Lucene search
K
NvdMost viewed

363614 matches found

NVD
NVD
added 2020/05/27 4:15 p.m.52 views

CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

6.1CVSS6AI score0.02233EPSS
Exploits1References1
NVD
NVD
added 2020/03/26 1:15 p.m.52 views

CVE-2020-1764

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alte...

8.6CVSS8.7AI score0.03468EPSS
Exploits2References2
NVD
NVD
added 2019/11/26 4:15 a.m.52 views

CVE-2019-15986

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input...

7.2CVSS7.1AI score0.00404EPSS
Exploits0References1
NVD
NVD
added 2019/11/22 7:15 p.m.52 views

CVE-2013-6234

Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload...

8CVSS7.9AI score0.06706EPSS
Exploits6References3
NVD
NVD
added 2019/09/13 1:15 p.m.52 views

CVE-2019-12517

An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The savequizscore functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress...

6.1CVSS6.1AI score0.01248EPSS
Exploits4References2
NVD
NVD
added 2019/09/05 7:16 p.m.52 views

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...

9.9CVSS7.9AI score0.79204EPSS
Exploits5References3
NVD
NVD
added 2019/08/13 7:15 p.m.52 views

CVE-2019-10929

A vulnerability has been identified in SIMATIC CP 1626 All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V20.8, SIMATIC HMI Panel incl. SIPLUS variants All versions,...

5.9CVSS5.9AI score0.00978EPSS
Exploits0References3
NVD
NVD
added 2019/04/05 5:29 a.m.52 views

CVE-2019-10874

Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...

8.8CVSS9AI score0.04522EPSS
Exploits3References4
NVD
NVD
added 2019/01/15 12:29 a.m.52 views

CVE-2019-6292

An issue was discovered in singledocparser.cpp in yaml-cpp aka LibYaml-C++ 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote...

6.5CVSS6.2AI score0.01748EPSS
Exploits1References1
NVD
NVD
added 2018/11/15 8:29 p.m.52 views

CVE-2018-16621

Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...

7.2CVSS7AI score0.0175EPSS
Exploits2References2
NVD
NVD
added 2018/07/18 3:29 p.m.52 views

CVE-2018-10616

ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used...

9.3CVSS7.7AI score0.01209EPSS
Exploits0References3
NVD
NVD
added 2018/04/19 2:29 a.m.52 views

CVE-2018-2628

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to...

9.8CVSS9.4AI score0.99448EPSS
Exploits69References8
NVD
NVD
added 2017/07/13 1:29 p.m.52 views

CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request...

7.5CVSS7.4AI score0.62597EPSS
Exploits6References7
NVD
NVD
added 2014/11/11 10:55 p.m.52 views

CVE-2014-4078

The IP Security feature in Microsoft Internet Information Services IIS 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP reques...

5.1CVSS6.5AI score0.18011EPSS
Exploits0References3
NVD
NVD
added 2013/07/31 1:20 p.m.52 views

CVE-2013-5006

maininternet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code...

4.3CVSS6.7AI score0.04555EPSS
Exploits5References4
NVD
NVD
added 2011/05/05 2:39 a.m.52 views

CVE-2011-1207

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a...

9.3CVSS7.2AI score0.05261EPSS
Exploits0References6
NVD
NVD
added 2009/03/14 6:30 p.m.52 views

CVE-2009-0824

Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in SlySoft AnyDVD before 6.5.2.6, Virtual CloneDrive 5.4.2.3 and earlier, CloneDVD 2.9.2.0 and earlier, and CloneCD 5.3.1.3 and earlier, uses the METHODNEITHER communication method for IOCTLs and does not properly validate a buffer...

4.9CVSS6.2AI score0.00725EPSS
Exploits1References11
NVD
NVD
added 2007/02/09 1:28 a.m.52 views

CVE-2006-6985

Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...

