Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
•added 2024/06/13 8:16 a.m.•52 views

CVE-2024-36239

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

5.4CVSS0.00313EPSS
Exploits0References1
NVD
NVD
•added 2024/06/12 10:15 a.m.•52 views

CVE-2023-44234

Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08...

4.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
•added 2024/06/10 9:15 p.m.•52 views

CVE-2024-27812

A logic issue was addressed with improved file handling. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service...

7.5CVSS0.01128EPSS
Exploits0References4
NVD
NVD
•added 2024/06/10 5:16 p.m.•52 views

CVE-2024-3850

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...

5.4CVSS0.009EPSS
Exploits0References2
NVD
NVD
•added 2024/06/09 10:15 a.m.•52 views

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

8.8CVSS0.00293EPSS
Exploits0References1
NVD
NVD
•added 2024/06/08 2:15 p.m.•52 views

CVE-2024-35708

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in apollo13themes Rife Free allows Stored XSS.This issue affects Rife Free: from n/a through 2.4.19...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
•added 2024/05/17 9:15 a.m.•52 views

CVE-2024-30479

Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1...

5.3CVSS5.3AI score0.00536EPSS
Exploits0References1
NVD
NVD
•added 2024/05/07 1:15 p.m.•52 views

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

6.8CVSS6.6AI score0.00411EPSS
Exploits0References4
NVD
NVD
•added 2024/05/03 5:15 p.m.•52 views

CVE-2024-30851

Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the downloadfile.php component...

6.5CVSS5.9AI score0.04611EPSS
Exploits7References2
NVD
NVD
•added 2024/04/12 10:15 p.m.•52 views

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

6.3CVSS6.3AI score0.0068EPSS
Exploits0References10
NVD
NVD
•added 2024/02/08 8:15 p.m.•52 views

CVE-2024-22836

An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server...

9.8CVSS9.8AI score0.30036EPSS
Exploits3References3
NVD
NVD
•added 2024/01/11 1:15 a.m.•52 views

CVE-2024-21667

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

6.5CVSS6.3AI score0.00588EPSS
Exploits1References3
NVD
NVD
•added 2024/01/02 6:15 a.m.•52 views

CVE-2023-33038

Memory corruption while receiving a message in Bus Socket Transport Server...

7.8CVSS7AI score0.00117EPSS
Exploits0References1
NVD
NVD
•added 2023/12/20 7:15 p.m.•52 views

CVE-2023-46149

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

9.9CVSS0.00584EPSS
Exploits0References1
NVD
NVD
•added 2023/12/19 4:15 p.m.•52 views

CVE-2023-50272

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 6 iLO 6. The vulnerability could be remotely exploited to allow authentication bypass...

9.8CVSS0.00613EPSS
Exploits0References1
NVD
NVD
•added 2023/11/17 1:15 p.m.•52 views

CVE-2023-22275

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interactio...

7.5CVSS0.01341EPSS
Exploits0References1
NVD
NVD
•added 2023/10/25 8:15 p.m.•52 views

CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution...

8.8CVSS8.5AI score0.02234EPSS
Exploits0References4
NVD
NVD
•added 2023/09/01 7:15 p.m.•52 views

CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...

10CVSS9.7AI score0.01447EPSS
Exploits1References4
NVD
NVD
•added 2023/08/14 3:15 p.m.•52 views

CVE-2023-30751

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in iControlWP Article Directory Redux plugin = 1.0.2 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
•added 2023/08/03 4:15 a.m.•52 views

CVE-2023-4125

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...

8.8CVSS8.8AI score0.00732EPSS
Exploits1References2
NVD
NVD
•added 2023/08/01 5:15 p.m.•52 views

CVE-2023-38560

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format...

5.5CVSS5.3AI score0.00343EPSS
Exploits0References4
NVD
NVD
•added 2023/07/06 1:15 p.m.•52 views

CVE-2023-37242

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory NVRAM, or facilitate the exploitation of other vulnerabilities...

9.8CVSS9.5AI score0.0045EPSS
Exploits0References2
NVD
NVD
•added 2023/06/23 7:15 p.m.•52 views

CVE-2023-35156

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.2AI score0.02081EPSS
Exploits0References7
NVD
NVD
•added 2023/05/24 5:15 p.m.•52 views

CVE-2021-25748

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

7.6CVSS7.5AI score0.00694EPSS
Exploits0References2
NVD
NVD
•added 2023/05/10 11:15 p.m.•52 views

CVE-2022-29840

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

5.5CVSS5.4AI score0.00142EPSS
Exploits0References1
NVD
NVD
•added 2023/04/27 2:15 p.m.•52 views

CVE-2023-2341

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

7.3CVSS6.2AI score0.0109EPSS
Exploits1References2
NVD
NVD
•added 2023/04/16 8:15 a.m.•52 views

CVE-2023-29508

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...

