Lucene search
K
NvdMost viewed

363614 matches found

NVD
NVD
added 2025/04/30 3:16 p.m.52 views

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS0.00618EPSS
Exploits1References2
NVD
NVD
added 2025/04/22 6:15 a.m.52 views

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

8.1CVSS0.0719EPSS
Exploits4References1
NVD
NVD
added 2025/03/31 10:15 p.m.52 views

CVE-2025-31680

Cross-Site Request Forgery CSRF vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0...

6.8CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/03/21 3:15 p.m.52 views

CVE-2025-2598

When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....

5.7CVSS0.00255EPSS
Exploits1References3
NVD
NVD
added 2025/03/03 4:15 p.m.52 views

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

9.8CVSS0.00723EPSS
Exploits0References2
NVD
NVD
added 2025/02/19 10:15 p.m.52 views

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS0.00578EPSS
Exploits1References3
NVD
NVD
added 2025/02/07 4:15 p.m.52 views

CVE-2024-57248

Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files...

6.3CVSS0.03206EPSS
Exploits3References2
NVD
NVD
added 2025/02/06 7:15 a.m.52 views

CVE-2025-22890

Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained...

8.8CVSS0.00185EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 6:15 p.m.52 views

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting XSS vulnerabilities in the create/edit forms of the worksheet designer function...

5.4CVSS0.00497EPSS
Exploits3References2
NVD
NVD
added 2025/01/06 6:15 p.m.52 views

CVE-2024-55627

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer...

7.5CVSS0.00984EPSS
Exploits0References5
NVD
NVD
added 2025/01/03 4:15 p.m.52 views

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

9.4CVSS0.00727EPSS
Exploits0References4
NVD
NVD
added 2024/12/27 6:15 p.m.52 views

CVE-2024-12990

A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open...

5.3CVSS0.00329EPSS
Exploits0References4
NVD
NVD
added 2024/12/18 11:15 p.m.52 views

CVE-2022-40732

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboo...

7.5CVSS0.0074EPSS
Exploits1References1
NVD
NVD
added 2024/12/06 6:15 p.m.52 views

CVE-2024-11220

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

8.5CVSS0.00152EPSS
Exploits0References2
NVD
NVD
added 2024/11/20 3:15 p.m.52 views

CVE-2024-52598

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the...

7.5CVSS0.0058EPSS
Exploits1References1
NVD
NVD
added 2024/11/15 5:15 p.m.52 views

CVE-2024-52517

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...

5.9CVSS0.00589EPSS
Exploits0References4
NVD
NVD
added 2024/11/05 10:15 a.m.52 views

CVE-2023-52920

In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction jump history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10...

5.5CVSS0.00244EPSS
Exploits0References4
NVD
NVD
added 2024/10/09 7:15 p.m.52 views

CVE-2024-3656

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

8.1CVSS0.02837EPSS
Exploits0References8
NVD
NVD
added 2024/09/25 3:15 a.m.52 views

CVE-2024-7617

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00585EPSS
Exploits0References3
NVD
NVD
added 2024/09/13 3:15 p.m.52 views

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2024/09/03 7:15 p.m.52 views

CVE-2024-43803

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...

4.9CVSS0.00574EPSS
Exploits0References7
NVD
NVD
added 2024/08/29 3:15 p.m.52 views

CVE-2024-43940

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9...

6.5CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 11:15 a.m.52 views

CVE-2024-43986

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9...

5.9CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2024/08/14 5:15 p.m.52 views

CVE-2024-5914

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container...

9.8CVSS0.01224EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.52 views

CVE-2024-38144

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability...

8.8CVSS0.32347EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.52 views

CVE-2024-38140

Windows Reliable Multicast Transport Driver RMCAST Remote Code Execution Vulnerability...

9.8CVSS0.0381EPSS
Exploits0References2
NVD
NVD
added 2024/07/29 4:15 p.m.52 views

CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site...

6.1CVSS0.01109EPSS
Exploits0References3
NVD
NVD
added 2024/07/10 7:15 p.m.52 views

CVE-2024-6235

Sensitive information disclosure in NetScaler Console...

9.4CVSS0.21331EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 2:15 p.m.52 views

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS0.00756EPSS
Exploits0References4
NVD
NVD
added 2024/06/27 4:15 p.m.52 views

CVE-2024-39374

TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials...

9.8CVSS0.00524EPSS
Exploits1References1
NVD
NVD
added 2024/06/25 3:15 p.m.52 views

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

7.2CVSS0.2677EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 5:16 p.m.52 views

CVE-2024-3850

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...

5.4CVSS0.009EPSS
Exploits0References2
NVD
NVD
added 2024/06/09 10:15 a.m.52 views

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

8.8CVSS0.00293EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 2:15 p.m.52 views

CVE-2024-35708

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/05/30 4:15 p.m.52 views

CVE-2024-36888

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wakecpu in kickpool With cpupossiblemask=0-63 and cpuonlinemask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle kernel...

6.2CVSS6.3AI score0.00237EPSS
Exploits0References3
NVD
NVD
added 2024/05/17 9:15 a.m.52 views

CVE-2024-30479

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

5.3CVSS5.3AI score0.00536EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 1:15 p.m.52 views

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References4
NVD
NVD
added 2024/05/03 5:15 p.m.52 views

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the downloadfile.php component...

6.5CVSS5.9AI score0.04611EPSS
Exploits7References2
NVD
NVD
added 2024/04/12 10:15 p.m.52 views

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.3AI score0.0068EPSS
Exploits0References10
NVD
NVD
added 2024/02/26 5:15 p.m.52 views

CVE-2024-27081

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

8.8CVSS7.3AI score0.01535EPSS
Exploits1References2
NVD
NVD
added 2024/02/21 3:15 a.m.52 views

CVE-2024-25603

Stored cross-site scripting XSS vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users...

9CVSS7.3AI score0.00558EPSS
Exploits0References1
NVD
NVD
added 2024/02/08 8:15 p.m.52 views

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

9.8CVSS9.8AI score0.30036EPSS
Exploits3References3
NVD
NVD
added 2024/01/11 1:15 a.m.52 views

CVE-2024-21667

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

6.5CVSS6.3AI score0.00588EPSS
Exploits1References3
NVD
NVD
added 2024/01/02 6:15 a.m.52 views

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server...

7.8CVSS7AI score0.00117EPSS
Exploits0References1
NVD
NVD
added 2023/12/30 3:15 a.m.52 views

CVE-2023-38021

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call...

5.5CVSS0.00206EPSS
Exploits0References5
NVD
NVD
added 2023/12/20 7:15 p.m.52 views

CVE-2023-46149

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

9.9CVSS0.00584EPSS
Exploits0References1
NVD
NVD
added 2023/12/19 4:15 p.m.52 views

CVE-2023-50272

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 6 iLO 6. The vulnerability could be remotely exploited to allow authentication bypass...

9.8CVSS0.00613EPSS
Exploits0References1
NVD
NVD
added 2023/11/17 1:15 p.m.52 views

CVE-2023-22275

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interactio...

7.5CVSS0.01341EPSS
Exploits0References1
NVD
NVD
added 2023/10/28 2:15 p.m.52 views

CVE-2023-5835

A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is wh...

6.1CVSS4.4AI score0.00385EPSS
Exploits0References3
NVD
NVD
added 2023/09/05 6:15 a.m.52 views

CVE-2023-4748

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS6.7AI score0.00765EPSS
Exploits1References3
Total number of security vulnerabilities5000