Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
•added 2023/06/09 6:15 a.m.•50 views

CVE-2023-1404

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...

6.4CVSS5.9AI score0.00508EPSS
Exploits2References3
NVD
NVD
•added 2023/06/07 2:15 a.m.•50 views

CVE-2023-3125

The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bkingsavepriceimport' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions...

6.5CVSS6.2AI score0.0074EPSS
Exploits1References3
NVD
NVD
•added 2023/06/03 5:15 a.m.•50 views

CVE-2023-2405

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

6.5CVSS5.9AI score0.00335EPSS
Exploits2References4
NVD
NVD
•added 2023/06/02 12:15 p.m.•50 views

CVE-2023-28469

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0...

5.5CVSS5.6AI score0.00182EPSS
Exploits0References1
NVD
NVD
•added 2023/05/27 5:15 a.m.•50 views

CVE-2023-33184

Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...

5.3CVSS4.5AI score0.00529EPSS
Exploits0References3
NVD
NVD
•added 2023/05/18 10:15 p.m.•50 views

CVE-2023-23557

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...

9.8CVSS9.7AI score0.00891EPSS
Exploits0References2
NVD
NVD
•added 2023/05/15 10:15 p.m.•50 views

CVE-2023-31131

Greenplum Database GPDB is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this...

9.1CVSS7.9AI score0.00746EPSS
Exploits0References2
NVD
NVD
•added 2023/05/03 10:15 p.m.•50 views

CVE-2023-22637

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated...

9CVSS7.5AI score0.0061EPSS
Exploits0References1
NVD
NVD
•added 2023/04/26 2:15 p.m.•50 views

CVE-2022-25273

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

7.5CVSS7.4AI score0.00568EPSS
Exploits0References1
NVD
NVD
•added 2023/04/25 7:15 p.m.•50 views

CVE-2023-30839

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are ...

9.9CVSS9.6AI score0.01692EPSS
Exploits2References3
NVD
NVD
•added 2023/03/27 3:15 p.m.•50 views

CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

9.8CVSS9.6AI score0.00736EPSS
Exploits0References1
NVD
NVD
•added 2023/03/22 6:15 a.m.•50 views

CVE-2023-1168

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switc...

8.8CVSS7.8AI score0.01141EPSS
Exploits0References1
NVD
NVD
•added 2023/03/21 11:15 p.m.•50 views

CVE-2022-43512

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

5.5CVSS5.2AI score0.00255EPSS
Exploits0References1
NVD
NVD
•added 2023/03/10 9:15 p.m.•50 views

CVE-2022-33244

Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout...

7.5CVSS7.5AI score0.00406EPSS
Exploits0References1
NVD
NVD
•added 2023/03/03 11:15 p.m.•50 views

CVE-2023-26047

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...

6.5CVSS6.5AI score0.00516EPSS
Exploits0References3
NVD
NVD
•added 2023/02/22 12:15 a.m.•50 views

CVE-2023-20855

VMware vRealize Orchestrator contains an XML External Entity XXE vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalati...

8.8CVSS8.8AI score0.01265EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 9:15 p.m.•50 views

CVE-2022-27808

Insufficient control flow management in some IntelR Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS6.7AI score0.00194EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 7:15 p.m.•50 views

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

7.8CVSS8AI score0.00552EPSS
Exploits0References1
NVD
NVD
•added 2023/01/18 12:15 a.m.•50 views

CVE-2022-39429

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

4.3CVSS3.7AI score0.00561EPSS
Exploits0References1
NVD
NVD
•added 2023/01/11 8:15 p.m.•50 views

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

7.7CVSS7.4AI score0.00665EPSS
Exploits1References2
NVD
NVD
•added 2023/01/03 6:15 p.m.•50 views

CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...

9.8CVSS9.8AI score0.02909EPSS
Exploits1References1
NVD
NVD
•added 2022/12/14 3:15 p.m.•50 views

CVE-2022-46609

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well ...

9.8CVSS0.01416EPSS
Exploits1References4
NVD
NVD
•added 2022/12/04 7:15 p.m.•50 views

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

7.1CVSS0.0138EPSS
Exploits1References2
NVD
NVD
•added 2022/11/01 10:15 p.m.•50 views

CVE-2022-3817

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be...

