Lucene search
K
NvdMost viewed

363365 matches found

NVD
NVD
•added 2024/11/20 9:15 p.m.•79 views

CVE-2024-52581

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS0.00756EPSS
Exploits1References4
NVD
NVD
•added 2024/05/17 12:15 p.m.•79 views

CVE-2024-5043

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be...

8.8CVSS4.7AI score0.00624EPSS
Exploits1References4
NVD
NVD
•added 2022/07/20 5:15 p.m.•79 views

CVE-2022-33317

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric...

7.8CVSS0.00311EPSS
Exploits0References3
NVD
NVD
•added 2021/07/26 7:15 a.m.•79 views

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

7.5CVSS0.00793EPSS
Exploits0References1
NVD
NVD
•added 2020/08/24 8:15 a.m.•79 views

CVE-2020-13101

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

7.5CVSS7.5AI score0.00733EPSS
Exploits0References3
NVD
NVD
•added 2019/08/26 5:15 p.m.•79 views

CVE-2019-15558

XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java...

9.8CVSS9.7AI score0.01421EPSS
Exploits0References1
NVD
NVD
•added 2024/06/21 12:15 p.m.•78 views

CVE-2024-36481

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parsebtffield btffindstructmember might return NULL or an error via the ERRPTR macro. However, its caller in parsebtffield only checks for the NULL condition. Fix this by using ISERR and returni...

5.5CVSS0.00211EPSS
Exploits0References3
NVD
NVD
•added 2024/02/07 3:15 p.m.•78 views

CVE-2024-24811

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

9.8CVSS9.8AI score0.00881EPSS
Exploits0References2
NVD
NVD
•added 2024/02/02 2:15 a.m.•78 views

CVE-2023-46344

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting XSS vulnerability in the switch group function under /ilang=DE&b=csmartenergyswgroups in the web...

5.4CVSS5.7AI score0.00557EPSS
Exploits4References3
NVD
NVD
•added 2023/07/05 1:15 p.m.•78 views

CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

7.5CVSS8.3AI score0.00442EPSS
Exploits0References2
NVD
NVD
•added 2022/05/17 6:15 p.m.•78 views

CVE-2022-24611

Denial of Service DoS in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs...

6.5CVSS0.00716EPSS
Exploits0References2
NVD
NVD
•added 2019/10/24 5:15 p.m.•78 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6AI score0.01536EPSS
Exploits6References6
NVD
NVD
•added 2019/10/04 6:15 p.m.•78 views

CVE-2019-13318

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

5.5CVSS5.5AI score0.05834EPSS
Exploits0References2
NVD
NVD
•added 2025/05/20 6:15 p.m.•77 views

CVE-2025-47277

vLLM, an inference and serving engine for large language models LLMs, has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. vLLM supports the use of...

9.8CVSS0.00959EPSS
Exploits1References4
NVD
NVD
•added 2025/01/14 2:15 p.m.•77 views

CVE-2024-48884

A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0...

9.1CVSS0.14944EPSS
Exploits0References1
NVD
NVD
•added 2024/11/13 6:15 p.m.•77 views

CVE-2024-40660

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00114EPSS
Exploits0References3
NVD
NVD
•added 2023/10/20 12:15 a.m.•77 views

CVE-2023-46115

Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications...

8.4CVSS8.5AI score0.00192EPSS
Exploits0References2
NVD
NVD
•added 2023/08/04 5:15 p.m.•77 views

CVE-2023-38689

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

9.8CVSS8.8AI score0.01211EPSS
Exploits0References3
NVD
NVD
•added 2023/07/20 3:15 p.m.•77 views

CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...

5.3CVSS6.4AI score0.62606EPSS
Exploits0References11
NVD
NVD
•added 2023/02/13 5:15 p.m.•77 views

CVE-2023-24804

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal...

5CVSS5.1AI score0.00524EPSS
Exploits1References3
NVD
NVD
•added 2021/11/17 6:15 p.m.•77 views

CVE-2021-42362

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...

8.8CVSS0.79823EPSS
Exploits5References6
NVD
NVD
•added 2026/05/13 4:17 p.m.•76 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS0.0035EPSS
Exploits1References1
NVD
NVD
•added 2025/05/01 3:16 p.m.•76 views

CVE-2022-49921

In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in redenqueue We can't use "skb" again after passing it to qdiscenqueue. This is basically identical to commit 2f09707d0c97 "schsfb: Also store skb len before calling child enqueue"...

