Lucene search
K
NvdMost viewed

363386 matches found

NVD
NVD
added 2024/08/15 10:15 p.m.81 views

CVE-2024-34736

In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00085EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.80 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 5:16 p.m.80 views

CVE-2026-26274

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 3:16 p.m.80 views

CVE-2022-49921

In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in redenqueue We can't use "skb" again after passing it to qdiscenqueue. This is basically identical to commit 2f09707d0c97 "schsfb: Also store skb len before calling child enqueue"...

7.8CVSS0.00159EPSS
Exploits0References8
NVD
NVD
added 2024/12/12 8:15 p.m.80 views

CVE-2024-55878

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

6.8CVSS0.00444EPSS
Exploits0References2
NVD
NVD
added 2024/02/02 2:15 a.m.80 views

CVE-2023-46344

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting XSS vulnerability in the switch group function under /ilang=DE&b=csmartenergyswgroups in the web...

5.4CVSS5.7AI score0.00557EPSS
Exploits4References3
NVD
NVD
added 2024/01/08 4:15 p.m.80 views

CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...

10CVSS9.9AI score0.9348EPSS
Exploits1References3
NVD
NVD
added 2023/02/14 8:15 p.m.80 views

CVE-2023-22629

An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem...

8.8CVSS8.6AI score0.12322EPSS
Exploits4References4
NVD
NVD
added 2022/12/05 4:15 a.m.80 views

CVE-2022-43484

TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...

7.8CVSS0.00407EPSS
Exploits1References3
NVD
NVD
added 2025/09/03 9:15 a.m.79 views

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

8.8CVSS0.00461EPSS
Exploits0References2
NVD
NVD
added 2024/05/17 12:15 p.m.79 views

CVE-2024-5043

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

8.8CVSS4.7AI score0.00624EPSS
Exploits1References4
NVD
NVD
added 2024/02/07 3:15 p.m.79 views

CVE-2024-24811

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

9.8CVSS9.8AI score0.00881EPSS
Exploits0References2
NVD
NVD
added 2022/07/20 5:15 p.m.79 views

CVE-2022-33317

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric...

7.8CVSS0.00311EPSS
Exploits0References3
NVD
NVD
added 2021/07/26 7:15 a.m.79 views

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

7.5CVSS0.00793EPSS
Exploits0References1
NVD
NVD
added 2020/08/24 8:15 a.m.79 views

CVE-2020-13101

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

7.5CVSS7.5AI score0.00733EPSS
Exploits0References3
NVD
NVD
added 2020/06/29 5:15 p.m.79 views

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...

6.1CVSS0.03442EPSS
Exploits0References1
NVD
NVD
added 2019/08/26 5:15 p.m.79 views

CVE-2019-15558

XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java...

9.8CVSS9.7AI score0.01421EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:17 p.m.78 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS0.0035EPSS
Exploits1References1
NVD
NVD
added 2024/06/21 12:15 p.m.78 views

CVE-2024-36481

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

5.5CVSS0.00211EPSS
Exploits0References3
NVD
NVD
added 2023/07/05 1:15 p.m.78 views

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

7.5CVSS8.3AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2022/05/17 6:15 p.m.78 views

CVE-2022-24611

Denial of Service DoS in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs...

6.5CVSS0.00716EPSS
Exploits0References2
NVD
NVD
added 2021/11/17 6:15 p.m.78 views

CVE-2021-42362

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...

8.8CVSS0.79823EPSS
Exploits5References6
NVD
NVD
added 2021/09/17 11:15 a.m.78 views

CVE-2021-39327

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...

5.3CVSS0.7233EPSS
Exploits7References5
NVD
NVD
added 2019/10/24 5:15 p.m.78 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6AI score0.01536EPSS
Exploits6References6
NVD
NVD
added 2019/10/04 6:15 p.m.78 views

CVE-2019-13318

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

5.5CVSS5.5AI score0.05834EPSS
Exploits0References2
NVD
NVD
added 2025/05/20 6:15 p.m.77 views

CVE-2025-47277

vLLM, an inference and serving engine for large language models LLMs, has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of...

