Lucene search
K
NvdMost viewed

363634 matches found

NVD
NVD
•added 2022/10/10 2:15 p.m.•51 views

CVE-2022-26121

An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via...

5.3CVSS0.00734EPSS
Exploits0References1
NVD
NVD
•added 2022/09/29 6:15 p.m.•51 views

CVE-2022-39266

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

9.8CVSS0.01088EPSS
Exploits0References4
NVD
NVD
•added 2022/09/23 2:15 p.m.•51 views

CVE-2022-27492

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file...

7.8CVSS0.00511EPSS
Exploits0References1
NVD
NVD
•added 2022/09/16 11:15 p.m.•51 views

CVE-2022-35997

TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The f...

7.5CVSS0.00405EPSS
Exploits0References2
NVD
NVD
•added 2022/08/05 10:15 p.m.•51 views

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS0.03589EPSS
Exploits1References1
NVD
NVD
•added 2022/08/05 5:15 p.m.•51 views

CVE-2022-2668

An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS0.00834EPSS
Exploits0References1
NVD
NVD
•added 2022/06/15 2:15 p.m.•51 views

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

5.5CVSS0.0011EPSS
Exploits0References1
NVD
NVD
•added 2022/06/14 10:15 a.m.•51 views

CVE-2022-31619

A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...

8.8CVSS0.01256EPSS
Exploits0References1
NVD
NVD
•added 2022/06/02 5:15 p.m.•51 views

CVE-2022-31018

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

7.5CVSS0.01573EPSS
Exploits0References3
NVD
NVD
•added 2022/04/28 1:15 p.m.•51 views

CVE-2022-29152

The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page...

6.1CVSS0.0053EPSS
Exploits0References2
NVD
NVD
•added 2022/03/10 6:15 p.m.•51 views

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

8.8CVSS0.08963EPSS
Exploits1References1
NVD
NVD
•added 2022/03/03 10:15 p.m.•51 views

CVE-2022-24725

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...

6.2CVSS0.00492EPSS
Exploits1References3
NVD
NVD
•added 2022/02/28 4:15 p.m.•51 views

CVE-2022-24712

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...

8.8CVSS0.00557EPSS
Exploits0References2
NVD
NVD
•added 2022/02/09 4:15 p.m.•51 views

CVE-2022-23312

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP9 Security Patch 1. The integrated web application "Online Help" in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious...

6.1CVSS0.00562EPSS
Exploits0References1
NVD
NVD
•added 2022/02/07 11:15 p.m.•51 views

CVE-2022-23624

Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request...

8.8CVSS0.01244EPSS
Exploits0References2
NVD
NVD
•added 2022/02/02 11:15 a.m.•51 views

CVE-2021-41016

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...

9CVSS0.01055EPSS
Exploits0References1
NVD
NVD
•added 2022/01/28 8:15 p.m.•51 views

CVE-2021-40423

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

7.8CVSS0.01339EPSS
Exploits1References2
NVD
NVD
•added 2021/11/08 3:15 p.m.•51 views

CVE-2021-39182

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

7.5CVSS0.00544EPSS
Exploits1References2
NVD
NVD
•added 2021/11/01 2:15 p.m.•51 views

CVE-2021-29212

A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality,...

10CVSS0.13478EPSS
Exploits0References2
NVD
NVD
•added 2021/10/20 10:15 p.m.•51 views

CVE-2021-42299

Microsoft Surface Pro 3 Security Feature Bypass Vulnerability...

6.1CVSS0.00733EPSS
Exploits0References1
NVD
NVD
•added 2021/10/18 2:15 p.m.•51 views

CVE-2021-24752

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...

5.7CVSS0.00408EPSS
Exploits2References1
NVD
NVD
•added 2021/08/02 11:15 a.m.•51 views

CVE-2021-24498

The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.03065EPSS
Exploits2References1
NVD
NVD
•added 2021/06/08 11:15 p.m.•51 views

CVE-2021-31949

Microsoft Outlook Remote Code Execution Vulnerability...

7.8CVSS0.02567EPSS
Exploits0References1
NVD
NVD
•added 2021/06/01 8:15 p.m.•51 views

CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

4CVSS0.01205EPSS
Exploits0References3
NVD
NVD
•added 2021/05/27 12:15 p.m.•51 views

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

7.8CVSS0.00239EPSS
Exploits0References1
NVD
NVD
•added 2021/05/11 3:15 p.m.•51 views

CVE-2021-21649

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission...

5.4CVSS0.72678EPSS
Exploits0References1
NVD
NVD
•added 2021/05/06 9:15 p.m.•51 views

CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands,...

10CVSS0.68293EPSS
Exploits1References2
NVD
NVD
•added 2021/05/06 1:15 p.m.•51 views

CVE-2021-24254

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack...