5CVSS5.9AI score0.01076EPSS
Exploits0References1
NVD
NVD
added 2006/08/05 12:4 a.m.52 views

CVE-2006-3980

PHP remote file inclusion vulnerability in administrator/components/commgm/help.mgm.php in Mambo Gallery Manager MGM 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

6.8CVSS7.6AI score0.06135EPSS
Exploits1References8
NVD
NVD
added 2002/05/16 4:0 a.m.52 views

CVE-2002-0230

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message...

5CVSS6.8AI score0.07702EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 5:16 p.m.51 views

CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 3:16 p.m.51 views

CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

4.1CVSS0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 5:16 p.m.51 views

CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

5.4CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 11:16 p.m.51 views

CVE-2026-8500

Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated or escaped, and is used as the last argument on the command line, allowing for command injection...

9.8CVSS0.01653EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 10:16 a.m.51 views

CVE-2026-44412

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.51 views

CVE-2026-25786

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

9.3CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 12:16 p.m.51 views

CVE-2026-43282

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function ionicqueryport calls ibdevicegetnetdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking the retur...

5.5CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.51 views

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS0.00407EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 1:16 a.m.51 views

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

7.5CVSS0.0018EPSS
Exploits0References5
NVD
NVD
added 2026/05/01 3:16 p.m.51 views

CVE-2026-43042

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platformlabel,s pair The RCU-protected codepaths mplsforward, mplsdumproutes can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize...

7.1CVSS0.0011EPSS
Exploits0References2
NVD
NVD
added 2025/12/10 7:16 p.m.51 views

CVE-2025-64847

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/11/14 9:15 p.m.51 views

CVE-2025-63745

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

5.5CVSS0.0013EPSS
Exploits0References4
NVD
NVD
added 2025/10/30 11:15 a.m.51 views

CVE-2025-53883

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

9.3CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/09/22 4:15 p.m.51 views

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

9.8CVSS0.00397EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 11:15 p.m.51 views

CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

7CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2025/09/04 7:15 p.m.51 views

CVE-2025-48548

In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00097EPSS
Exploits0References6
NVD
NVD
added 2025/08/20 2:15 p.m.51 views

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...

9.8CVSS0.00641EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 6:15 p.m.51 views

CVE-2025-23296

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00568EPSS
Exploits0References3
NVD
NVD
added 2025/07/03 9:15 a.m.51 views

CVE-2025-38140

In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dmrevalidatezones only allowed new or previously unzoned devices to call blkrevalidatediskzones. If the device was already zoned, disk-nrzones would always equal...

5.5CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2025/05/21 10:15 p.m.51 views

CVE-2025-34027

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

10CVSS0.35993EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 7:15 p.m.51 views

CVE-2025-47577

Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through = 2.9.2...

10CVSS0.05128EPSS
Exploits2References1
NVD
NVD
added 2025/05/08 8:15 p.m.51 views

CVE-2025-46812

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS0.00602EPSS
Exploits0References2
NVD
NVD
added 2025/05/05 8:15 p.m.51 views

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes th...

9.1CVSS0.00545EPSS
Exploits1References3
NVD
NVD
added 2025/05/04 10:15 p.m.51 views

CVE-2025-4251

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

9.8CVSS0.00612EPSS
Exploits1References4
NVD
NVD
added 2025/04/30 1:15 a.m.51 views

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

7.5CVSS0.00505EPSS
Exploits1References3
NVD
NVD
added 2025/04/27 8:15 a.m.51 views

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

5.4CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 2025/04/21 2:15 p.m.51 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS0.00209EPSS
Exploits1References1
NVD
NVD
added 2025/04/09 6:15 a.m.51 views

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

4.3CVSS0.00179EPSS
Exploits1References1
NVD
NVD
added 2025/03/03 2:15 p.m.51 views

CVE-2025-23738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Padam Shankhadev Ps Ads Pro ps-ads-pro allows Reflected XSS.This issue affects Ps Ads Pro: from n/a through = 1.0.0...

7.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 4:15 p.m.51 views

CVE-2024-11343

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...

8.8CVSS0.0062EPSS
Exploits0References1
Total number of security vulnerabilities5000