8.9CVSS8.4AI score0.00423EPSS
Exploits0References2
NVD
NVD
•added 2023/04/05 4:15 p.m.•52 views

CVE-2023-1756

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

5.4CVSS4.8AI score0.00472EPSS
Exploits1References2
NVD
NVD
•added 2023/04/03 4:15 p.m.•52 views

CVE-2023-0977

A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...

6.7CVSS6.6AI score0.00535EPSS
Exploits0References1
NVD
NVD
•added 2023/03/29 7:15 p.m.•52 views

CVE-2022-42426

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

8.8CVSS8.1AI score0.0287EPSS
Exploits0References1
NVD
NVD
•added 2023/03/22 9:15 p.m.•52 views

CVE-2023-28666

The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...

5.4CVSS5.1AI score0.00441EPSS
Exploits2References1
NVD
NVD
•added 2023/03/13 7:15 p.m.•52 views

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

7.8CVSS7.8AI score0.01016EPSS
Exploits4References2
NVD
NVD
•added 2023/03/02 7:15 p.m.•52 views

CVE-2023-26474

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

9.9CVSS9.6AI score0.00787EPSS
Exploits1References2
NVD
NVD
•added 2023/02/27 2:16 a.m.•52 views

CVE-2023-26609

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wirelessmft ap field...

7.2CVSS7.4AI score0.38722EPSS
Exploits5References3
NVD
NVD
•added 2023/02/08 12:15 a.m.•52 views

CVE-2023-24828

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

8.8CVSS8.1AI score0.00713EPSS
Exploits0References2
NVD
NVD
•added 2023/02/02 9:22 p.m.•52 views

CVE-2022-48130

Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN...

9.8CVSS9.6AI score0.00928EPSS
Exploits1References1
NVD
NVD
•added 2023/02/01 1:15 a.m.•52 views

CVE-2023-23630

Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...

8.6CVSS8.4AI score0.00614EPSS
Exploits0References3
NVD
NVD
•added 2023/01/26 9:18 p.m.•52 views

CVE-2023-24453

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.3AI score0.00723EPSS
Exploits0References1
NVD
NVD
•added 2022/11/28 9:15 p.m.•52 views

CVE-2022-45921

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...

7.5CVSS0.00667EPSS
Exploits0References2
NVD
NVD
•added 2022/11/21 8:15 p.m.•52 views

CVE-2022-4105

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

7.1CVSS0.00454EPSS
Exploits1References2
NVD
NVD
•added 2022/11/16 12:15 a.m.•52 views

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

4.3CVSS0.00522EPSS
Exploits0References2
NVD
NVD
•added 2022/11/02 12:15 p.m.•52 views

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

7.5CVSS0.00608EPSS
Exploits0References1
NVD
NVD
•added 2022/10/25 5:15 p.m.•52 views

CVE-2022-39321

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

9.9CVSS0.01474EPSS
Exploits0References3
NVD
NVD
•added 2022/10/11 2:15 a.m.•52 views

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

9.8CVSS0.00891EPSS
Exploits0References2
NVD
NVD
•added 2022/09/23 2:15 p.m.•52 views

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

7.8CVSS0.00511EPSS
Exploits0References1
NVD
NVD
•added 2022/07/07 6:15 p.m.•52 views

CVE-2022-31121

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

7.5CVSS0.01937EPSS
Exploits0References4
NVD
NVD
•added 2022/05/19 6:15 p.m.•52 views

CVE-2021-32934

The affected ThroughTek P2P products SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module do not sufficiently protect data...

9.1CVSS0.00578EPSS
Exploits0References1
NVD
NVD
•added 2022/05/17 7:15 p.m.•52 views

CVE-2022-24890

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

4.3CVSS0.00883EPSS
Exploits1References4
NVD
NVD
•added 2022/03/28 2:15 a.m.•52 views

CVE-2021-44213

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message...

6.1CVSS0.00918EPSS
Exploits2References2
NVD
NVD
•added 2022/02/04 11:15 p.m.•52 views

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS0.00725EPSS
Exploits1References3
Total number of security vulnerabilities5000