9.8CVSS0.00959EPSS
Exploits1References4
NVD
NVD
added 2025/01/14 2:15 p.m.77 views

CVE-2024-48884

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0...

9.1CVSS0.14944EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 7:15 p.m.77 views

CVE-2024-50014

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static...

5.5CVSS0.00221EPSS
Exploits0References5
NVD
NVD
added 2023/10/20 12:15 a.m.77 views

CVE-2023-46115

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...

8.4CVSS8.5AI score0.00192EPSS
Exploits0References2
NVD
NVD
added 2023/08/04 5:15 p.m.77 views

CVE-2023-38689

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

9.8CVSS8.8AI score0.01211EPSS
Exploits0References3
NVD
NVD
added 2023/07/20 3:15 p.m.77 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5.3CVSS6.4AI score0.62606EPSS
Exploits0References11
NVD
NVD
added 2023/02/13 5:15 p.m.77 views

CVE-2023-24804

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

5CVSS5.1AI score0.00524EPSS
Exploits1References3
NVD
NVD
added 2022/08/26 4:15 p.m.77 views

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS0.01287EPSS
Exploits0References6
NVD
NVD
added 2025/03/09 1:15 p.m.76 views

CVE-2025-27636

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS an...

5.6CVSS0.79817EPSS
Exploits3References6
NVD
NVD
added 2024/11/01 2:15 a.m.76 views

CVE-2024-10610

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

8.8CVSS0.00508EPSS
Exploits1References4
NVD
NVD
added 2024/08/13 4:15 p.m.76 views

CVE-2024-36505

An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system via another hypothetical exploit to bypass the file integrity...

5.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 5:15 p.m.76 views

CVE-2024-42366

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

9CVSS0.00743EPSS
Exploits0References2
NVD
NVD
added 2024/08/06 11:16 a.m.76 views

CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

6.3CVSS0.00224EPSS
Exploits1References1
NVD
NVD
added 2024/07/01 4:15 p.m.76 views

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration unauthenticated,...

7.5CVSS0.08495EPSS
Exploits1References2
NVD
NVD
added 2024/06/11 5:15 p.m.76 views

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability...

8.8CVSS0.03446EPSS
Exploits0References1
NVD
NVD
added 2024/01/23 12:15 a.m.76 views

CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS7.4AI score0.00977EPSS
Exploits1References4
NVD
NVD
added 2024/01/13 10:15 p.m.76 views

CVE-2024-0505

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

9.8CVSS6.7AI score0.0078EPSS
Exploits1References3
NVD
NVD
added 2023/12/09 1:15 a.m.76 views

CVE-2023-49797

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

8.8CVSS0.00324EPSS
Exploits0References5
NVD
NVD
added 2023/09/08 3:15 a.m.76 views

CVE-2023-37368

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exyno...

7.5CVSS6.2AI score0.00461EPSS
Exploits0References1
NVD
NVD
added 2023/07/17 9:15 p.m.76 views

CVE-2023-37266

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS0.05871EPSS
Exploits1References3
NVD
NVD
added 2023/07/10 4:15 p.m.76 views

CVE-2023-3219

The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...

5.3CVSS5.3AI score0.06116EPSS
Exploits5References2
NVD
NVD
added 2023/03/28 8:15 p.m.76 views

CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

8.3CVSS8.4AI score0.00649EPSS
Exploits1References1
NVD
NVD
added 2023/02/28 5:15 p.m.76 views

CVE-2022-20455

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

5.5CVSS5.4AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2023/02/26 8:15 p.m.76 views

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

9.8CVSS10AI score0.17399EPSS
Exploits6References3
NVD
NVD
added 2022/05/11 6:15 p.m.76 views

CVE-2022-30059

Shopwind =v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php...

6.5CVSS0.01121EPSS
Exploits1References1
Total number of security vulnerabilities5000