Lucene search
K
NvdMost viewed

364486 matches found

NVD
NVD
•added 2023/08/03 4:15 a.m.•52 views

CVE-2023-4125

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...

8.8CVSS8.8AI score0.00732EPSS
Exploits1References2
NVD
NVD
•added 2023/08/01 5:15 p.m.•52 views

CVE-2023-38560

An integer overflow flaw was found in pcl/pl/plfont.c:418 in plglyphname in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format...

5.5CVSS5.3AI score0.00343EPSS
Exploits0References4
NVD
NVD
•added 2023/07/06 1:15 p.m.•52 views

CVE-2023-37242

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory NVRAM, or facilitate the exploitation of other vulnerabilities...

9.8CVSS9.5AI score0.0045EPSS
Exploits0References2
NVD
NVD
•added 2023/06/23 7:15 p.m.•52 views

CVE-2023-35156

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.2AI score0.02081EPSS
Exploits0References7
NVD
NVD
•added 2023/06/19 11:15 a.m.•52 views

CVE-2023-2527

The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

4.8CVSS5.4AI score0.0044EPSS
Exploits2References2
NVD
NVD
•added 2023/05/24 5:15 p.m.•52 views

CVE-2021-25748

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

7.6CVSS7.5AI score0.00694EPSS
Exploits0References2
NVD
NVD
•added 2023/05/10 11:15 p.m.•52 views

CVE-2022-29840

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

5.5CVSS5.4AI score0.00142EPSS
Exploits0References1
NVD
NVD
•added 2023/04/27 2:15 p.m.•52 views

CVE-2023-2341

Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.21...

7.3CVSS6.2AI score0.0109EPSS
Exploits1References2
NVD
NVD
•added 2023/04/16 8:15 a.m.•52 views

CVE-2023-29508

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...

8.9CVSS8.4AI score0.00423EPSS
Exploits0References2
NVD
NVD
•added 2023/04/05 4:15 p.m.•52 views

CVE-2023-1756

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

5.4CVSS4.8AI score0.00472EPSS
Exploits1References2
NVD
NVD
•added 2023/04/03 4:15 p.m.•52 views

CVE-2023-0977

A heap-based overflow vulnerability in Trellix Agent Windows and Linux version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable...

6.7CVSS6.6AI score0.00535EPSS
Exploits0References1
NVD
NVD
•added 2023/03/29 7:15 p.m.•52 views

CVE-2022-42426

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

8.8CVSS8.1AI score0.0287EPSS
Exploits0References1
NVD
NVD
•added 2023/03/13 7:15 p.m.•52 views

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

7.8CVSS7.8AI score0.01016EPSS
Exploits4References2
NVD
NVD
•added 2023/03/02 7:15 p.m.•52 views

CVE-2023-26474

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

9.9CVSS9.6AI score0.00787EPSS
Exploits1References2
NVD
NVD
•added 2023/02/08 12:15 a.m.•52 views

CVE-2023-24828

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

8.8CVSS8.1AI score0.00713EPSS
Exploits0References2
NVD
NVD
•added 2023/02/02 9:22 p.m.•52 views

CVE-2022-48130

Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN...

9.8CVSS9.6AI score0.00928EPSS
Exploits1References1
NVD
NVD
•added 2023/02/01 1:15 a.m.•52 views

CVE-2023-23630

Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...

8.6CVSS8.4AI score0.00614EPSS
Exploits0References3
NVD
NVD
•added 2023/01/26 9:18 p.m.•52 views

CVE-2023-24453

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS6.3AI score0.00723EPSS
Exploits0References1
NVD
NVD
•added 2022/11/28 9:15 p.m.•52 views

CVE-2022-45921

FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process...

7.5CVSS0.00667EPSS
Exploits0References2
NVD
NVD
•added 2022/11/16 12:15 a.m.•52 views

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

4.3CVSS0.00522EPSS
Exploits0References2
NVD
NVD
•added 2022/11/02 12:15 p.m.•52 views

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

7.5CVSS0.00608EPSS
Exploits0References1
NVD
NVD
•added 2022/10/25 5:15 p.m.•52 views

CVE-2022-39321

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

9.9CVSS0.01474EPSS
Exploits0References3
NVD
NVD
•added 2022/07/07 6:15 p.m.•52 views

CVE-2022-31121

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

7.5CVSS0.01937EPSS
Exploits0References4
NVD
NVD
•added 2022/05/17 7:15 p.m.•52 views

CVE-2022-24890

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

4.3CVSS0.00883EPSS
Exploits1References4
NVD
NVD
•added 2022/04/28 1:15 p.m.•52 views

CVE-2022-29152

The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...

