Lucene search
K
NvdMost viewed

364381 matches found

NVD
NVD
added 2022/01/26 10:15 p.m.54 views

CVE-2021-32849

Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds...

9CVSS0.0765EPSS
Exploits1References5
NVD
NVD
added 2021/12/27 12:15 a.m.54 views

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

9.8CVSS0.01191EPSS
Exploits0References2
NVD
NVD
added 2021/11/08 4:15 a.m.54 views

CVE-2021-31599

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports .prpt file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code...

8.8CVSS0.02266EPSS
Exploits3References2
NVD
NVD
added 2021/09/17 7:15 p.m.54 views

CVE-2021-38406

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process...

7.8CVSS0.77892EPSS
Exploits0References2
NVD
NVD
added 2021/09/15 2:15 p.m.54 views

CVE-2021-21798

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

8.8CVSS0.15613EPSS
Exploits1References1
NVD
NVD
added 2021/08/31 4:15 a.m.54 views

CVE-2021-36981

In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code...

9CVSS0.06049EPSS
Exploits2References4
NVD
NVD
added 2021/07/14 2:15 p.m.54 views

CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

5.4CVSS0.00745EPSS
Exploits1References2
NVD
NVD
added 2021/06/17 10:15 p.m.54 views

CVE-2021-32694

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1...

5.5CVSS0.00967EPSS
Exploits1References3
NVD
NVD
added 2021/06/02 12:15 p.m.54 views

CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability...

5.5CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2021/05/18 3:15 p.m.54 views

CVE-2020-23856

Use-after-Free vulnerability in cflow 1.6 in the void callchar name, int line function at src/parser.c, which could cause a denial of service via the pointer variable caller-callee...

5.5CVSS0.0042EPSS
Exploits1References4
NVD
NVD
added 2021/04/23 4:15 p.m.54 views

CVE-2020-36321

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder...

7.5CVSS0.01211EPSS
Exploits0References2
NVD
NVD
added 2021/04/13 5:15 p.m.54 views

CVE-2021-29998

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client...

9.8CVSS0.02373EPSS
Exploits0References4
NVD
NVD
added 2021/04/09 4:15 p.m.54 views

CVE-2021-21431

sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from oth...

8.1CVSS0.01072EPSS
Exploits0References3
NVD
NVD
added 2021/04/05 7:15 p.m.54 views

CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

8.1CVSS0.03218EPSS
Exploits5References2
NVD
NVD
added 2021/02/23 5:15 p.m.54 views

CVE-2021-22113

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

5.3CVSS0.00819EPSS
Exploits0References1
NVD
NVD
added 2021/02/11 7:15 p.m.54 views

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

9.8CVSS0.89189EPSS
Exploits5References7
NVD
NVD
added 2020/08/17 7:15 p.m.54 views

CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC. An attacker who successfully exploited the vulnerability could run a specially crafted application on a...

10CVSS6.3AI score0.99512EPSS
Exploits75References18
NVD
NVD
added 2020/08/14 5:15 p.m.54 views

CVE-2020-15142

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

9CVSS8.4AI score0.0158EPSS
Exploits0References4
NVD
NVD
added 2020/08/10 10:15 p.m.54 views

CVE-2020-15139

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

8.8CVSS8.4AI score0.01317EPSS
Exploits0References3
NVD
NVD
added 2020/06/11 8:15 p.m.54 views

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API introduced in 1.2.0 and DNS introduced in 1.4.3 caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4...

7.5CVSS0.02851EPSS
Exploits0References3
NVD
NVD
added 2020/06/10 4:15 p.m.54 views

CVE-2020-7674

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...

9.8CVSS0.02512EPSS
Exploits1References1
NVD
NVD
added 2020/05/24 11:15 p.m.54 views

CVE-2020-13438

ffjpeg through 2020-02-24 has an invalid read in jfifencode in jfif.c...

6.5CVSS6.4AI score0.00839EPSS
Exploits1References1
NVD
NVD
added 2020/04/27 3:15 p.m.54 views

CVE-2020-12242

Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...

