Lucene search
K
NvdMost viewed

363650 matches found

NVD
NVD
added 2025/04/28 3:15 p.m.50 views

CVE-2025-4025

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploi...

9.8CVSS0.00432EPSS
Exploits1References5
NVD
NVD
added 2025/04/21 4:15 p.m.50 views

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

9.3CVSS0.00768EPSS
Exploits0References5
NVD
NVD
added 2025/04/18 4:15 p.m.50 views

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to...

7.5CVSS0.00543EPSS
Exploits1References3
NVD
NVD
added 2025/04/17 6:15 a.m.50 views

CVE-2025-1523

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00219EPSS
Exploits1References1
NVD
NVD
added 2025/04/16 1:15 p.m.50 views

CVE-2025-39599

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Webilia Inc. Listdom listdom allows Phishing.This issue affects Listdom: from n/a through = 4.0.0...

4.7CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2025/04/11 6:15 p.m.50 views

CVE-2025-0123

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/...

5.9CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2025/04/10 12:15 p.m.50 views

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

9.1CVSS0.00449EPSS
Exploits0References1
NVD
NVD
added 2025/04/06 8:15 p.m.50 views

CVE-2025-32013

LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery SSRF vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request ...

9.3CVSS0.00604EPSS
Exploits2References1
NVD
NVD
added 2025/03/27 2:15 p.m.50 views

CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

6.1CVSS0.00324EPSS
Exploits1References4
NVD
NVD
added 2025/03/24 4:15 p.m.50 views

CVE-2021-26105

A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

8.8CVSS0.0047EPSS
Exploits0References1
NVD
NVD
added 2025/03/03 4:15 a.m.50 views

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

9.8CVSS0.24349EPSS
Exploits1References2
NVD
NVD
added 2025/02/24 9:15 p.m.50 views

CVE-2025-26533

An SQL injection risk was identified in the module list filter within course search...

9.8CVSS0.00435EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 7:15 p.m.50 views

CVE-2025-23369

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This...

8.8CVSS0.01552EPSS
Exploits1References4
NVD
NVD
added 2025/01/16 11:15 p.m.50 views

CVE-2025-23200

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: ajaxform.php - param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...

5.4CVSS0.30854EPSS
Exploits1References1
NVD
NVD
added 2025/01/14 8:15 p.m.50 views

CVE-2024-55894

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

5.4CVSS0.00235EPSS
Exploits0References5
NVD
NVD
added 2025/01/14 3:15 p.m.50 views

CVE-2024-39793

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.01457EPSS
Exploits1References2
NVD
NVD
added 2025/01/07 11:15 a.m.50 views

CVE-2024-56275

Server-Side Request Forgery SSRF vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14...

4.1CVSS0.00377EPSS
Exploits0References1
NVD
NVD
added 2025/01/05 3:15 p.m.50 views

CVE-2025-0221

A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached...

6.8CVSS0.00349EPSS
Exploits1References4
NVD
NVD
added 2025/01/03 4:15 p.m.50 views

CVE-2024-56408

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...

8.3CVSS0.00395EPSS
Exploits1References5
NVD
NVD
added 2024/12/04 6:15 p.m.50 views

CVE-2024-12148

Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints...

4.3CVSS0.00357EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 4:15 p.m.50 views

CVE-2024-50351

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting XSS vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code wh...

5.4CVSS0.00387EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 7:15 p.m.50 views

CVE-2024-46994

baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in Blog posts and Contents list Feature. Version 5.1.2 fixes this issue...

5.4CVSS0.0028EPSS
Exploits0References2
NVD
NVD
added 2024/10/15 9:15 p.m.50 views

CVE-2024-44775

kmqtt v0.2.7 is vulnerable to Denial of Service DoS due to a Null Pointer Exception. A remote attacker can cause the broker to crash by sending a specially crafted MQTT CONNECT packet that triggers an unhandled null reference, leading to an immediate process termination...

