Lucene search
K
NvdMost viewed

364407 matches found

NVD
NVD
added 2025/01/24 7:15 p.m.51 views

CVE-2024-52807

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from...

8.6CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 8:15 p.m.51 views

CVE-2024-55945

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

6.5CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 3:15 p.m.51 views

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.01457EPSS
Exploits1References2
NVD
NVD
added 2025/01/07 11:15 a.m.51 views

CVE-2024-56275

Server-Side Request Forgery SSRF vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14...

4.1CVSS0.00377EPSS
Exploits0References1
NVD
NVD
added 2024/12/24 12:15 p.m.51 views

CVE-2024-53162

In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat4xxx - fix off by one in uofgetname The fwobjs array has "numobjs" elements so the needs to be = to prevent an out of bounds read...

7.1CVSS0.00252EPSS
Exploits0References4
NVD
NVD
added 2024/12/20 2:15 a.m.51 views

CVE-2020-9250

There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. Vulnerability ID: HWPSIRT-2019-12302 Th...

3.3CVSS0.00118EPSS
Exploits1References1
NVD
NVD
added 2024/12/11 1:15 p.m.51 views

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system...

6.5CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 p.m.51 views

CVE-2023-23814

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13...

3.8CVSS0.00458EPSS
Exploits0References1
NVD
NVD
added 2024/12/05 4:15 p.m.51 views

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

7.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 3:15 p.m.51 views

CVE-2024-10905

IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected...

10CVSS0.00954EPSS
Exploits0References1
NVD
NVD
added 2024/11/25 6:15 a.m.51 views

CVE-2024-7056

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00455EPSS
Exploits1References1
NVD
NVD
added 2024/11/23 10:15 a.m.51 views

CVE-2024-11227

The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberliteaccordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0046EPSS
Exploits0References4
NVD
NVD
added 2024/11/20 3:15 p.m.51 views

CVE-2024-10094

Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code...

9.8CVSS0.00463EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 4:15 p.m.51 views

CVE-2024-50351

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...

5.4CVSS0.00387EPSS
Exploits1References2
NVD
NVD
added 2024/10/01 9:15 p.m.51 views

CVE-2024-47527

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to t...

7.5CVSS0.00497EPSS
Exploits1References2
NVD
NVD
added 2024/09/26 6:15 p.m.51 views

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation...

6.5CVSS0.00095EPSS
Exploits0References1
NVD
NVD
added 2024/09/26 4:15 p.m.51 views

CVE-2024-46632

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function...

4.3CVSS0.00468EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 8:15 p.m.51 views

CVE-2024-45607

whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature...

5.8CVSS0.14121EPSS
Exploits0References3
NVD
NVD
added 2024/09/10 5:15 p.m.51 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability...

5.4CVSS0.09756EPSS
Exploits1References3
NVD
NVD
added 2024/09/10 3:15 p.m.51 views

CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

5CVSS0.00511EPSS
Exploits0References3
NVD
NVD
added 2024/08/23 7:15 a.m.51 views

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7...

9.8CVSS0.15593EPSS
Exploits0References2
NVD
NVD
added 2024/08/01 9:15 p.m.51 views

CVE-2024-39630

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13...

5.5CVSS0.00298EPSS
Exploits0References1
NVD
NVD
added 2024/07/23 3:15 p.m.51 views

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

7.5CVSS0.00766EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 8:15 a.m.51 views

CVE-2024-39877

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a docmd parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to...

8.8CVSS0.01726EPSS
Exploits0References3
NVD
NVD
added 2024/07/16 5:15 p.m.51 views

CVE-2024-6325

The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by...

6.5CVSS0.00304EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 5:15 a.m.51 views

CVE-2024-21513

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...

8.5CVSS0.01864EPSS
Exploits1References3
NVD
NVD
added 2024/07/11 4:15 p.m.51 views

CVE-2024-39317

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

6.5CVSS0.0061EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 8:15 a.m.51 views

CVE-2024-37555

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.This issue affects Generate PDF using Contact Form 7: from n/a through = 4.1.2...

9.8CVSS0.006EPSS
Exploits0References2
NVD
NVD
added 2024/07/05 7:15 p.m.51 views

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

7.5CVSS0.01049EPSS
Exploits0References4
NVD
NVD
added 2024/07/05 6:15 p.m.51 views

CVE-2024-39687

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...

7.2CVSS0.006EPSS
Exploits0References3
NVD
NVD
added 2024/07/03 8:15 p.m.51 views

CVE-2024-39683

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

6.5CVSS0.00609EPSS
Exploits0References10
NVD
NVD
added 2024/07/01 3:15 p.m.51 views

CVE-2024-23380

Memory corruption while handling user packets during VBO bind operation...

8.4CVSS0.00154EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 3:15 a.m.51 views

CVE-2024-23147

A maliciously crafted CATPART, XB and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the...

7.8CVSS0.00427EPSS
Exploits0References1
NVD
NVD
added 2024/06/20 11:15 p.m.51 views

CVE-2024-38361

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...

5.3CVSS0.00396EPSS
Exploits1References2
NVD
NVD
added 2024/06/11 5:15 p.m.51 views

CVE-2024-30087

Win32k Elevation of Privilege Vulnerability...

7.8CVSS0.09505EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 3:15 a.m.51 views

CVE-2024-34688

Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availabilit...

7.5CVSS0.00541EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 4:15 p.m.51 views

CVE-2024-37156

The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...

6.1CVSS0.00292EPSS
Exploits0References2
NVD
NVD
added 2024/05/27 6:15 p.m.51 views

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

5.3CVSS5.3AI score0.0053EPSS
Exploits0References3
NVD
NVD
added 2024/05/21 4:15 p.m.51 views

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

7.8CVSS6.5AI score0.00246EPSS
Exploits0References8
NVD
NVD
added 2024/05/14 5:17 p.m.51 views

CVE-2024-30054

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability...

6.5CVSS6.1AI score0.01748EPSS
Exploits0References1
NVD
NVD
added 2024/05/08 9:15 a.m.51 views

CVE-2024-4438

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS8.2AI score0.00791EPSS
Exploits19References5
NVD
NVD
added 2024/05/07 11:15 p.m.51 views

CVE-2023-35749

D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00605EPSS
Exploits0References2
NVD
NVD
added 2024/05/03 2:15 a.m.51 views

CVE-2023-32154

Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS7.9AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 5:15 p.m.51 views

CVE-2024-3215

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder function. Th...

5.3CVSS4.9AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2024/04/17 9:15 p.m.51 views

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

6.1CVSS5.6AI score0.00435EPSS
Exploits1References1
NVD
NVD
added 2024/03/30 5:15 a.m.51 views

CVE-2024-2047

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...

8.8CVSS8.9AI score0.01482EPSS
Exploits0References3
NVD
NVD
added 2024/03/20 10:15 p.m.51 views

CVE-2024-24050

Cross Site Scripting XSS vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php...

4.7CVSS5.9AI score0.00443EPSS
Exploits4References1
NVD
NVD
added 2024/03/15 8:15 p.m.51 views

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS9.4AI score0.07888EPSS
Exploits0References4
NVD
NVD
added 2024/02/29 3:15 p.m.51 views

CVE-2023-52485

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command Why We can hang in place trying to send commands when the DMCUB isn't powered on. How For functions that execute within a DC context or DC lock we can wrap the direct calls to...

5.5CVSS7AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2024/02/29 1:44 a.m.51 views

CVE-2024-26132

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

4CVSS4AI score0.00387EPSS
Exploits0References3
Total number of security vulnerabilities5000