7.2CVSS0.01844EPSS
Exploits2References2
NVD
NVD
•added 2021/04/23 4:15 p.m.•51 views

CVE-2021-31404

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 Vaadin 10.0.0 through 10.0.16, 1.1.0 prior to 2.0.0 Vaadin 11 prior to 14, 2.0.0 through 2.4.6 Vaadin 14.0.0 through 14.4.6, 3.0.0 prior to 5.0.0 Vaadin 15 prior to 18, and...

4CVSS0.0021EPSS
Exploits0References2
NVD
NVD
•added 2021/04/22 9:15 p.m.•51 views

CVE-2021-27393

A vulnerability has been identified in Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2013.08, Nucleus Source Code Versions including affected DNS modules. The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS...

5.3CVSS0.00751EPSS
Exploits0References1
NVD
NVD
•added 2021/01/13 10:15 p.m.•51 views

CVE-2021-1144

A vulnerability in Cisco Connected Mobile Experiences CMX could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An...

8.8CVSS8.8AI score0.01409EPSS
Exploits0References1
NVD
NVD
•added 2020/12/11 4:15 a.m.•51 views

CVE-2020-13556

An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS9.8AI score0.04519EPSS
Exploits1References1
NVD
NVD
•added 2020/04/29 9:15 p.m.•51 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS7.2AI score0.8383EPSS
Exploits6References67
NVD
NVD
•added 2020/04/14 9:15 p.m.•51 views

CVE-2020-8318

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges...

7.8CVSS7.6AI score0.00405EPSS
Exploits0References1
NVD
NVD
•added 2020/01/25 7:15 p.m.•51 views

CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

10CVSS9.9AI score0.82956EPSS
Exploits7References3
NVD
NVD
•added 2019/10/05 11:15 p.m.•51 views

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

9.8CVSS9.7AI score0.03158EPSS
Exploits0References3
NVD
NVD
•added 2019/08/05 7:15 p.m.•51 views

CVE-2019-10980

A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is...

7.8CVSS7.6AI score0.01002EPSS
Exploits0References1
NVD
NVD
•added 2019/07/25 9:15 p.m.•51 views

CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

7.5CVSS6.2AI score0.03478EPSS
Exploits0References13
NVD
NVD
•added 2018/06/07 2:29 a.m.•51 views

CVE-2017-16205

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

7.5CVSS7.5AI score0.01123EPSS
Exploits0References1
NVD
NVD
•added 2018/05/09 7:29 p.m.•51 views

CVE-2018-8119

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK, C SDK, Java SDK...

6.8CVSS5.4AI score0.01098EPSS
Exploits0References3
NVD
NVD
•added 2018/01/18 11:29 p.m.•51 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.4AI score0.29726EPSS
Exploits2References38
NVD
NVD
•added 2017/12/20 7:29 p.m.•51 views

CVE-2017-16725

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the...

10CVSS9.7AI score0.09216EPSS
Exploits3References2
NVD
NVD
•added 2015/11/06 11:59 a.m.•51 views

CVE-2015-6292

The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via multiple prox...

7.8CVSS6.7AI score0.01925EPSS
Exploits0References2
NVD
NVD
•added 2014/12/11 12:59 a.m.•51 views

CVE-2014-6363

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "VBScript Memory Corruption Vulnerability."...

9.3CVSS7.5AI score0.28442EPSS
Exploits2References4
NVD
NVD
•added 2013/08/16 4:55 p.m.•51 views

CVE-2013-4128

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...

6.4CVSS6.5AI score0.02441EPSS
Exploits0References8
NVD
NVD
•added 2009/07/27 2:30 p.m.•51 views

CVE-2009-2605

Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via 1 trupuser and 2 truppassword cookies to uploadcp/index.php...

6.8CVSS8.5AI score0.01977EPSS
Exploits0References4
NVD
NVD
•added 2009/07/09 4:30 p.m.•51 views

CVE-2009-2421

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol...

5CVSS7.9AI score0.02504EPSS
Exploits0References2
NVD
NVD
•added 2008/11/04 12:57 a.m.•51 views

CVE-2008-4889

SQL injection vulnerability in index.php in deV!L'z Clanportal DZCP 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action...

7.5CVSS8.3AI score0.01189EPSS
Exploits1References7
NVD
NVD
•added 2007/09/14 12:17 a.m.•51 views

CVE-2007-1688

Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property...

9.3CVSS7.9AI score0.06506EPSS
Exploits0References6
NVD
NVD
•added 2007/03/03 7:19 p.m.•51 views

CVE-2007-1240

Multiple cross-site scripting XSS vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the searchkey parameter to index.php, or the 2 sn or 3 ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information ...

4.3CVSS5.7AI score0.03022EPSS
Exploits1References5
Total number of security vulnerabilities5000