6.1CVSS0.0053EPSS
Exploits0References2
NVD
NVD
•added 2022/03/28 2:15 a.m.•52 views

CVE-2021-44213

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message...

6.1CVSS0.00918EPSS
Exploits2References2
NVD
NVD
•added 2022/02/04 11:15 p.m.•52 views

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS0.00725EPSS
Exploits1References3
NVD
NVD
•added 2022/01/25 8:15 p.m.•52 views

CVE-2021-40159

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process...

7.8CVSS0.02296EPSS
Exploits0References3
NVD
NVD
•added 2021/12/15 3:15 p.m.•52 views

CVE-2021-42295

Visual Basic for Applications Information Disclosure Vulnerability...

5.5CVSS0.02862EPSS
Exploits0References1
NVD
NVD
•added 2021/10/21 8:15 p.m.•52 views

CVE-2021-39352

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS0.55729EPSS
Exploits6References7
NVD
NVD
•added 2021/09/15 7:15 p.m.•52 views

CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...

9.1CVSS0.02077EPSS
Exploits5References6
NVD
NVD
•added 2021/09/09 12:15 p.m.•52 views

CVE-2021-39459

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...

9CVSS0.04894EPSS
Exploits2References2
NVD
NVD
•added 2021/08/23 5:15 a.m.•52 views

CVE-2021-39291

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800...

8.8CVSS0.01481EPSS
Exploits3References2
NVD
NVD
•added 2021/08/02 11:15 a.m.•52 views

CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.03065EPSS
Exploits2References1
NVD
NVD
•added 2021/07/07 2:15 p.m.•52 views

CVE-2021-32508

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

6.5CVSS0.01301EPSS
Exploits0References1
NVD
NVD
•added 2021/06/16 1:15 p.m.•52 views

CVE-2021-31159

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732...

5.3CVSS0.17772EPSS
Exploits5References4
NVD
NVD
•added 2021/06/09 6:15 p.m.•52 views

CVE-2021-32677

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery CSRF attack. I...

8.2CVSS0.00772EPSS
Exploits0References3
NVD
NVD
•added 2021/06/08 1:15 p.m.•52 views

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

7.4CVSS0.00522EPSS
Exploits0References4
NVD
NVD
•added 2021/05/18 3:15 p.m.•52 views

CVE-2021-32238

Epic Games / Psyonix Rocket League =1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario...

9.3CVSS0.02076EPSS
Exploits2References3
NVD
NVD
•added 2021/05/06 1:15 p.m.•52 views

CVE-2021-24254

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack...

7.2CVSS0.01844EPSS
Exploits2References2
NVD
NVD
•added 2021/02/24 5:15 p.m.•52 views

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

10CVSS0.9957EPSS
Exploits47References5
NVD
NVD
•added 2021/01/20 8:15 p.m.•52 views

CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity...

7.5CVSS7.3AI score0.73828EPSS
Exploits0References1
NVD
NVD
•added 2021/01/13 10:15 p.m.•52 views

CVE-2021-1144

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

8.8CVSS8.8AI score0.01409EPSS
Exploits0References1
NVD
NVD
•added 2020/12/11 4:15 a.m.•52 views

CVE-2020-13556

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS9.8AI score0.04519EPSS
Exploits1References1
NVD
NVD
•added 2020/07/24 2:15 p.m.•52 views

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

7.8CVSS7.9AI score0.12996EPSS
Exploits6References6
NVD
NVD
•added 2020/05/27 4:15 p.m.•52 views

CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

6.1CVSS6AI score0.02233EPSS
Exploits1References1
NVD
NVD
•added 2020/04/29 9:15 p.m.•52 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS7.2AI score0.8383EPSS
Exploits6References67
NVD
NVD
•added 2020/03/26 1:15 p.m.•52 views

CVE-2020-1764

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alte...

8.6CVSS8.7AI score0.03468EPSS
Exploits2References2
NVD
NVD
•added 2019/11/26 4:15 a.m.•52 views

CVE-2019-15986

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input...

7.2CVSS7.1AI score0.00404EPSS
Exploits0References1
NVD
NVD
•added 2019/09/13 1:15 p.m.•52 views

CVE-2019-12517

An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The savequizscore functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress...

6.1CVSS6.1AI score0.01248EPSS
Exploits4References2
Total number of security vulnerabilities5000