Lucene search
K
NvdMost viewed

364128 matches found

NVD
NVD
added 2024/07/12 8:15 p.m.50 views

CVE-2023-41093

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0...

3.1CVSS0.00193EPSS
Exploits0References1
NVD
NVD
added 2024/07/10 7:15 p.m.50 views

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

5.3CVSS0.00492EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 8:15 a.m.50 views

CVE-2024-6317

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...

8.8CVSS0.00605EPSS
Exploits0References3
NVD
NVD
added 2024/07/04 9:15 a.m.50 views

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

6.2CVSS0.00889EPSS
Exploits0References4
NVD
NVD
added 2024/07/02 11:15 a.m.50 views

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

5.3CVSS0.0062EPSS
Exploits0References4
NVD
NVD
added 2024/06/25 3:15 a.m.50 views

CVE-2024-23149

A maliciously crafted SLDDRW file, when parsed in ODXSWDLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 5:15 p.m.50 views

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS0.00615EPSS
Exploits0References2
NVD
NVD
added 2024/06/11 10:15 p.m.50 views

CVE-2024-35225

Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting XSS issue. The /proxy endpoint accepts a host path segmen...

9.6CVSS0.00442EPSS
Exploits0References4
NVD
NVD
added 2024/06/09 11:15 p.m.50 views

CVE-2024-5389

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset...

8.1CVSS0.00431EPSS
Exploits1References1
NVD
NVD
added 2024/05/03 2:15 a.m.50 views

CVE-2023-32154

Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS7.9AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2024/04/25 4:15 p.m.50 views

CVE-2023-6717

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS, posing a Cross-Site Scripting XSS risk. This issue may allow a malicious admin in one realm or a client with...

6CVSS5.6AI score0.00711EPSS
Exploits0References7
NVD
NVD
added 2024/03/29 4:15 p.m.50 views

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

7.5CVSS7.5AI score0.00633EPSS
Exploits0References2
NVD
NVD
added 2024/03/28 2:15 p.m.50 views

CVE-2024-28109

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...

8.1CVSS8.3AI score0.01033EPSS
Exploits0References5
NVD
NVD
added 2024/03/25 9:15 p.m.50 views

CVE-2024-29179

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

4.8CVSS4.7AI score0.00508EPSS
Exploits1References1
NVD
NVD
added 2024/03/07 5:15 a.m.50 views

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

9.8CVSS7.8AI score0.01199EPSS
Exploits0References1
NVD
NVD
added 2024/03/07 1:15 a.m.50 views

CVE-2024-22857

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlogrulenew.The size of recordname is MAXLENPATH1024 + 1 but filepath may have data upto MAXLENCFGLINEMAXLENPATH4 + 1. So a check was missing in zlogrulenew while copying the recordname from filepath + 1 which caused the buffer overflow. An...

9.8CVSS7.7AI score0.01699EPSS
Exploits0References5
NVD
NVD
added 2024/03/05 12:15 p.m.50 views

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS7.4AI score0.00378EPSS
Exploits1References6
NVD
NVD
added 2024/03/01 1:15 p.m.50 views

CVE-2023-48674

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function...

6.8CVSS6.5AI score0.00493EPSS
Exploits0References1
NVD
NVD
added 2024/02/26 4:28 p.m.50 views

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

5.9CVSS6.4AI score0.00326EPSS
Exploits1References3
NVD
NVD
added 2024/02/20 10:15 a.m.50 views

CVE-2023-49109

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue...

9.8CVSS7AI score0.02301EPSS
Exploits0References4
NVD
NVD
added 2024/02/13 8:15 p.m.50 views

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

6CVSS6.3AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2024/02/09 8:15 a.m.50 views

CVE-2024-23749

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls at lines 2369-2390. This allows an attacker to add inputs inside the...

7.8CVSS8.1AI score0.04692EPSS
Exploits5References4
NVD
NVD
added 2024/02/09 7:15 a.m.50 views

CVE-2023-31506

A cross-site scripting XSS vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element...

5.4CVSS5.2AI score0.00996EPSS
Exploits1References1
NVD
NVD
added 2024/02/07 3:15 p.m.50 views

CVE-2024-25145

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...

9.6CVSS7.5AI score0.00563EPSS
Exploits0References1
NVD
NVD
added 2024/02/02 5:15 a.m.50 views

CVE-2024-21485

Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...

