Lucene search
K
NvdMost viewed

364744 matches found

NVD
NVD
added 2024/06/07 12:15 p.m.53 views

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

7.8CVSS0.00758EPSS
Exploits0References2
NVD
NVD
added 2024/05/26 12:15 a.m.53 views

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

9.8CVSS6.4AI score0.00769EPSS
Exploits1References4
NVD
NVD
added 2024/05/07 4:15 p.m.53 views

CVE-2024-34341

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker ...

5.4CVSS6AI score0.00784EPSS
Exploits0References6
NVD
NVD
added 2024/04/09 6:15 p.m.53 views

CVE-2024-31457

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

7.7CVSS7.8AI score0.00904EPSS
Exploits0References3
NVD
NVD
added 2024/03/21 2:52 a.m.53 views

CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

8.8CVSS8.4AI score0.02276EPSS
Exploits1References10
NVD
NVD
added 2024/03/21 12:15 a.m.53 views

CVE-2024-28916

Xbox Gaming Services Elevation of Privilege Vulnerability...

8.8CVSS8.8AI score0.00652EPSS
Exploits0References1
NVD
NVD
added 2023/12/24 7:15 a.m.53 views

CVE-2023-51767

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in mmanswerauthpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...

7CVSS0.00661EPSS
Exploits0References34
NVD
NVD
added 2023/12/18 11:15 p.m.53 views

CVE-2023-49155

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

8.8CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2023/10/28 2:15 p.m.53 views

CVE-2023-5835

A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is wh...

6.1CVSS4.4AI score0.00385EPSS
Exploits0References3
NVD
NVD
added 2023/10/26 9:15 p.m.53 views

CVE-2023-33558

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames...

7.5CVSS7.2AI score0.00527EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 8:15 p.m.53 views

CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution...

8.8CVSS8.5AI score0.02234EPSS
Exploits0References4
NVD
NVD
added 2023/09/05 6:15 a.m.53 views

CVE-2023-4748

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS6.7AI score0.00765EPSS
Exploits1References3
NVD
NVD
added 2023/08/30 12:15 p.m.53 views

CVE-2023-32742

Unauth. Reflected Cross-Site Scripting XSS vulnerability in VeronaLabs WP SMS plugin = 6.1.4 versions...

7.1CVSS6.2AI score0.00396EPSS
Exploits0References1
NVD
NVD
added 2023/07/25 9:15 p.m.53 views

CVE-2023-38493

Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...

7.5CVSS7.6AI score0.00588EPSS
Exploits0References3
NVD
NVD
added 2023/07/13 1:15 a.m.53 views

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

8.8CVSS0.86733EPSS
Exploits1References3
NVD
NVD
added 2023/07/11 6:15 p.m.53 views

CVE-2023-33152

Microsoft ActiveX Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00479EPSS
Exploits0References1
NVD
NVD
added 2023/07/06 4:15 p.m.53 views

CVE-2023-34193

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...

8.8CVSS8.7AI score0.01169EPSS
Exploits0References3
NVD
NVD
added 2023/07/06 3:15 p.m.53 views

CVE-2023-24519

Two OS command injection vulnerability exist in the vtyshubus toolshexcute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is i...

8.8CVSS8.9AI score0.036EPSS
Exploits1References2
NVD
NVD
added 2023/06/08 2:15 a.m.53 views

CVE-2023-2986

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

9.8CVSS9.8AI score0.41077EPSS
Exploits5References8
NVD
NVD
added 2023/05/26 11:15 p.m.53 views

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

9.8CVSS10AI score0.01684EPSS
Exploits0References2
NVD
NVD
added 2023/05/18 9:15 a.m.53 views

CVE-2023-30868

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Jon Christopher CMS Tree Page View plugin = 1.6.7 versions...

7.1CVSS6.2AI score0.03995EPSS
Exploits3References2
NVD
NVD
added 2023/05/10 8:15 a.m.53 views

CVE-2023-22711

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Agent Evolution IMPress Listings plugin = 2.6.2 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2023/04/18 12:15 p.m.53 views

CVE-2021-41613

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...

