Lucene search
K
NvdMost viewed

363367 matches found

NVD
NVD
added 2020/04/17 7:15 p.m.88 views

CVE-2020-0081

In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9...

7.8CVSS7.9AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 3:16 p.m.87 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.02838EPSS
Exploits1References5
NVD
NVD
added 2024/08/25 8:15 a.m.87 views

CVE-2024-8146

A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS0.0058EPSS
Exploits1References5
NVD
NVD
added 2024/06/26 4:15 a.m.87 views

CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

4.3CVSS0.00832EPSS
Exploits0References4
NVD
NVD
added 2024/04/04 6:15 p.m.87 views

CVE-2024-25708

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

4.8CVSS5.6AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2024/01/10 4:15 p.m.87 views

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

7.5CVSS7.3AI score0.01318EPSS
Exploits1References2
NVD
NVD
added 2022/03/01 3:15 p.m.87 views

CVE-2021-46387

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting XSS. Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard...

6.1CVSS0.21028EPSS
Exploits4References4
NVD
NVD
added 2021/10/20 11:17 a.m.87 views

CVE-2021-35659

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

7.5CVSS0.01231EPSS
Exploits0References1
NVD
NVD
added 2020/06/11 3:15 p.m.87 views

CVE-2020-0212

In onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android...

6.5CVSS0.00732EPSS
Exploits0References1
NVD
NVD
added 2026/03/09 4:16 p.m.86 views

CVE-2026-25866

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...

8.5CVSS0.00132EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 2:15 p.m.86 views

CVE-2024-50565

A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through...

7.5CVSS0.00366EPSS
Exploits0References1
NVD
NVD
added 2024/12/17 6:15 p.m.86 views

CVE-2024-55496

A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of addcompany.php. Actions on the delete parameter result in SQL injection...

9.1CVSS0.00579EPSS
Exploits1References2
NVD
NVD
added 2024/11/04 3:15 p.m.86 views

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

8CVSS0.01291EPSS
Exploits0References2
NVD
NVD
added 2024/09/27 1:15 p.m.86 views

CVE-2024-46856

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices The probe function is only used for DP83822 and DP83826 PHY, leaving the private data pointer uninitialized for the DP83825 models which causes a NULL pointer...

5.5CVSS0.00178EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.86 views

CVE-2024-38112

Windows MSHTML Platform Spoofing Vulnerability...

7.5CVSS0.84345EPSS
Exploits0References2
NVD
NVD
added 2024/06/19 11:15 a.m.86 views

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13...

9.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2023/12/12 1:15 a.m.86 views

CVE-2023-42910

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution...

8.8CVSS0.00945EPSS
Exploits0References3
NVD
NVD
added 2024/12/17 6:15 p.m.85 views

CVE-2024-49818

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS0.00453EPSS
Exploits0References1
NVD
NVD
added 2022/04/25 4:16 p.m.85 views

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

8.1CVSS0.83535EPSS
Exploits9References5
NVD
NVD
added 2021/07/29 7:15 a.m.85 views

CVE-2021-37578

Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...

9.8CVSS0.04115EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 2:15 p.m.84 views

CVE-2024-26013

A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and...

7.5CVSS0.00457EPSS
Exploits0References1
NVD
NVD
added 2024/01/10 1:15 p.m.84 views

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...

6.3CVSS6.5AI score0.00496EPSS
Exploits0References1
NVD
NVD
added 2023/07/13 12:15 a.m.84 views

CVE-2023-21240

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00085EPSS
Exploits0References2
NVD
NVD
added 2023/07/13 12:15 a.m.84 views

CVE-2023-20942

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS0.0007EPSS
Exploits0References4
NVD
NVD
added 2022/09/21 5:15 p.m.84 views

CVE-2022-37027

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and...

7.2CVSS0.20785EPSS
Exploits1References5
NVD
NVD
added 2024/11/18 10:15 a.m.83 views

CVE-2024-42388

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space...

5.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2024/09/25 10:15 p.m.83 views

CVE-2024-47083

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

8.8CVSS0.01554EPSS
Exploits0References3
NVD
NVD
added 2024/09/18 12:15 p.m.83 views

CVE-2024-8888

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network...

10CVSS0.00421EPSS
Exploits0References1
NVD
NVD
added 2024/08/27 7:15 p.m.83 views

CVE-2024-8211

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This...

9.8CVSS0.05406EPSS
Exploits1References6
NVD
NVD
added 2024/06/13 9:15 a.m.83 views

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS0.99994EPSS
Exploits26References3
NVD
NVD
added 2022/11/29 5:15 p.m.83 views

CVE-2022-21126

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...

7.8CVSS0.00699EPSS
Exploits1References3
NVD
NVD
added 2022/06/06 10:15 p.m.83 views

CVE-2022-32511

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

9.8CVSS0.02131EPSS
Exploits0References5
NVD
NVD
added 2025/07/07 6:15 p.m.82 views

CVE-2025-53536

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

8.1CVSS0.00656EPSS
Exploits0References3
NVD
NVD
added 2025/03/20 10:15 a.m.82 views

CVE-2025-0330

In berriai/litellm version v1.52.1, an issue in proxyserver.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfusesecret and langfusepublickey, which can provide full access to the Langfuse...

7.5CVSS0.00523EPSS
Exploits1References1
NVD
NVD
added 2024/05/27 4:15 p.m.82 views

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

8.3CVSS8.1AI score0.03592EPSS
Exploits0References3
NVD
NVD
added 2024/02/29 1:40 a.m.82 views

CVE-2023-37531

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access...

4.8CVSS4.3AI score0.00359EPSS
Exploits0References1
NVD
NVD
added 2023/07/25 9:15 p.m.82 views

CVE-2023-37902

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS5.3AI score0.00487EPSS
Exploits1References2
NVD
NVD
added 2023/06/30 11:15 p.m.82 views

CVE-2023-36812

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS9.7AI score0.16501EPSS
Exploits4References4
NVD
NVD
added 2023/05/15 3:15 p.m.82 views

CVE-2023-32787

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications...

7.5CVSS7.5AI score0.01168EPSS
Exploits0References3
NVD
NVD
added 2023/03/24 8:15 p.m.82 views

CVE-2023-20917

In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.7AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2025/09/19 7:15 p.m.81 views

CVE-2025-34203

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 VA and SaaS deployments contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components examples:...

9.8CVSS0.00813EPSS
Exploits1References4
NVD
NVD
added 2025/05/06 9:15 a.m.81 views

CVE-2025-21453

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur...

7.8CVSS0.00089EPSS
Exploits0References1
NVD
NVD
added 2024/12/17 6:15 p.m.81 views

CVE-2024-49819

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors...

7.5CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2024/08/15 10:15 p.m.81 views

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00085EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 5:16 p.m.80 views

CVE-2026-26274

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 8:15 p.m.80 views

CVE-2024-55878

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

6.8CVSS0.00444EPSS
Exploits0References2
NVD
NVD
added 2024/11/20 9:15 p.m.80 views

CVE-2024-52581

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS0.00756EPSS
Exploits1References4
NVD
NVD
added 2024/01/08 4:15 p.m.80 views

CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

10CVSS9.9AI score0.9348EPSS
Exploits1References3
NVD
NVD
added 2023/02/14 8:15 p.m.80 views

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

8.8CVSS8.6AI score0.12322EPSS
Exploits4References4
NVD
NVD
added 2022/12/05 4:15 a.m.80 views

CVE-2022-43484

TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...

7.8CVSS0.00407EPSS
Exploits1References3
Total number of security vulnerabilities5000