Lucene search
K
NvdMost viewed

363779 matches found

NVD
NVD
added 2024/11/13 9:15 p.m.52 views

CVE-2024-36488

Improper Access Control in some IntelR DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 10:15 a.m.52 views

CVE-2023-52920

In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction jump history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10...

5.5CVSS0.00244EPSS
Exploits0References4
NVD
NVD
added 2024/10/09 7:15 p.m.52 views

CVE-2024-3656

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

8.1CVSS0.02837EPSS
Exploits0References8
NVD
NVD
added 2024/10/03 6:15 p.m.52 views

CVE-2024-41988

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications th...

9.3CVSS0.00594EPSS
Exploits1References1
NVD
NVD
added 2024/09/25 3:15 a.m.52 views

CVE-2024-7617

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00585EPSS
Exploits0References3
NVD
NVD
added 2024/09/13 3:15 p.m.52 views

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2024/09/04 2:15 p.m.52 views

CVE-2024-7012

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS0.00769EPSS
Exploits0References6
NVD
NVD
added 2024/09/03 7:15 p.m.52 views

CVE-2024-43803

The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. The BareMetalHost BMH CRD allows the userData, metaData, and networkData for the provisioned host to be specified as links to Kubernetes Secrets. There are fields for both the Name and Namespace of th...

4.9CVSS0.00574EPSS
Exploits0References7
NVD
NVD
added 2024/08/29 3:15 p.m.52 views

CVE-2024-43940

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9...

6.5CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 11:15 a.m.52 views

CVE-2024-43986

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: through 1.0.9...

5.9CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2024/08/14 5:15 p.m.52 views

CVE-2024-5914

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container...

9.8CVSS0.01224EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.52 views

CVE-2024-38144

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability...

8.8CVSS0.32347EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.52 views

CVE-2024-38140

Windows Reliable Multicast Transport Driver RMCAST Remote Code Execution Vulnerability...

9.8CVSS0.0381EPSS
Exploits0References2
NVD
NVD
added 2024/08/13 6:15 p.m.52 views

CVE-2024-37968

Windows DNS Spoofing Vulnerability...

7.5CVSS0.01019EPSS
Exploits0References1
NVD
NVD
added 2024/07/29 4:15 p.m.52 views

CVE-2024-41810

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site...

6.1CVSS0.01176EPSS
Exploits0References3
NVD
NVD
added 2024/07/10 7:15 p.m.52 views

CVE-2024-6235

Sensitive information disclosure in NetScaler Console...

9.4CVSS0.21331EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.52 views

CVE-2024-38074

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability...

9.8CVSS0.02211EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.52 views

CVE-2024-38024

Microsoft SharePoint Server Remote Code Execution Vulnerability...

7.2CVSS0.45495EPSS
Exploits1References1
NVD
NVD
added 2024/07/01 2:15 p.m.52 views

CVE-2024-24749

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

7.5CVSS0.00756EPSS
Exploits0References4
NVD
NVD
added 2024/06/27 4:15 p.m.52 views

CVE-2024-39374

TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials...

9.8CVSS0.00524EPSS
Exploits1References1
NVD
NVD
added 2024/06/26 5:15 a.m.52 views

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

7.3CVSS0.00248EPSS
Exploits0References5
NVD
NVD
added 2024/06/25 3:15 p.m.52 views

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory AD permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

7.2CVSS0.2677EPSS
Exploits0References2
NVD
NVD
added 2024/06/13 8:16 a.m.52 views

CVE-2024-36239

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

5.4CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 10:15 a.m.52 views

CVE-2023-44234

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08...

4.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 9:15 p.m.52 views

CVE-2024-27812

A logic issue was addressed with improved file handling. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service...

7.5CVSS0.01128EPSS
Exploits0References4
NVD
NVD
added 2024/06/10 5:16 p.m.52 views

CVE-2024-3850

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...

5.4CVSS0.009EPSS
Exploits0References2
NVD
NVD
added 2024/06/09 10:15 a.m.52 views

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

8.8CVSS0.00293EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 2:15 p.m.52 views

CVE-2024-35708

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/05/17 9:15 a.m.52 views

CVE-2024-30479

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

5.3CVSS5.3AI score0.00536EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 1:15 p.m.52 views

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References4
NVD
NVD
added 2024/05/03 5:15 p.m.52 views

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the downloadfile.php component...

6.5CVSS5.9AI score0.04611EPSS
Exploits7References2
NVD
NVD
added 2024/04/12 10:15 p.m.52 views

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.3AI score0.0068EPSS
Exploits0References10
NVD
NVD
added 2024/02/08 8:15 p.m.52 views

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

9.8CVSS9.8AI score0.30036EPSS
Exploits3References3
NVD
NVD
added 2024/01/11 1:15 a.m.52 views

CVE-2024-21667

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

6.5CVSS6.3AI score0.00588EPSS
Exploits1References3
NVD
NVD
added 2024/01/02 6:15 a.m.52 views

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server...

7.8CVSS7AI score0.00117EPSS
Exploits0References1
NVD
NVD
added 2023/12/20 7:15 p.m.52 views

CVE-2023-46149

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

9.9CVSS0.00584EPSS
Exploits0References1
NVD
NVD
added 2023/12/19 4:15 p.m.52 views

CVE-2023-50272

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 6 iLO 6. The vulnerability could be remotely exploited to allow authentication bypass...

9.8CVSS0.00613EPSS
Exploits0References1
NVD
NVD
added 2023/11/17 1:15 p.m.52 views

CVE-2023-22275

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interactio...

7.5CVSS0.01341EPSS
Exploits0References1
NVD
NVD
added 2023/10/28 2:15 p.m.52 views

CVE-2023-5835

A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is wh...

6.1CVSS4.4AI score0.00385EPSS
Exploits0References3
NVD
NVD
added 2023/09/05 6:15 a.m.52 views

CVE-2023-4748

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. This issue affects some unknown processing of the file PrintTemplateFileServlet.java. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The...

7.5CVSS6.7AI score0.00765EPSS
Exploits1References3
NVD
NVD
added 2023/09/01 7:15 p.m.52 views

CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...

10CVSS9.7AI score0.01447EPSS
Exploits1References4
NVD
NVD
added 2023/08/14 3:15 p.m.52 views

CVE-2023-30751

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in iControlWP Article Directory Redux plugin = 1.0.2 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/08/03 4:15 a.m.52 views

CVE-2023-4125

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...

8.8CVSS8.8AI score0.00732EPSS
Exploits1References2
NVD
NVD
added 2023/08/01 5:15 p.m.52 views

CVE-2023-38560

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format...

5.5CVSS5.3AI score0.00343EPSS
Exploits0References4
NVD
NVD
added 2023/07/06 1:15 p.m.52 views

CVE-2023-37242

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory NVRAM, or facilitate the exploitation of other vulnerabilities...

9.8CVSS9.5AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2023/06/23 7:15 p.m.52 views

CVE-2023-35156

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.2AI score0.02081EPSS
Exploits0References7
NVD
NVD
added 2023/05/26 11:15 p.m.52 views

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

9.8CVSS10AI score0.01684EPSS
Exploits0References2
NVD
NVD
added 2023/05/24 5:15 p.m.52 views

CVE-2021-25748

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

7.6CVSS7.5AI score0.00694EPSS
Exploits0References2
NVD
NVD
added 2023/05/10 11:15 p.m.52 views

CVE-2022-29840

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

5.5CVSS5.4AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2023/04/27 2:15 p.m.52 views

CVE-2023-2341

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

7.3CVSS6.2AI score0.0109EPSS
Exploits1References2
Total number of security vulnerabilities5000