Lucene search
K
NvdMost viewed

363677 matches found

NVD
NVD
added 2024/09/20 12:15 a.m.50 views

CVE-2024-45807

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

7.5CVSS0.00495EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 9:15 a.m.50 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
NVD
NVD
added 2024/09/11 2:15 p.m.50 views

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

8.1CVSS0.00407EPSS
Exploits0References4
NVD
NVD
added 2024/09/10 5:15 p.m.50 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability...

5.4CVSS0.09835EPSS
Exploits1References3
NVD
NVD
added 2024/09/03 10:15 a.m.50 views

CVE-2024-3655

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects...

7.8CVSS0.00166EPSS
Exploits0References1
NVD
NVD
added 2024/08/27 6:15 p.m.50 views

CVE-2024-43414

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner =2.0.0 and =2.0.0 and 2.8.5 and Apollo Router 1.52.1...

7.5CVSS0.00988EPSS
Exploits1References3
NVD
NVD
added 2024/08/23 7:15 a.m.50 views

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7...

9.8CVSS0.15593EPSS
Exploits0References2
NVD
NVD
added 2024/07/26 5:15 a.m.50 views

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible...

9.8CVSS0.934EPSS
Exploits4References4
NVD
NVD
added 2024/07/10 7:15 p.m.50 views

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 5:15 p.m.50 views

CVE-2024-38095

.NET and Visual Studio Denial of Service Vulnerability...

7.5CVSS0.02719EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.50 views

CVE-2024-38074

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability...

9.8CVSS0.02211EPSS
Exploits0References1
NVD
NVD
added 2024/07/04 9:15 a.m.50 views

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

6.2CVSS0.00889EPSS
Exploits0References4
NVD
NVD
added 2024/07/02 11:15 a.m.50 views

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

5.3CVSS0.0062EPSS
Exploits0References4
NVD
NVD
added 2024/06/26 5:15 a.m.50 views

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

7.3CVSS0.00248EPSS
Exploits0References5
NVD
NVD
added 2024/06/11 10:15 p.m.50 views

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

9.6CVSS0.00442EPSS
Exploits0References4
NVD
NVD
added 2024/06/09 11:15 p.m.50 views

CVE-2024-5389

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

8.1CVSS0.00431EPSS
Exploits1References1
NVD
NVD
added 2024/04/25 4:15 p.m.50 views

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.6AI score0.00711EPSS
Exploits0References7
NVD
NVD
added 2024/03/29 4:15 p.m.50 views

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

7.5CVSS7.5AI score0.00633EPSS
Exploits0References2
NVD
NVD
added 2024/03/28 2:15 p.m.50 views

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
NVD
NVD
added 2024/03/15 8:15 p.m.50 views

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

8.8CVSS9.4AI score0.07888EPSS
Exploits0References4
NVD
NVD
added 2024/03/07 5:15 a.m.50 views

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

9.8CVSS7.8AI score0.01199EPSS
Exploits0References1
NVD
NVD
added 2024/03/07 1:15 a.m.50 views

CVE-2024-22857

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlogrulenew.The size of recordname is MAXLENPATH1024 + 1 but filepath may have data upto MAXLENCFGLINEMAXLENPATH4 + 1. So a check was missing in zlogrulenew while copying the recordname from filepath + 1 which caused the buffer overflow. An...

9.8CVSS7.7AI score0.01699EPSS
Exploits0References5
NVD
NVD
added 2024/03/01 1:15 p.m.50 views

CVE-2023-48674

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function...

6.8CVSS6.5AI score0.00493EPSS
Exploits0References1
NVD
NVD
added 2024/02/20 10:15 a.m.50 views

CVE-2023-49109

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue...

9.8CVSS7AI score0.02301EPSS
Exploits0References4
NVD
NVD
added 2024/02/09 8:15 a.m.50 views

CVE-2024-23749

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls at lines 2369-2390. This allows an attacker to add inputs inside the...

7.8CVSS8.1AI score0.04692EPSS
Exploits5References4
NVD
NVD
added 2024/02/09 7:15 a.m.50 views

CVE-2023-31506

A cross-site scripting XSS vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element...