7.8CVSS0.00159EPSS
Exploits0References8
NVD
NVD
•added 2025/03/09 1:15 p.m.•76 views

CVE-2025-27636

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS an...

5.6CVSS0.79817EPSS
Exploits3References6
NVD
NVD
•added 2024/11/01 2:15 a.m.•76 views

CVE-2024-10610

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

8.8CVSS0.00508EPSS
Exploits1References4
NVD
NVD
•added 2024/10/21 7:15 p.m.•76 views

CVE-2024-50014

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static...

5.5CVSS0.00221EPSS
Exploits0References5
NVD
NVD
•added 2024/08/08 5:15 p.m.•76 views

CVE-2024-42366

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

9CVSS0.00743EPSS
Exploits0References2
NVD
NVD
•added 2024/08/06 11:16 a.m.•76 views

CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

6.3CVSS0.00224EPSS
Exploits1References1
NVD
NVD
•added 2024/07/01 4:15 p.m.•76 views

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration unauthenticated,...

7.5CVSS0.08495EPSS
Exploits1References2
NVD
NVD
•added 2024/06/11 5:15 p.m.•76 views

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability...

8.8CVSS0.03446EPSS
Exploits0References1
NVD
NVD
•added 2024/01/23 12:15 a.m.•76 views

CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS7.4AI score0.00977EPSS
Exploits1References4
NVD
NVD
•added 2024/01/13 10:15 p.m.•76 views

CVE-2024-0505

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

9.8CVSS6.7AI score0.0078EPSS
Exploits1References3
NVD
NVD
•added 2023/12/09 1:15 a.m.•76 views

CVE-2023-49797

PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if...

8.8CVSS0.00324EPSS
Exploits0References5
NVD
NVD
•added 2023/09/08 3:15 a.m.•76 views

CVE-2023-37368

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exyno...

7.5CVSS6.2AI score0.00461EPSS
Exploits0References1
NVD
NVD
•added 2023/07/10 4:15 p.m.•76 views

CVE-2023-3219

The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...

5.3CVSS5.3AI score0.06116EPSS
Exploits5References2
NVD
NVD
•added 2023/02/28 5:15 p.m.•76 views

CVE-2022-20455

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

5.5CVSS5.4AI score0.00119EPSS
Exploits0References1
NVD
NVD
•added 2023/02/26 8:15 p.m.•76 views

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

9.8CVSS10AI score0.17399EPSS
Exploits6References3
NVD
NVD
•added 2021/08/16 10:15 p.m.•76 views

CVE-2021-21595

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...

6.7CVSS0.00241EPSS
Exploits0References1
NVD
NVD
•added 2020/03/14 2:15 p.m.•76 views

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

9.8CVSS9.6AI score0.1929EPSS
Exploits5References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•75 views

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS0.00231EPSS
Exploits0References2
NVD
NVD
•added 2026/05/14 3:16 p.m.•75 views

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.8CVSS0.00392EPSS
Exploits0References4
NVD
NVD
•added 2026/05/13 4:16 p.m.•75 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS0.0014EPSS
Exploits0References1
NVD
NVD
•added 2026/04/17 5:16 a.m.•75 views

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS0.00718EPSS
Exploits0References4
NVD
NVD
•added 2024/11/22 9:15 p.m.•75 views

CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

7.8CVSS0.21985EPSS
Exploits1References2
NVD
NVD
•added 2024/09/27 7:15 a.m.•75 views

CVE-2024-9029

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the readiptcprofile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library,...

7.5CVSS0.00514EPSS
Exploits1References2
NVD
NVD
•added 2024/07/03 7:15 p.m.•75 views

CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...

6.3CVSS0.27992EPSS
Exploits6References4
NVD
NVD
•added 2024/02/01 7:15 p.m.•75 views

CVE-2024-24569

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

5.4CVSS5.5AI score0.00579EPSS
Exploits1References3
NVD
NVD
•added 2022/08/26 4:15 p.m.•75 views

CVE-2021-3859

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...

7.5CVSS0.01287EPSS
Exploits0References6
NVD
NVD
•added 2022/05/11 6:15 p.m.•75 views

CVE-2022-30059

Shopwind =v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php...

6.5CVSS0.01097EPSS
Exploits1References1
NVD
NVD
•added 2021/04/14 4:15 p.m.•75 views

CVE-2021-27246

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoin...

8CVSS0.06598EPSS
Exploits0References1
Total number of security vulnerabilities5000