Lucene search
K
NvdMost viewed

363767 matches found

NVD
NVD
added 2019/11/20 9:15 p.m.53 views

CVE-2013-2092

Cross-site Scripting XSS in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php...

6.1CVSS6AI score0.01347EPSS
Exploits0References3
NVD
NVD
added 2019/06/03 7:29 p.m.53 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS6.5AI score0.01421EPSS
Exploits0References3
NVD
NVD
added 2019/03/08 9:29 p.m.53 views

CVE-2019-1003030

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...

9.9CVSS9.8AI score0.75594EPSS
Exploits3References5
NVD
NVD
added 2019/02/06 4:29 p.m.53 views

CVE-2019-1003005

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result i...

8.8CVSS9.2AI score0.19042EPSS
Exploits3References3
NVD
NVD
added 2018/12/20 11:29 p.m.53 views

CVE-2018-18442

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service DoS attacks. An attacker can harm the device availability i.e., live-online video/audio streaming by using the hping3 tool to perform an IPv4 flood attack. Verified attacks includes SYN...

7.8CVSS7.5AI score0.01299EPSS
Exploits1References1
NVD
NVD
added 2018/04/04 4:29 p.m.53 views

CVE-2017-13289

In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is...

7.8CVSS7.7AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2014/11/11 10:55 p.m.53 views

CVE-2014-4078

The IP Security feature in Microsoft Internet Information Services IIS 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP reques...

5.1CVSS6.5AI score0.18011EPSS
Exploits0References3
NVD
NVD
added 2009/09/21 7:30 p.m.53 views

CVE-2009-3200

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this variable,...

5.9CVSS6.2AI score0.00404EPSS
Exploits2References8
NVD
NVD
added 2009/03/14 6:30 p.m.53 views

CVE-2009-0824

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer...

4.9CVSS6.2AI score0.00725EPSS
Exploits1References11
NVD
NVD
added 2007/03/02 9:18 p.m.53 views

CVE-2007-1157

Cross-site request forgery CSRF vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733...

7.6CVSS6.6AI score0.00907EPSS
Exploits0References4
NVD
NVD
added 2006/12/07 1:28 a.m.53 views

CVE-2006-6355

SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049...

10CVSS8.2AI score0.01812EPSS
Exploits1References5
NVD
NVD
added 2006/02/08 1:2 a.m.53 views

CVE-2006-0583

SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter...

7.5CVSS8.2AI score0.02559EPSS
Exploits1References6
NVD
NVD
added 2026/05/13 6:16 p.m.52 views

CVE-2026-44003

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

5.8CVSS0.00248EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 5:16 p.m.52 views

CVE-2026-20782

Buffer overflow for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may...

6.9CVSS0.001EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 9:16 a.m.52 views

CVE-2026-2993

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl function. This makes...

7.5CVSS0.00413EPSS
Exploits0References19
NVD
NVD
added 2025/12/10 7:16 p.m.52 views

CVE-2025-64847

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 11:15 a.m.52 views

CVE-2025-53883

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

9.3CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/07/10 9:15 a.m.52 views

CVE-2025-6168

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

2.7CVSS0.00309EPSS
Exploits0References2
NVD
NVD
added 2025/06/09 8:15 a.m.52 views

CVE-2025-5868

A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function systhreadsigprocmask of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument how leads to improper validation of array index...

9.8CVSS0.01018EPSS
Exploits1References4
NVD
NVD
added 2025/06/06 11:15 a.m.52 views

CVE-2025-5757

A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument...

5.4CVSS0.00252EPSS
Exploits1References5
NVD
NVD
added 2025/05/30 7:15 p.m.52 views

CVE-2025-48943

vLLM is an inference and serving engine for large language models LLMs. Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service ReDoS that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to...

6.5CVSS0.004EPSS
Exploits0References4
NVD
NVD
added 2025/05/21 10:15 p.m.52 views

CVE-2025-34027

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

10CVSS0.35993EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 3:15 a.m.52 views

CVE-2025-4520

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to...

5.4CVSS0.00266EPSS
Exploits0References2
NVD
NVD
added 2025/05/13 10:15 a.m.52 views

CVE-2025-40555

A vulnerability has been identified in APOGEE PXC+TALON TC Series BACnet All versions. Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially...

