Lucene search
K
NvdMost viewed

363637 matches found

NVD
NVD
added 2025/02/06 6:15 p.m.49 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS0.00817EPSS
Exploits0References3
NVD
NVD
added 2025/02/06 8:15 a.m.49 views

CVE-2025-23236

Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained...

8.8CVSS0.00189EPSS
Exploits0References2
NVD
NVD
added 2025/01/21 6:15 p.m.49 views

CVE-2025-24020

WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the control.php endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the nextPage parameter to be manipulated, redirecting authenticated users to...

6.1CVSS0.00318EPSS
Exploits1References3
NVD
NVD
added 2025/01/21 5:15 p.m.49 views

CVE-2025-24018

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

7.6CVSS0.00392EPSS
Exploits1References3
NVD
NVD
added 2025/01/20 6:15 p.m.49 views

CVE-2024-22347

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 12:15 a.m.49 views

CVE-2022-44516

Acrobat Reader DC version 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

5.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/12/18 9:15 p.m.49 views

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS0.00856EPSS
Exploits0References5
NVD
NVD
added 2024/12/18 1:15 p.m.49 views

CVE-2024-50570

A Cleartext Storage of Sensitive Information vulnerability CWE-312 in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN passwor...

5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2024/12/08 11:15 p.m.49 views

CVE-2024-12344

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3vT TTV6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

9.8CVSS0.01842EPSS
Exploits3References5
NVD
NVD
added 2024/12/03 6:15 p.m.49 views

CVE-2024-41775

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 10:15 p.m.49 views

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS0.00435EPSS
Exploits0References2
NVD
NVD
added 2024/12/01 9:15 p.m.49 views

CVE-2024-45520

WithSecure Atlant formerly F-Secure Atlant 1.0.35-1 allows a remote Denial of Service because of memory corruption during scanning of a PE32 file...

7.5CVSS0.00493EPSS
Exploits0References2
NVD
NVD
added 2024/11/27 12:15 p.m.49 views

CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...

9.9CVSS0.78831EPSS
Exploits13References1
NVD
NVD
added 2024/11/26 11:21 a.m.49 views

CVE-2024-11024

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possibl...

9.8CVSS0.00678EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 11:15 a.m.49 views

CVE-2024-10696

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

4.3CVSS0.00484EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 6:15 p.m.49 views

CVE-2024-43459

SQL Server Native Client Remote Code Execution Vulnerability...

8.8CVSS0.01577EPSS
Exploits0References1
NVD
NVD
added 2024/11/11 8:15 p.m.49 views

CVE-2024-51489

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

5.4CVSS0.00272EPSS
Exploits1References1
NVD
NVD
added 2024/11/06 11:15 p.m.49 views

CVE-2024-10928

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

6.1CVSS0.00383EPSS
Exploits1References4
NVD
NVD
added 2024/11/01 3:15 p.m.49 views

CVE-2024-37250

Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...

5.4CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 8:15 p.m.49 views

CVE-2022-48985

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq-workdone. If the other thread for...

4.7CVSS0.00226EPSS
Exploits0References3
NVD
NVD
added 2024/10/18 6:15 a.m.49 views

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS0.00631EPSS
Exploits1References2
NVD
NVD
added 2024/10/09 5:15 p.m.49 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

4.3CVSS0.00304EPSS
Exploits0References3
NVD
NVD
added 2024/09/12 9:15 a.m.49 views

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

10CVSS0.11831EPSS
Exploits2References3
NVD
NVD
added 2024/09/10 5:15 p.m.49 views

CVE-2024-38217

Windows Mark of the Web Security Feature Bypass Vulnerability...

5.4CVSS0.09835EPSS
Exploits1References3
NVD
NVD
added 2024/09/07 7:15 p.m.49 views

CVE-2024-8561

A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete.php of the component Delete Person Handler. The manipulation of the argument person leads to sql injection. The attack...

9.8CVSS0.00436EPSS
Exploits0References4
NVD
NVD
added 2024/08/27 7:15 p.m.49 views

CVE-2024-8210

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...

9.8CVSS0.07482EPSS
Exploits1References6
NVD
NVD
added 2024/08/27 3:15 p.m.49 views

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

9.8CVSS0.01167EPSS
Exploits0References1
NVD
NVD
added 2024/08/02 1:15 a.m.49 views

CVE-2024-22278

Incorrect user permission validation in Harbor v2.9.5 and Harbor v2.10.3 allows authenticated users to modify configurations...

6.4CVSS0.00368EPSS
Exploits0References1
NVD
NVD
added 2024/08/01 4:15 a.m.49 views

CVE-2024-7339

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...

6.9CVSS0.32028EPSS
Exploits2References4
NVD
NVD
added 2024/07/25 8:15 p.m.49 views

CVE-2024-29068

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

6.6CVSS0.00212EPSS
Exploits0References2
NVD
NVD
added 2024/07/23 3:15 p.m.49 views

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

7.5CVSS0.00766EPSS
Exploits0References3
NVD
NVD
added 2024/07/21 7:15 a.m.49 views

CVE-2024-37557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Soham Web Solution WP Cookie Law Info allows Stored XSS.This issue affects WP Cookie Law Info: from n/a through 1.1...

5.9CVSS0.00276EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 9:15 p.m.49 views

CVE-2024-21687

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the...

8.1CVSS0.00746EPSS
Exploits0References2
NVD
NVD
added 2024/07/15 8:15 p.m.49 views

CVE-2024-39912

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

5.3CVSS0.00394EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 6:15 p.m.49 views

CVE-2024-40737

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add...

6.1CVSS0.00353EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 6:15 p.m.49 views

CVE-2024-38970

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...

4.9CVSS0.00441EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.49 views

CVE-2024-38095

.NET and Visual Studio Denial of Service Vulnerability...

7.5CVSS0.02719EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 8:15 a.m.49 views

CVE-2024-6317

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the...

8.8CVSS0.00605EPSS
Exploits0References3
NVD
NVD
added 2024/07/08 9:15 p.m.49 views

CVE-2024-5971

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

7.5CVSS0.02716EPSS
Exploits0References11
NVD
NVD
added 2024/07/08 6:15 p.m.49 views

CVE-2024-39896

Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs t...

7.5CVSS0.00506EPSS
Exploits1References2
NVD
NVD
added 2024/07/01 9:15 p.m.49 views

CVE-2024-32230

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideoenc.c:1216:21 in loadinputpicture in FFmpeg7.0...

7.8CVSS0.00355EPSS
Exploits1References1
NVD
NVD
added 2024/07/01 1:15 p.m.49 views

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS0.01158EPSS
Exploits1References3
NVD
NVD
added 2024/06/28 6:15 p.m.49 views

CVE-2024-38374

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...

7.5CVSS0.00589EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 7:15 p.m.49 views

CVE-2023-38368

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195...

5.5CVSS0.00186EPSS
Exploits1References3
NVD
NVD
added 2024/06/26 5:15 a.m.49 views

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

7.3CVSS0.00248EPSS
Exploits0References5
NVD
NVD
added 2024/06/25 3:15 a.m.49 views

CVE-2024-23149

A maliciously crafted SLDDRW file, when parsed in ODXSWDLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 5:15 p.m.49 views

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

9.6CVSS0.00615EPSS
Exploits0References2
NVD
NVD
added 2024/06/14 4:15 p.m.49 views

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

4.3CVSS0.00431EPSS
Exploits0References3
NVD
NVD
added 2024/06/12 5:15 p.m.49 views

CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...

7.5CVSS0.00366EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 2:15 p.m.49 views

CVE-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00456EPSS
Exploits0References1
Total number of security vulnerabilities5000