Lucene search
K
NvdMost viewed

363661 matches found

NVD
NVD
added 2021/05/21 12:15 p.m.50 views

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

6.8CVSS0.00328EPSS
Exploits1References6
NVD
NVD
added 2021/05/14 8:15 p.m.50 views

CVE-2021-29584

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS0.00189EPSS
Exploits1References2
NVD
NVD
added 2021/05/11 3:15 p.m.50 views

CVE-2021-21652

A cross-site request forgery CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS0.00642EPSS
Exploits0References1
NVD
NVD
added 2021/04/22 9:15 p.m.50 views

CVE-2021-25670

A vulnerability has been identified in Tecnomatix RobotExpert All versions V16.1. Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this...

7.8CVSS0.00892EPSS
Exploits0References1
NVD
NVD
added 2021/04/14 10:15 p.m.50 views

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...

7.8CVSS0.01863EPSS
Exploits4References3
NVD
NVD
added 2021/04/12 3:15 p.m.50 views

CVE-2020-15942

An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile...

6.5CVSS0.00963EPSS
Exploits0References2
NVD
NVD
added 2021/03/24 7:15 a.m.50 views

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...

5.5CVSS0.01082EPSS
Exploits2References4
NVD
NVD
added 2021/03/15 5:15 p.m.50 views

CVE-2020-25241

A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...

7.5CVSS0.01032EPSS
Exploits0References1
NVD
NVD
added 2021/03/05 6:15 a.m.50 views

CVE-2019-25025

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

5.3CVSS0.01835EPSS
Exploits0References1
NVD
NVD
added 2021/03/01 6:15 p.m.50 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS0.01038EPSS
Exploits0References1
NVD
NVD
added 2021/02/25 11:15 p.m.50 views

CVE-2021-1728

System Center Operations Manager Elevation of Privilege Vulnerability...

8.8CVSS0.01825EPSS
Exploits0References1
NVD
NVD
added 2021/02/11 7:15 p.m.50 views

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

9.8CVSS0.89189EPSS
Exploits5References7
NVD
NVD
added 2021/02/09 5:15 p.m.50 views

CVE-2020-10048

A vulnerability has been identified in SIMATIC PCS 7 All versions, SIMATIC WinCC All versions V7.5 SP2. Due to an insecure password verification process, an attacker could bypass the password protection set on protected files, thus being granted access to the protected content, circumventing...

5.5CVSS0.00336EPSS
Exploits0References1
NVD
NVD
added 2021/01/20 8:15 p.m.50 views

CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity...

7.5CVSS7.3AI score0.73828EPSS
Exploits0References1
NVD
NVD
added 2020/12/26 4:15 a.m.50 views

CVE-2020-35376

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...

7.5CVSS7.4AI score0.02057EPSS
Exploits1References3
NVD
NVD
added 2020/11/23 9:15 p.m.50 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.7AI score0.02949EPSS
Exploits0References2
NVD
NVD
added 2020/11/23 8:15 p.m.50 views

CVE-2020-15247

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be...

5.2CVSS5.8AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2020/11/05 2:15 a.m.50 views

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

8.8CVSS9.5AI score0.18461EPSS
Exploits4References4
NVD
NVD
added 2020/10/27 5:15 a.m.50 views

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

7.2CVSS6.7AI score0.03162EPSS
Exploits0References1
NVD
NVD
added 2020/10/19 6:15 p.m.50 views

CVE-2020-7149

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS0.06613EPSS
Exploits0References1
NVD
NVD
added 2020/10/07 9:15 p.m.50 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5.3CVSS0.00819EPSS
Exploits0References2
NVD
NVD
added 2020/10/06 1:15 p.m.50 views

CVE-2020-24214

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming fo...

9.8CVSS0.35393EPSS
Exploits4References3
NVD
NVD
added 2020/09/03 5:15 p.m.50 views

CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

6.1CVSS6.1AI score0.01188EPSS
Exploits1References2
NVD
NVD
added 2020/07/28 5:15 p.m.50 views

CVE-2020-15608

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the aiservice parameter, the process...

10CVSS9.7AI score0.08083EPSS
Exploits0References1
NVD
NVD
added 2020/07/24 2:15 p.m.50 views

CVE-2020-15778

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a...