7.5CVSS0.00507EPSS
Exploits0References1
NVD
NVD
added 2024/10/09 5:15 p.m.50 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

4.3CVSS0.00304EPSS
Exploits0References3
NVD
NVD
added 2024/10/02 5:15 p.m.50 views

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS0.0115EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 9:15 p.m.50 views

CVE-2024-47527

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to t...

7.5CVSS0.0049EPSS
Exploits1References2
NVD
NVD
added 2024/09/27 6:15 p.m.50 views

CVE-2024-46257

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5...

6.3CVSS0.03084EPSS
Exploits3References4
NVD
NVD
added 2024/09/20 12:15 a.m.50 views

CVE-2024-45807

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

7.5CVSS0.00495EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 9:15 a.m.50 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
NVD
NVD
added 2024/09/11 2:15 p.m.50 views

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

8.1CVSS0.00407EPSS
Exploits0References4
NVD
NVD
added 2024/09/03 10:15 a.m.50 views

CVE-2024-3655

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...

7.8CVSS0.00166EPSS
Exploits0References1
NVD
NVD
added 2024/08/27 6:15 p.m.50 views

CVE-2024-43414

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...

7.5CVSS0.00988EPSS
Exploits1References3
NVD
NVD
added 2024/08/23 7:15 a.m.50 views

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7...

9.8CVSS0.15593EPSS
Exploits0References2
NVD
NVD
added 2024/07/26 5:15 a.m.50 views

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible...

9.8CVSS0.934EPSS
Exploits4References4
NVD
NVD
added 2024/07/10 7:15 p.m.50 views

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 5:15 p.m.50 views

CVE-2024-38074

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability...

9.8CVSS0.02211EPSS
Exploits0References1
NVD
NVD
added 2024/07/04 9:15 a.m.50 views

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

6.2CVSS0.00889EPSS
Exploits0References4
NVD
NVD
added 2024/07/02 11:15 a.m.50 views

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

5.3CVSS0.0062EPSS
Exploits0References4
NVD
NVD
added 2024/06/11 10:15 p.m.50 views

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

9.6CVSS0.00442EPSS
Exploits0References4
NVD
NVD
added 2024/06/09 11:15 p.m.50 views

CVE-2024-5389

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

8.1CVSS0.00431EPSS
Exploits1References1
NVD
NVD
added 2024/06/06 3:15 p.m.50 views

CVE-2024-36106

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. Thi...

4.3CVSS4.3AI score0.00408EPSS
Exploits0References2
NVD
NVD
added 2024/04/25 4:15 p.m.50 views

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.6AI score0.00711EPSS
Exploits0References7
NVD
NVD
added 2024/03/29 4:15 p.m.50 views

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

7.5CVSS7.5AI score0.00633EPSS
Exploits0References2
NVD
NVD
added 2024/03/28 2:15 p.m.50 views

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
NVD
NVD
added 2024/03/15 8:15 p.m.50 views

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS9.4AI score0.07888EPSS
Exploits0References4
NVD
NVD
added 2024/03/07 5:15 a.m.50 views

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

9.8CVSS7.8AI score0.01199EPSS
Exploits0References1
NVD
NVD
added 2024/03/07 1:15 a.m.50 views

CVE-2024-22857

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlogrulenew.The size of recordname is MAXLENPATH1024 + 1 but filepath may have data upto MAXLENCFGLINEMAXLENPATH4 + 1. So a check was missing in zlogrulenew while copying the recordname from filepath + 1 which caused the buffer overflow. An...

9.8CVSS7.7AI score0.01699EPSS
Exploits0References5
NVD
NVD
added 2024/03/01 1:15 p.m.50 views

CVE-2023-48674

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function...

6.8CVSS6.5AI score0.00493EPSS
Exploits0References1
NVD
NVD
added 2024/02/20 10:15 a.m.50 views

CVE-2023-49109

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue...

9.8CVSS7AI score0.02301EPSS
Exploits0References4
NVD
NVD
added 2024/02/09 8:15 a.m.50 views

CVE-2024-23749

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls at lines 2369-2390. This allows an attacker to add inputs inside the...

7.8CVSS8.1AI score0.04692EPSS
Exploits5References4
Total number of security vulnerabilities5000