5.3CVSS0.00179EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 8:15 p.m.52 views

CVE-2025-45797

TOTOlink A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cstemodules/system.so...

9.8CVSS0.11815EPSS
Exploits1References1
NVD
NVD
added 2025/04/30 3:16 p.m.52 views

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

8.5CVSS0.00618EPSS
Exploits1References2
NVD
NVD
added 2025/04/22 6:15 a.m.52 views

CVE-2025-2594

The User Registration & Membership WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID...

8.1CVSS0.0719EPSS
Exploits4References1
NVD
NVD
added 2025/04/18 4:15 p.m.52 views

CVE-2025-31118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature viewtopic.php does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction,...

7.1CVSS0.00449EPSS
Exploits1References3
NVD
NVD
added 2025/03/31 10:15 p.m.52 views

CVE-2025-31680

Cross-Site Request Forgery CSRF vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0...

6.8CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/03/24 4:15 p.m.52 views

CVE-2021-26105

A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

8.8CVSS0.0047EPSS
Exploits0References1
NVD
NVD
added 2025/03/21 3:15 p.m.52 views

CVE-2025-2598

When the AWS Cloud Development Kit AWS CDK Command Line Interface AWS CDK CLI is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178....

5.7CVSS0.00255EPSS
Exploits1References3
NVD
NVD
added 2025/03/03 4:15 p.m.52 views

CVE-2024-55532

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...

9.8CVSS0.00723EPSS
Exploits0References2
NVD
NVD
added 2025/02/19 10:15 p.m.52 views

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS0.00578EPSS
Exploits1References3
NVD
NVD
added 2025/02/07 4:15 p.m.52 views

CVE-2024-57248

Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files...

6.3CVSS0.03206EPSS
Exploits3References2
NVD
NVD
added 2025/01/29 5:15 p.m.52 views

CVE-2025-24791

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...

5.5CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 6:15 p.m.52 views

CVE-2024-54795

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting XSS vulnerabilities in the create/edit forms of the worksheet designer function...

5.4CVSS0.00497EPSS
Exploits3References2
NVD
NVD
added 2025/01/14 8:15 p.m.52 views

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 8:15 p.m.52 views

CVE-2024-55921

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

8.8CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 7:15 a.m.52 views

CVE-2024-12365

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isw3tcadminpage function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain...

8.5CVSS0.01736EPSS
Exploits0References14
NVD
NVD
added 2025/01/06 6:15 p.m.52 views

CVE-2024-55627

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer...

7.5CVSS0.00984EPSS
Exploits0References5
NVD
NVD
added 2025/01/03 4:15 p.m.52 views

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

9.4CVSS0.00727EPSS
Exploits0References4
NVD
NVD
added 2024/12/18 11:15 p.m.52 views

CVE-2022-40732

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboo...

7.5CVSS0.0074EPSS
Exploits1References1
NVD
NVD
added 2024/12/09 4:15 p.m.52 views

CVE-2024-40582

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information...

7.5CVSS0.00303EPSS
Exploits1References1
NVD
NVD
added 2024/12/06 6:15 p.m.52 views

CVE-2024-11220

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

8.5CVSS0.00152EPSS
Exploits0References2
NVD
NVD
added 2024/12/05 4:15 p.m.52 views

CVE-2024-53856

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...

7.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 12:15 p.m.52 views

CVE-2023-1521

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package https://snapcraft.io/sccache , this means a user...

7.8CVSS0.00359EPSS
Exploits2References2
NVD
NVD
added 2024/11/21 11:15 a.m.52 views

CVE-2024-52067

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

6.9CVSS0.00737EPSS
Exploits0References2
NVD
NVD
added 2024/11/18 4:15 a.m.52 views

CVE-2024-52919

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure and daemon exit via a flood of addr messages...

6.5CVSS0.00266EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 9:15 p.m.52 views

CVE-2024-36488

Improper Access Control in some IntelR DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 10:15 a.m.52 views

CVE-2023-52920

In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction jump history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10...

5.5CVSS0.00244EPSS
Exploits0References4
Total number of security vulnerabilities5000