Lucene search
K
NvdMost viewed

364155 matches found

NVD
NVD
added 2026/05/13 4:16 p.m.51 views

CVE-2026-43488

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error HCE The xHCI controller reports a Host Controller Error HCE in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhciirq function and causes...

5.5CVSS0.00114EPSS
Exploits0References5
NVD
NVD
added 2026/05/12 10:16 a.m.51 views

CVE-2026-25786

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

9.3CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 8:16 p.m.51 views

CVE-2026-44694

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

9.1CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 12:16 p.m.51 views

CVE-2026-43282

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionicqueryport The function ionicqueryport calls ibdevicegetnetdev without checking the return value which could lead to NULL pointer dereference, Fix it by checking the retur...

5.5CVSS0.00112EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.51 views

CVE-2026-42435

OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...

8.8CVSS0.00407EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 1:16 a.m.51 views

CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

7.5CVSS0.0018EPSS
Exploits0References5
NVD
NVD
added 2026/05/01 3:16 p.m.51 views

CVE-2026-43042

In the Linux kernel, the following vulnerability has been resolved: mpls: add seqcount to protect the platformlabel,s pair The RCU-protected codepaths mplsforward, mplsdumproutes can have an inconsistent view of platformlabels vs platformlabel in case of a concurrent resize...

7.1CVSS0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/02/25 3:16 a.m.51 views

CVE-2026-27629

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

8.8CVSS0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/01/29 3:16 p.m.51 views

CVE-2020-37001

Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler SEH and uses ...

8.4CVSS0.00147EPSS
Exploits0References3
NVD
NVD
added 2025/12/24 11:15 a.m.51 views

CVE-2025-68350

In the Linux kernel, the following vulnerability has been resolved: exfat: fix divide-by-zero in exfatallocatebitmap The variable maxracount can be 0 in exfatallocatebitmap, which causes a divide-by-zero error in the subsequent modulo operation i % maxracount, leading to a system crash. When...

0.00156EPSS
Exploits0References2
NVD
NVD
added 2025/11/14 9:15 p.m.51 views

CVE-2025-63745

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

5.5CVSS0.0013EPSS
Exploits0References4
NVD
NVD
added 2025/09/09 11:15 p.m.51 views

CVE-2025-59042

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

7CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2025/09/04 7:15 p.m.51 views

CVE-2025-48548

In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

7.3CVSS0.00097EPSS
Exploits0References6
NVD
NVD
added 2025/08/20 2:15 p.m.51 views

CVE-2025-32010

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability...

9.8CVSS0.00641EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 6:15 p.m.51 views

CVE-2025-23296

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS0.00568EPSS
Exploits0References3
NVD
NVD
added 2025/07/03 9:15 a.m.51 views

CVE-2025-38140

In the Linux kernel, the following vulnerability has been resolved: dm: limit swapping tables for devices with zone write plugs dmrevalidatezones only allowed new or previously unzoned devices to call blkrevalidatediskzones. If the device was already zoned, disk-nrzones would always equal...

5.5CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 2025/06/05 8:15 p.m.51 views

CVE-2025-5680

A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script...

8.8CVSS0.00433EPSS
Exploits1References4
NVD
NVD
added 2025/05/19 7:15 p.m.51 views

CVE-2025-47577

Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through = 2.9.2...

10CVSS0.05128EPSS
Exploits2References1
NVD
NVD
added 2025/05/14 9:15 p.m.51 views

CVE-2025-47885

Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...

8.8CVSS0.00495EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 8:15 p.m.51 views

CVE-2025-46812

Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the...

5.1CVSS0.00602EPSS
Exploits0References2
NVD
NVD
added 2025/05/05 8:15 p.m.51 views

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes th...

9.1CVSS0.00545EPSS
Exploits1References3
NVD
NVD
added 2025/05/04 10:15 p.m.51 views

CVE-2025-4251

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

9.8CVSS0.00612EPSS
Exploits1References4
NVD
NVD
added 2025/04/30 1:15 a.m.51 views

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ on multi-node vLLM deployment. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-no...

