exploits3References5
NVD
NVD
•added 2019/02/06 4:29 p.m.•53 views

CVE-2019-1003005

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...

8.8CVSS9.2AI score0.19042EPSS
Exploits3References3
NVD
NVD
•added 2018/12/20 11:29 p.m.•53 views

CVE-2018-18442

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service DoS attacks. An attacker can harm the device availability i.e., live-online video/audio streaming by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN...

7.8CVSS7.5AI score0.01299EPSS
Exploits1References1
NVD
NVD
•added 2018/04/04 4:29 p.m.•53 views

CVE-2017-13289

In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is...

7.8CVSS7.7AI score0.00192EPSS
Exploits0References1
Total number of security vulnerabilities5000