Lucene search
K
NvdMost viewed

363634 matches found

NVD
NVD
added 2025/09/09 11:15 p.m.51 views

CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

7CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2025/09/04 7:15 p.m.51 views

CVE-2025-48548

In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00097EPSS
Exploits0References6
NVD
NVD
added 2025/08/20 2:15 p.m.51 views

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...

9.8CVSS0.00641EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 6:15 p.m.51 views

CVE-2025-23296

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00568EPSS
Exploits0References3
NVD
NVD
added 2025/07/03 9:15 a.m.51 views

CVE-2025-38140

In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dmrevalidatezones only allowed new or previously unzoned devices to call blkrevalidatediskzones. If the device was already zoned, disk-nrzones would always equal...

5.5CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2025/05/19 7:15 p.m.51 views

CVE-2025-47577

Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through = 2.9.2...

10CVSS0.05128EPSS
Exploits2References1
NVD
NVD
added 2025/05/08 8:15 p.m.51 views

CVE-2025-46812

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS0.00602EPSS
Exploits0References2
NVD
NVD
added 2025/05/05 8:15 p.m.51 views

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes th...

9.1CVSS0.00545EPSS
Exploits1References3
NVD
NVD
added 2025/05/04 10:15 p.m.51 views

CVE-2025-4251

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

9.8CVSS0.00612EPSS
Exploits1References4
NVD
NVD
added 2025/04/30 1:15 a.m.51 views

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

7.5CVSS0.00505EPSS
Exploits1References3
NVD
NVD
added 2025/04/27 8:15 a.m.51 views

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

5.4CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 2025/04/21 2:15 p.m.51 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS0.00209EPSS
Exploits1References1
NVD
NVD
added 2025/04/18 4:15 p.m.51 views

CVE-2025-31118

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature viewtopic.php does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction,...

7.1CVSS0.00449EPSS
Exploits1References3
NVD
NVD
added 2025/04/09 6:15 a.m.51 views

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

4.3CVSS0.00179EPSS
Exploits1References1
NVD
NVD
added 2025/03/22 5:15 p.m.51 views

CVE-2025-2621

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function checkdwscookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

10CVSS0.01912EPSS
Exploits1References5
NVD
NVD
added 2025/03/03 2:15 p.m.51 views

CVE-2025-23738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Padam Shankhadev Ps Ads Pro ps-ads-pro allows Reflected XSS.This issue affects Ps Ads Pro: from n/a through = 1.0.0...

7.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 4:15 p.m.51 views

CVE-2024-11343

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...

8.8CVSS0.0062EPSS
Exploits0References1
NVD
NVD
added 2025/01/24 7:15 p.m.51 views

CVE-2024-52807

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...

8.6CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 8:15 p.m.51 views

CVE-2024-55945

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

6.5CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2024/12/24 12:15 p.m.51 views

CVE-2024-53162

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat4xxx - fix off by one in uofgetname The fwobjs array has "numobjs" elements so the needs to be = to prevent an out of bounds read...

7.1CVSS0.00252EPSS
Exploits0References4
NVD
NVD
added 2024/12/20 2:15 a.m.51 views

CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

3.3CVSS0.00118EPSS
Exploits1References1
NVD
NVD
added 2024/12/11 1:15 p.m.51 views

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system...

6.5CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 4:15 p.m.51 views

CVE-2024-40582

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information...

7.5CVSS0.00303EPSS
Exploits1References1
NVD
NVD
added 2024/12/09 1:15 p.m.51 views

CVE-2023-23814

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13...

3.8CVSS0.00458EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 3:15 p.m.51 views

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS0.00954EPSS
Exploits0References1
NVD
NVD
added 2024/11/25 6:15 a.m.51 views

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00455EPSS
Exploits1References1
NVD
NVD
added 2024/11/23 10:15 a.m.51 views

CVE-2024-11227

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberliteaccordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0046EPSS
Exploits0References4
NVD
NVD
added 2024/11/18 4:15 a.m.51 views

CVE-2024-52919

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure and daemon exit via a flood of addr messages...

6.5CVSS0.00266EPSS
Exploits0References2
NVD
NVD
added 2024/11/14 11:15 a.m.51 views

CVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS0.04841EPSS
Exploits3References3
NVD
NVD
added 2024/10/01 9:15 a.m.51 views

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

9.8CVSS0.00559EPSS
Exploits0References2
NVD
NVD
added 2024/09/26 6:15 p.m.51 views

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation...

6.5CVSS0.00095EPSS
Exploits0References1
NVD
NVD
added 2024/09/26 4:15 p.m.51 views

CVE-2024-46632

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...

4.3CVSS0.00468EPSS
Exploits1References1
NVD
NVD
added 2024/09/10 3:15 p.m.51 views

CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

5CVSS0.00511EPSS
Exploits0References3
NVD
NVD
added 2024/09/04 2:15 p.m.51 views

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

9.8CVSS0.00814EPSS
Exploits0References6
NVD
NVD
added 2024/09/04 2:15 p.m.51 views

CVE-2024-7012

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS0.00769EPSS
Exploits0References6
NVD
NVD
added 2024/08/13 6:15 p.m.51 views

CVE-2024-37968

Windows DNS Spoofing Vulnerability...

7.5CVSS0.01019EPSS
Exploits0References1
NVD
NVD
added 2024/07/29 2:15 p.m.51 views

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

9.8CVSS0.00644EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 8:15 p.m.51 views

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

5.4CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 8:15 a.m.51 views

CVE-2024-39877

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

8.8CVSS0.01726EPSS
Exploits0References3
NVD
NVD
added 2024/07/16 5:15 p.m.51 views

CVE-2024-6325

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by...

6.5CVSS0.00304EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 5:15 a.m.51 views

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS0.01864EPSS
Exploits1References3
NVD
NVD
added 2024/07/11 4:15 p.m.51 views

CVE-2024-39317

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

6.5CVSS0.0061EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 5:15 p.m.51 views

CVE-2024-38024

Microsoft SharePoint Server Remote Code Execution Vulnerability...

7.2CVSS0.45495EPSS
Exploits1References1
NVD
NVD
added 2024/07/05 7:15 p.m.51 views

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

7.5CVSS0.01049EPSS
Exploits0References4
NVD
NVD
added 2024/07/03 8:15 p.m.51 views

CVE-2024-39683

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

6.5CVSS0.00609EPSS
Exploits0References10
NVD
NVD
added 2024/06/25 3:15 a.m.51 views

CVE-2024-23147

A maliciously crafted CATPART, XB and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the...

7.8CVSS0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/06/20 11:15 p.m.51 views

CVE-2024-38361

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...

5.3CVSS0.00396EPSS
Exploits1References2
NVD
NVD
added 2024/06/19 12:15 p.m.51 views

CVE-2023-46146

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

8.8CVSS0.00364EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 8:16 a.m.51 views

CVE-2024-36239

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

5.4CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 3:15 a.m.51 views

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

7.5CVSS0.00541EPSS
Exploits0References2
Total number of security vulnerabilities5000