6.5CVSS6AI score0.01475EPSS
Exploits1References9
NVD
NVD
added 2024/02/01 5:15 p.m.50 views

CVE-2024-24561

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice function uses a non-literal argument for the start ...

9.8CVSS9.6AI score0.00902EPSS
Exploits1References3
NVD
NVD
added 2023/12/28 10:15 p.m.50 views

CVE-2023-7137

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request Handler. The manipulation of the argument uemail leads to sql injection. The exploit has been...

8.8CVSS0.17026EPSS
Exploits4References3
NVD
NVD
added 2023/12/07 3:15 p.m.50 views

CVE-2023-49426

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg...

9.8CVSS0.00925EPSS
Exploits1References1
NVD
NVD
added 2023/12/05 3:15 a.m.50 views

CVE-2023-42580

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store...

9.8CVSS0.00968EPSS
Exploits0References1
NVD
NVD
added 2023/11/21 11:15 p.m.50 views

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS0.007EPSS
Exploits0References3
NVD
NVD
added 2023/11/06 6:15 p.m.50 views

CVE-2023-45827

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...

9.8CVSS8.1AI score0.01172EPSS
Exploits1References2
NVD
NVD
added 2023/11/02 7:15 p.m.50 views

CVE-2023-31021

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager vGPU plugin, where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service...

5.5CVSS5.7AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2023/10/19 9:15 p.m.50 views

CVE-2023-45821

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

6.3CVSS5.8AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2023/10/12 5:15 p.m.50 views

CVE-2023-45138

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...

10CVSS10AI score0.71159EPSS
Exploits0References3
NVD
NVD
added 2023/10/12 1:15 p.m.50 views

CVE-2023-45068

Cross-Site Request Forgery CSRF vulnerability in Supsystic Contact Form by Supsystic plugin = 1.7.27 versions...

8.8CVSS6.5AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/09/29 2:15 p.m.50 views

CVE-2023-5289

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4...

8.8CVSS7.4AI score0.00646EPSS
Exploits1References2
NVD
NVD
added 2023/09/27 3:19 p.m.50 views

CVE-2023-42461

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...

9.8CVSS7.6AI score0.00899EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 6:15 p.m.50 views

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

5.5CVSS5.1AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 1:15 a.m.50 views

CVE-2023-25530

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure...

9.8CVSS8.4AI score0.00746EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 8:15 p.m.50 views

CVE-2023-4278

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts...

7.5CVSS7.4AI score0.03495EPSS
Exploits6References2
NVD
NVD
added 2023/08/30 6:15 p.m.50 views

CVE-2023-41039

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...

8.3CVSS8.2AI score0.00637EPSS
Exploits0References2
NVD
NVD
added 2023/08/22 7:16 p.m.50 views

CVE-2022-37052

A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject...

6.5CVSS6.3AI score0.00902EPSS
Exploits1References3
NVD
NVD
added 2023/08/22 7:16 p.m.50 views

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

6.7CVSS7AI score0.0052EPSS
Exploits1References3
NVD
NVD
added 2023/08/16 10:15 p.m.50 views

CVE-2023-38894

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function...

9.8CVSS9.6AI score0.01683EPSS
Exploits1References2
NVD
NVD
added 2023/08/10 6:15 p.m.50 views

CVE-2023-39961

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and...

4.3CVSS4.2AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2023/08/10 4:15 p.m.50 views

CVE-2023-39957

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android versi...

7.8CVSS7.1AI score0.00328EPSS
Exploits0References3
NVD
NVD
added 2023/08/08 3:15 p.m.50 views

CVE-2023-36306

A Cross Site Scripting XSS vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components...

6.1CVSS6AI score0.03771EPSS
Exploits4References1
NVD
NVD
added 2023/08/08 11:15 a.m.50 views

CVE-2023-4203

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface...

9CVSS8.2AI score0.00868EPSS
Exploits2References3
NVD
NVD
added 2023/08/04 9:15 p.m.50 views

CVE-2023-39346

LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of...

9.8CVSS9.2AI score0.00927EPSS
Exploits0References4
NVD
NVD
added 2023/08/04 9:15 p.m.50 views

CVE-2020-26065

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

6.5CVSS6.3AI score0.01705EPSS
Exploits0References1
Total number of security vulnerabilities5000