5.4CVSS5.2AI score0.00996EPSS
Exploits1References1
NVD
NVD
added 2024/02/07 3:15 p.m.50 views

CVE-2024-25145

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...

9.6CVSS7.5AI score0.00563EPSS
Exploits0References1
NVD
NVD
added 2024/02/02 5:15 a.m.50 views

CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

6.5CVSS6AI score0.01475EPSS
Exploits1References9
NVD
NVD
added 2023/12/28 10:15 p.m.50 views

CVE-2023-7137

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been...

8.8CVSS0.17026EPSS
Exploits4References3
NVD
NVD
added 2023/12/07 3:15 p.m.50 views

CVE-2023-49426

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg...

9.8CVSS0.00925EPSS
Exploits1References1
NVD
NVD
added 2023/12/05 3:15 a.m.50 views

CVE-2023-42580

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

9.8CVSS0.00968EPSS
Exploits0References1
NVD
NVD
added 2023/11/28 4:15 p.m.50 views

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS0.8581EPSS
Exploits2References5
NVD
NVD
added 2023/11/21 11:15 p.m.50 views

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS0.007EPSS
Exploits0References3
NVD
NVD
added 2023/11/06 6:15 p.m.50 views

CVE-2023-45827

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...

9.8CVSS8.1AI score0.01172EPSS
Exploits1References2
NVD
NVD
added 2023/10/25 6:17 p.m.50 views

CVE-2023-37910

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document can be the use...

8.1CVSS8.1AI score0.00573EPSS
Exploits1References3
NVD
NVD
added 2023/10/19 9:15 p.m.50 views

CVE-2023-45821

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

6.3CVSS5.8AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2023/10/18 6:15 a.m.50 views

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

7.5CVSS7.3AI score0.00887EPSS
Exploits1References2
NVD
NVD
added 2023/10/12 5:15 p.m.50 views

CVE-2023-45138

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...

10CVSS10AI score0.71159EPSS
Exploits0References3
NVD
NVD
added 2023/10/12 1:15 p.m.50 views

CVE-2023-45068

Cross-Site Request Forgery CSRF vulnerability in Supsystic Contact Form by Supsystic plugin = 1.7.27 versions...

8.8CVSS6.5AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/09/29 2:15 p.m.50 views

CVE-2023-5289

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4...

8.8CVSS7.4AI score0.00646EPSS
Exploits1References2
NVD
NVD
added 2023/09/27 3:19 p.m.50 views

CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

9.8CVSS7.6AI score0.00899EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 1:15 a.m.50 views

CVE-2023-25530

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure...

9.8CVSS8.4AI score0.00746EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 8:15 p.m.50 views

CVE-2023-4278

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

7.5CVSS7.4AI score0.03495EPSS
Exploits6References2
NVD
NVD
added 2023/08/22 7:16 p.m.50 views

CVE-2022-37052

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject...

6.5CVSS6.3AI score0.00902EPSS
Exploits1References3
NVD
NVD
added 2023/08/22 7:16 p.m.50 views

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

6.7CVSS7AI score0.0052EPSS
Exploits1References3
NVD
NVD
added 2023/08/16 10:15 p.m.50 views

CVE-2023-38894

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

9.8CVSS9.6AI score0.01683EPSS
Exploits1References3
NVD
NVD
added 2023/08/10 4:15 p.m.50 views

CVE-2023-39957

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android versi...

7.8CVSS7.1AI score0.00328EPSS
Exploits0References3
NVD
NVD
added 2023/08/08 3:15 p.m.50 views

CVE-2023-36306

A Cross Site Scripting XSS vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components...

6.1CVSS6AI score0.03771EPSS
Exploits4References1
NVD
NVD
added 2023/08/08 11:15 a.m.50 views

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

9CVSS8.2AI score0.00868EPSS
Exploits2References3
NVD
NVD
added 2023/08/04 9:15 p.m.50 views

CVE-2023-39346

LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of...

9.8CVSS9.2AI score0.00927EPSS
Exploits0References4
Total number of security vulnerabilities5000