6.5CVSS0.00771EPSS
Exploits1References3
NVD
NVD
•added 2022/10/25 5:15 p.m.•50 views

CVE-2022-3300

The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS0.01015EPSS
Exploits2References1
NVD
NVD
•added 2022/10/25 5:15 p.m.•50 views

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

9.8CVSS0.11004EPSS
Exploits3References3
NVD
NVD
•added 2022/10/10 9:15 p.m.•50 views

CVE-2022-39288

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...

7.5CVSS0.59244EPSS
Exploits0References3
NVD
NVD
•added 2022/10/10 9:15 p.m.•50 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS0.00468EPSS
Exploits2References1
NVD
NVD
•added 2022/09/29 8:15 p.m.•50 views

CVE-2022-36068

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in...

7.2CVSS0.00715EPSS
Exploits0References3
NVD
NVD
•added 2022/09/16 10:15 p.m.•50 views

CVE-2022-35984

TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 9:15 p.m.•50 views

CVE-2022-35969

TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00383EPSS
Exploits0References2
NVD
NVD
•added 2022/09/13 6:15 p.m.•50 views

CVE-2022-36104

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

7.5CVSS0.01312EPSS
Exploits0References3
NVD
NVD
•added 2022/09/05 10:15 a.m.•50 views

CVE-2022-38369

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

8.8CVSS0.01089EPSS
Exploits0References2
NVD
NVD
•added 2022/08/05 9:15 p.m.•50 views

CVE-2022-31614

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure...

7.8CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2022/07/24 6:15 p.m.•50 views

CVE-2022-24294

A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...

7.5CVSS0.01595EPSS
Exploits0References2
NVD
NVD
•added 2022/07/12 10:15 p.m.•50 views

CVE-2022-31105

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

9.6CVSS0.00635EPSS
Exploits0References3
NVD
NVD
•added 2022/07/01 8:15 p.m.•50 views

CVE-2022-25898

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

9.8CVSS0.01096EPSS
Exploits1References6
NVD
NVD
•added 2022/04/27 6:15 a.m.•50 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS0.00403EPSS
Exploits0References3
NVD
NVD
•added 2022/04/11 8:15 p.m.•50 views

CVE-2022-25791

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files...

7.8CVSS0.0062EPSS
Exploits0References1
NVD
NVD
•added 2022/04/04 8:15 p.m.•50 views

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

9.8CVSS0.0107EPSS
Exploits0References1
NVD
NVD
•added 2022/03/23 10:15 p.m.•50 views

CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there...

7.3CVSS0.00889EPSS
Exploits5References8
NVD
NVD
•added 2022/03/03 12:15 a.m.•50 views

CVE-2022-25089

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEYLOCALMACHINE via UITasks.PersistentRegistryData...

9.8CVSS0.18617EPSS
Exploits4References3
NVD
NVD
•added 2022/03/01 2:15 a.m.•50 views

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

9.1CVSS0.01505EPSS
Exploits0References2
NVD
NVD
•added 2022/02/18 3:15 p.m.•50 views

CVE-2022-0666

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11...

7.6CVSS0.44259EPSS
Exploits1References2
NVD
NVD
•added 2022/01/28 10:15 p.m.•50 views

CVE-2021-44359

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS0.01145EPSS
Exploits1References1
NVD
NVD
•added 2021/12/10 10:15 a.m.•50 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message...

10CVSS0.99999EPSS
Exploits351References52
NVD
NVD
•added 2021/11/24 4:15 p.m.•50 views

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

8.8CVSS0.01005EPSS
Exploits0References2
NVD
NVD
•added 2021/11/22 9:15 a.m.•50 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

7.5CVSS0.11733EPSS
Exploits3References2
NVD
NVD
•added 2021/11/14 9:15 p.m.•50 views

CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

10CVSS0.35047EPSS
Exploits5References2
NVD
NVD
•added 2021/11/05 10:15 p.m.•50 views

CVE-2021-41218

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...

5.5CVSS0.00128EPSS
Exploits0References2
Total number of security vulnerabilities5000