7.8CVSS7.9AI score0.12996EPSS
Exploits6References6
NVD
NVD
added 2020/06/30 4:15 p.m.50 views

CVE-2020-15084

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

9.1CVSS0.01059EPSS
Exploits0References2
NVD
NVD
added 2020/06/22 7:15 p.m.50 views

CVE-2020-1727

A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

6.4CVSS0.00801EPSS
Exploits0References1
NVD
NVD
added 2020/05/25 5:15 p.m.50 views

CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action...

8.8CVSS8.8AI score0.00484EPSS
Exploits0References1
NVD
NVD
added 2020/04/06 2:15 p.m.50 views

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

5.8CVSS6AI score0.00764EPSS
Exploits0References1
NVD
NVD
added 2020/04/03 7:15 p.m.50 views

CVE-2020-6994

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...

9.8CVSS9.7AI score0.01606EPSS
Exploits0References1
NVD
NVD
added 2020/03/16 6:15 p.m.50 views

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

7.2CVSS7AI score0.30254EPSS
Exploits6References3
NVD
NVD
added 2020/02/24 6:15 p.m.50 views

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...

9CVSS8.6AI score0.0281EPSS
Exploits1References8
NVD
NVD
added 2020/02/11 10:15 p.m.50 views

CVE-2020-0663

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used t...

4.2CVSS6.1AI score0.01573EPSS
Exploits0References1
NVD
NVD
added 2020/01/09 11:15 p.m.50 views

CVE-2020-6757

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 KDI Version allows authenticated attackers to remotely execute code via the name parameter...

8.8CVSS7.8AI score0.01401EPSS
Exploits1References1
NVD
NVD
added 2020/01/08 6:15 a.m.50 views

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

9.8CVSS9.6AI score0.07329EPSS
Exploits5References2
NVD
NVD
added 2019/12/17 3:15 p.m.50 views

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

5.3CVSS5.2AI score0.00819EPSS
Exploits0References2
NVD
NVD
added 2019/09/14 4:15 p.m.50 views

CVE-2019-16312

s-cms V3.0 has XSS in index.php?type=text via the Sid parameter...

6.1CVSS6AI score0.00818EPSS
Exploits1References1
NVD
NVD
added 2019/07/10 2:15 p.m.50 views

CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

5.3CVSS5.3AI score0.62572EPSS
Exploits5References2
NVD
NVD
added 2019/04/23 7:32 p.m.50 views

CVE-2019-2557

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

6.5CVSS5.4AI score0.05503EPSS
Exploits3References1
NVD
NVD
added 2018/10/19 10:29 p.m.50 views

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

5.4CVSS5.3AI score0.01643EPSS
Exploits6References2
NVD
NVD
added 2017/03/17 12:59 a.m.50 views

CVE-2017-0144

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...

9.3CVSS8.5AI score0.9923EPSS
Exploits55References13
NVD
NVD
added 2014/09/27 10:55 p.m.50 views

CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS8.7AI score0.64326EPSS
Exploits16References109
NVD
NVD
added 2010/12/02 5:15 p.m.50 views

CVE-2010-4313

Unrestricted file upload vulnerability in filemanfileupload.php in Orbis CMS 1.0.2 allows remote authenticated users to execute arbitrary code by uploading a .php file, and then accessing it via a direct request to the file in uploads/...

6CVSS7.2AI score0.02709EPSS
Exploits6References5
NVD
NVD
added 2009/05/29 8:30 p.m.50 views

CVE-2009-1828

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

5CVSS6.3AI score0.08779EPSS
Exploits1References11
NVD
NVD
added 2004/12/31 5:0 a.m.50 views

CVE-2004-1753

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindowNULL calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs...

2.6CVSS6.1AI score0.01596EPSS
Exploits1References7
NVD
NVD
added 2026/06/01 9:16 a.m.49 views

CVE-2026-42588

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...

8.1CVSS0.00546EPSS
Exploits2References2
NVD
NVD
added 2026/05/18 9:16 a.m.49 views

CVE-2026-6333

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

5CVSS0.00137EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.49 views

CVE-2026-27886

Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the where query parameter on any publicly-accessibl...

9.2CVSS0.00612EPSS
Exploits5References1
NVD
NVD
added 2026/05/13 6:16 p.m.49 views

CVE-2026-45411

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by th...

9.8CVSS0.00568EPSS
Exploits1References4
NVD
NVD
added 2026/05/12 6:17 p.m.49 views

CVE-2026-42048

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

9.6CVSS0.04417EPSS
Exploits1References1
Total number of security vulnerabilities5000