4.3CVSS4.7AI score0.00407EPSS
Exploits0References2
NVD
NVD
added 2023/04/14 7:15 p.m.53 views

CVE-2023-29199

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

10CVSS9.9AI score0.03852EPSS
Exploits1References5
NVD
NVD
added 2023/04/13 8:15 p.m.53 views

CVE-2023-24509

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentia...

9.3CVSS9.3AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2023/03/24 8:15 p.m.53 views

CVE-2023-21055

In dithalioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References:...

6.4CVSS6.6AI score0.00087EPSS
Exploits0References1
NVD
NVD
added 2023/03/22 9:15 p.m.53 views

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

5.4CVSS5.1AI score0.00441EPSS
Exploits2References1
NVD
NVD
added 2023/03/15 9:15 p.m.53 views

CVE-2023-27597

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function rewriteruri, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations...

7.5CVSS7.5AI score0.00738EPSS
Exploits0References2
NVD
NVD
added 2023/03/13 7:15 p.m.53 views

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

7.8CVSS7.8AI score0.01016EPSS
Exploits4References2
NVD
NVD
added 2023/03/10 1:15 p.m.53 views

CVE-2023-24774

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php...

9.8CVSS9.8AI score0.00877EPSS
Exploits2References1
NVD
NVD
added 2023/03/07 8:15 a.m.53 views

CVE-2023-1243

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

6CVSS5AI score0.00526EPSS
Exploits1References2
NVD
NVD
added 2023/03/02 7:15 p.m.53 views

CVE-2023-26052

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated...

5.3CVSS4.5AI score0.00751EPSS
Exploits0References7
NVD
NVD
added 2023/02/27 2:16 a.m.53 views

CVE-2023-26609

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...

7.2CVSS7.4AI score0.38722EPSS
Exploits5References3
NVD
NVD
added 2023/02/17 3:15 p.m.53 views

CVE-2023-23899

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

4.3CVSS4.8AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2023/02/01 7:15 a.m.53 views

CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities...

7.8CVSS8.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 10:15 p.m.53 views

CVE-2022-38715

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7.7AI score0.03701EPSS
Exploits1References2
NVD
NVD
added 2023/01/10 10:15 p.m.53 views

CVE-2023-21782

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00939EPSS
Exploits0References1
NVD
NVD
added 2022/12/27 11:15 p.m.53 views

CVE-2019-25091

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to...

5.3CVSS0.00612EPSS
Exploits0References4
NVD
NVD
added 2022/12/22 7:15 p.m.53 views

CVE-2022-23556

CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure Config\App::$proxyIPs. As a workaround, do not use...

7.5CVSS0.00373EPSS
Exploits1References2
NVD
NVD
added 2022/11/21 8:15 p.m.53 views

CVE-2022-4105

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

7.1CVSS0.00454EPSS
Exploits1References2
NVD
NVD
added 2022/10/11 2:15 a.m.53 views

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

9.8CVSS0.00891EPSS
Exploits0References2
NVD
NVD
added 2022/09/23 2:15 p.m.53 views

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

7.8CVSS0.00511EPSS
Exploits0References1
NVD
NVD
added 2022/07/17 11:15 p.m.53 views

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

8.8CVSS0.01132EPSS
Exploits2References1
NVD
NVD
added 2022/06/09 5:15 p.m.53 views

CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

9.8CVSS0.0314EPSS
Exploits1References6
NVD
NVD
added 2022/05/19 6:15 p.m.53 views

CVE-2021-32934

The affected ThroughTek P2P products SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module do not sufficiently protect data...

9.1CVSS0.00578EPSS
Exploits0References1
NVD
NVD
added 2022/03/24 2:15 p.m.53 views

CVE-2021-43659

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability...

5.4CVSS0.00542EPSS
Exploits1References1
NVD
NVD
added 2022/02/11 6:15 p.m.53 views

CVE-2021-22785

A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 Versions prior to V3.40, Modicon M340 X...

7.5CVSS0.00954EPSS
Exploits0References1
NVD
NVD
added 2022/02/08 10:15 p.m.53 views

CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

7.5CVSS0.01567EPSS
Exploits1References2
NVD
NVD
added 2022/02/04 11:15 p.m.53 views

CVE-2022-23585

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
added 2022/02/03 11:15 a.m.53 views

CVE-2022-21727

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS0.00659EPSS
Exploits1References3
Total number of security vulnerabilities5000