7.5CVSS0.00505EPSS
Exploits1References3
NVD
NVD
added 2025/04/27 8:15 a.m.51 views

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

5.4CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 2025/04/21 2:15 p.m.51 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS0.00209EPSS
Exploits1References1
NVD
NVD
added 2025/04/16 1:15 p.m.51 views

CVE-2025-39599

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Webilia Inc. Listdom listdom allows Phishing.This issue affects Listdom: from n/a through = 4.0.0...

4.7CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 6:15 a.m.51 views

CVE-2024-6860

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack...

4.3CVSS0.00179EPSS
Exploits1References1
NVD
NVD
added 2025/03/22 5:15 p.m.51 views

CVE-2025-2621

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function checkdwscookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

10CVSS0.01912EPSS
Exploits1References5
NVD
NVD
added 2025/03/03 2:15 p.m.51 views

CVE-2025-23738

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Padam Shankhadev Ps Ads Pro ps-ads-pro allows Reflected XSS.This issue affects Ps Ads Pro: from n/a through = 1.0.0...

7.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 4:15 p.m.51 views

CVE-2024-11343

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, unzipping an archive can lead to arbitrary file system access...

8.8CVSS0.0062EPSS
Exploits0References1
NVD
NVD
added 2025/01/24 7:15 p.m.51 views

CVE-2024-52807

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...

8.6CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 8:15 p.m.51 views

CVE-2024-55945

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

6.5CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 3:15 p.m.51 views

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.01457EPSS
Exploits1References2
NVD
NVD
added 2025/01/07 11:15 a.m.51 views

CVE-2024-56275

Server-Side Request Forgery SSRF vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14...

4.1CVSS0.00377EPSS
Exploits0References1
NVD
NVD
added 2024/12/24 12:15 p.m.51 views

CVE-2024-53162

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat4xxx - fix off by one in uofgetname The fwobjs array has "numobjs" elements so the needs to be = to prevent an out of bounds read...

7.1CVSS0.00252EPSS
Exploits0References4
NVD
NVD
added 2024/12/20 2:15 a.m.51 views

CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

3.3CVSS0.00118EPSS
Exploits1References1
NVD
NVD
added 2024/12/11 1:15 p.m.51 views

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system...

6.5CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 p.m.51 views

CVE-2023-23814

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13...

3.8CVSS0.00458EPSS
Exploits0References1
NVD
NVD
added 2024/12/05 4:15 p.m.51 views

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

7.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 3:15 p.m.51 views

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS0.00954EPSS
Exploits0References1
NVD
NVD
added 2024/11/25 6:15 a.m.51 views

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00455EPSS
Exploits1References1
NVD
NVD
added 2024/11/23 10:15 a.m.51 views

CVE-2024-11227

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberliteaccordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0046EPSS
Exploits0References4
NVD
NVD
added 2024/11/20 3:15 p.m.51 views

CVE-2024-10094

Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code...

9.8CVSS0.00463EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 4:15 p.m.51 views

CVE-2024-50351

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...

5.4CVSS0.00387EPSS
Exploits1References2
NVD
NVD
added 2024/11/14 11:15 a.m.51 views

CVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS0.04841EPSS
Exploits3References3
NVD
NVD
added 2024/09/26 6:15 p.m.51 views

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation...

6.5CVSS0.00095EPSS
Exploits0References1
NVD
NVD
added 2024/09/26 4:15 p.m.51 views

CVE-2024-46632

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...

4.3CVSS0.00468EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 8:15 p.m.51 views

CVE-2024-45607

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature...

5.8CVSS0.14121EPSS
Exploits0References3
NVD
NVD
added 2024/09/10 5:15 p.m.51 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability...

5.4CVSS0.09835EPSS
Exploits1References3
NVD
NVD
added 2024/09/10 3:15 p.m.51 views

CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

5CVSS0.00511EPSS
Exploits0References3
Total number of security vulnerabilities5000