Lucene search
K
NvdMost viewed

363654 matches found

NVD
NVD
added 2024/12/09 4:15 p.m.51 views

CVE-2024-40582

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information...

7.5CVSS0.00303EPSS
Exploits1References1
NVD
NVD
added 2024/12/09 1:15 p.m.51 views

CVE-2023-23814

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13...

3.8CVSS0.00458EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 3:15 p.m.51 views

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS0.00954EPSS
Exploits0References1
NVD
NVD
added 2024/11/25 6:15 a.m.51 views

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00455EPSS
Exploits1References1
NVD
NVD
added 2024/11/23 10:15 a.m.51 views

CVE-2024-11227

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberliteaccordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0046EPSS
Exploits0References4
NVD
NVD
added 2024/11/20 3:15 p.m.51 views

CVE-2024-10094

Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code...

9.8CVSS0.00463EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 4:15 a.m.51 views

CVE-2024-52919

Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure and daemon exit via a flood of addr messages...

6.5CVSS0.00266EPSS
Exploits0References2
NVD
NVD
added 2024/11/14 11:15 a.m.51 views

CVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS0.04841EPSS
Exploits3References3
NVD
NVD
added 2024/11/13 9:15 p.m.51 views

CVE-2024-36488

Improper Access Control in some IntelR DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 9:15 a.m.51 views

CVE-2024-9289

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwaploginrequestcallback function not properly validating a user's identity prior to authenticating them to the site. This...

9.8CVSS0.00559EPSS
Exploits0References2
NVD
NVD
added 2024/09/26 6:15 p.m.51 views

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation...

6.5CVSS0.00095EPSS
Exploits0References1
NVD
NVD
added 2024/09/26 4:15 p.m.51 views

CVE-2024-46632

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...

4.3CVSS0.00468EPSS
Exploits1References1
NVD
NVD
added 2024/09/10 3:15 p.m.51 views

CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

5CVSS0.00511EPSS
Exploits0References3
NVD
NVD
added 2024/09/04 2:15 p.m.51 views

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

9.8CVSS0.00814EPSS
Exploits0References6
NVD
NVD
added 2024/07/29 2:15 p.m.51 views

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer SFTP module can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3...

9.8CVSS0.00644EPSS
Exploits0References2
NVD
NVD
added 2024/07/23 3:15 p.m.51 views

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

7.5CVSS0.00766EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 8:15 a.m.51 views

CVE-2024-39877

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

8.8CVSS0.01726EPSS
Exploits0References3
NVD
NVD
added 2024/07/16 5:15 p.m.51 views

CVE-2024-6325

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by...

6.5CVSS0.00304EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 5:15 a.m.51 views

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS0.01864EPSS
Exploits1References3
NVD
NVD
added 2024/07/11 4:15 p.m.51 views

CVE-2024-39317

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

6.5CVSS0.0061EPSS
Exploits0References4
NVD
NVD
added 2024/07/05 7:15 p.m.51 views

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

7.5CVSS0.01049EPSS
Exploits0References4
NVD
NVD
added 2024/07/03 8:15 p.m.51 views

CVE-2024-39683

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

6.5CVSS0.00609EPSS
Exploits0References10
NVD
NVD
added 2024/06/25 3:15 a.m.51 views

CVE-2024-23147

A maliciously crafted CATPART, XB and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the...

7.8CVSS0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/06/20 11:15 p.m.51 views

CVE-2024-38361

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...

5.3CVSS0.00396EPSS
Exploits1References2
NVD
NVD
added 2024/06/19 12:15 p.m.51 views

CVE-2023-46146

Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

8.8CVSS0.00364EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 8:16 a.m.51 views

CVE-2024-36239

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

5.4CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 3:15 a.m.51 views

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

7.5CVSS0.00541EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 4:15 p.m.51 views

CVE-2024-37156

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

6.1CVSS0.00292EPSS
Exploits0References2
NVD
NVD
added 2024/05/27 6:15 p.m.51 views

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

5.3CVSS5.3AI score0.0053EPSS
Exploits0References3
NVD
NVD
added 2024/05/21 4:15 p.m.51 views

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

7.8CVSS6.5AI score0.00246EPSS
Exploits0References8
NVD
NVD
added 2024/05/08 9:15 a.m.51 views

CVE-2024-4438

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS8.2AI score0.00791EPSS
Exploits19References5
NVD
NVD
added 2024/05/07 11:15 p.m.51 views

CVE-2023-35749

D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00605EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.51 views

CVE-2024-3215

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder function. Th...

5.3CVSS4.9AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2024/04/17 9:15 p.m.51 views

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

6.1CVSS5.6AI score0.00435EPSS
Exploits1References1
NVD
NVD
added 2024/03/30 5:15 a.m.51 views

CVE-2024-2047

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...

8.8CVSS8.9AI score0.01482EPSS
Exploits0References3
NVD
NVD
added 2024/03/20 10:15 p.m.51 views

CVE-2024-24050

Cross Site Scripting XSS vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php...

4.7CVSS5.9AI score0.00443EPSS
Exploits4References1
NVD
NVD
added 2024/02/29 3:15 p.m.51 views

CVE-2023-52485

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command Why We can hang in place trying to send commands when the DMCUB isn't powered on. How For functions that execute within a DC context or DC lock we can wrap the direct calls to...

5.5CVSS7AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2024/02/19 12:15 p.m.51 views

CVE-2024-1346

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants...

6.8CVSS6.5AI score0.00392EPSS
Exploits5References1
NVD
NVD
added 2024/01/30 5:15 p.m.51 views

CVE-2024-23838

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet cou...

8.6CVSS7.6AI score0.00532EPSS
Exploits0References2
NVD
NVD
added 2024/01/25 7:15 p.m.51 views

CVE-2023-6267

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

9.8CVSS9.1AI score0.00719EPSS
Exploits0References4
NVD
NVD
added 2023/12/22 9:15 p.m.51 views

CVE-2023-50730

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

7.5CVSS0.00827EPSS
Exploits0References3
NVD
NVD
added 2023/11/17 2:15 p.m.51 views

CVE-2023-26364

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges...

5.3CVSS0.00985EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 10:15 p.m.51 views

CVE-2023-47524

Unauth. Reflected Cross-Site Scripting XSS vulnerability requires PHP 8.x in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.9 versions...

6.1CVSS0.00358EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 8:15 p.m.51 views

CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution...

8.8CVSS8.5AI score0.02234EPSS
Exploits0References4
NVD
NVD
added 2023/10/25 6:17 p.m.51 views

CVE-2023-46124

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...

8.2CVSS8.2AI score0.00675EPSS
Exploits0References3
NVD
NVD
added 2023/10/16 8:15 p.m.51 views

CVE-2023-5003

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so...

7.5CVSS7.6AI score0.25855EPSS
Exploits2References1
NVD
NVD
added 2023/10/06 7:15 p.m.51 views

CVE-2023-21266

In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00113EPSS
Exploits0References2
NVD
NVD
added 2023/09/25 7:15 p.m.51 views

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

8.3CVSS8.7AI score0.01292EPSS
Exploits1References5
NVD
NVD
added 2023/09/21 3:15 p.m.51 views

CVE-2023-42457

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the ++api++ traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less...

7.5CVSS7.4AI score0.00822EPSS
Exploits0References4
NVD
NVD
added 2023/09/11 9:15 p.m.51 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service factory reset or continuous locking with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.4AI score0.00093EPSS
Exploits0References2
Total number of security vulnerabilities5000