7.8CVSS7.7AI score0.01088EPSS
Exploits4References1
NVD
NVD
added 2019/09/16 5:15 p.m.54 views

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

6.5CVSS6.5AI score0.02035EPSS
Exploits5References4
NVD
NVD
added 2019/07/29 8:15 p.m.54 views

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

9CVSS7.4AI score0.04453EPSS
Exploits0References3
NVD
NVD
added 2018/12/20 11:29 p.m.54 views

CVE-2018-18442

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service DoS attacks. An attacker can harm the device availability i.e., live-online video/audio streaming by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN...

7.8CVSS7.5AI score0.01299EPSS
Exploits1References1
NVD
NVD
added 2018/12/06 4:29 a.m.54 views

CVE-2018-19896

ThinkCMF X2.2.2 has SQL Injection via the function delete in SlideController.class.php and is exploitable with the manager privilege via the ids parameter in a slide action...

7.2CVSS7.5AI score0.01326EPSS
Exploits1References1
NVD
NVD
added 2011/08/29 3:55 p.m.54 views

CVE-2011-3192

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

7.8CVSS7.4AI score0.98945EPSS
Exploits17References72
NVD
NVD
added 2010/03/16 7:0 p.m.54 views

CVE-2010-0970

SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.3AI score0.00981EPSS
Exploits1References3
NVD
NVD
added 2007/03/02 9:18 p.m.54 views

CVE-2007-1157

Cross-site request forgery CSRF vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733...

7.6CVSS6.6AI score0.00907EPSS
Exploits0References4
NVD
NVD
added 2006/12/07 1:28 a.m.54 views

CVE-2006-6355

SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049...

10CVSS8.2AI score0.01812EPSS
Exploits1References5
NVD
NVD
added 2006/08/05 12:4 a.m.54 views

CVE-2006-3980

PHP remote file inclusion vulnerability in administrator/components/commgm/help.mgm.php in Mambo Gallery Manager MGM 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

6.8CVSS7.6AI score0.06135EPSS
Exploits1References8
NVD
NVD
added 2026/05/27 8:16 a.m.53 views

CVE-2026-40814

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files mb24configetTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.53 views

CVE-2026-45035

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS0.0038EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 9:16 p.m.53 views

CVE-2026-21821

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side...

8.3CVSS0.00212EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 9:16 a.m.53 views

CVE-2026-5028

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 4:16 a.m.53 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS0.00435EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 11:16 a.m.53 views

CVE-2025-59851

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

9.8CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 9:16 p.m.53 views

CVE-2026-40068

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

8.8CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 12:16 p.m.53 views

CVE-2023-54344

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in...

9.8CVSS0.0055EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 5:16 p.m.53 views

CVE-2026-42090

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...

9.6CVSS0.00477EPSS
Exploits0References3
NVD
NVD
added 2026/04/15 9:17 p.m.53 views

CVE-2026-22676

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

8.5CVSS0.00104EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 5:16 p.m.53 views

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

9.1CVSS0.00677EPSS
Exploits0References4
NVD
NVD
added 2026/02/09 9:16 a.m.53 views

CVE-2026-25905

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 5:16 p.m.53 views

CVE-2026-23081

In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fix OF node refcount leakage Automated review spotted am OF node reference count leakage when checking if the 'leds' child node exists. Call ofputnode to correctly maintain the refcount...

5.5CVSS0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/01/28 8:16 p.m.53 views

CVE-2023-37525

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

5.3CVSS0.00293EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 11:37 a.m.53 views

CVE-2025-59954

Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service. This issue is fixed in version 8.1.27...

10CVSS0.00512EPSS
Exploits1References2
NVD
NVD
added 2025/09/19 4:15 p.m.53 views

CVE-2025-39859

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog The ptpocpdetach only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timerdeletesync is not called. This leads to...

7.8CVSS0.00136EPSS
Exploits0References2
NVD
NVD
added 2025/09/11 8:15 a.m.53 views

CVE-2025-8422

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.7.6.7 via the sendemail function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which...

7.5CVSS0.00586EPSS
Exploits1References3
NVD
NVD
added 2025/08/20 6:15 p.m.53 views

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

9.3CVSS0.00438EPSS
Exploits1References2
Total number of security vulnerabilities5000