Lucene search
K
NvdMost viewed

364494 matches found

NVD
NVD
•added 2021/05/11 3:15 p.m.•50 views

CVE-2021-21652

A cross-site request forgery CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS0.00642EPSS
Exploits0References1
NVD
NVD
•added 2021/04/22 9:15 p.m.•50 views

CVE-2021-25670

A vulnerability has been identified in Tecnomatix RobotExpert All versions V16.1. Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this...

7.8CVSS0.00892EPSS
Exploits0References1
NVD
NVD
•added 2021/04/14 10:15 p.m.•50 views

CVE-2021-29449

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details...

7.8CVSS0.01863EPSS
Exploits4References3
NVD
NVD
•added 2021/04/13 8:15 p.m.•50 views

CVE-2021-28460

Azure Sphere Unsigned Code Execution Vulnerability...

8.1CVSS0.0048EPSS
Exploits0References1
NVD
NVD
•added 2021/04/12 3:15 p.m.•50 views

CVE-2020-15942

An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile...

6.5CVSS0.00963EPSS
Exploits0References2
NVD
NVD
•added 2021/03/24 7:15 a.m.•50 views

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...

5.5CVSS0.01082EPSS
Exploits2References4
NVD
NVD
•added 2021/03/15 5:15 p.m.•50 views

CVE-2020-25241

A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions...

7.5CVSS0.01032EPSS
Exploits0References1
NVD
NVD
•added 2021/03/08 7:15 p.m.•50 views

CVE-2021-21362

MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who us...

7.7CVSS0.01321EPSS
Exploits1References4
NVD
NVD
•added 2021/03/05 6:15 a.m.•50 views

CVE-2019-25025

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

5.3CVSS0.01835EPSS
Exploits0References1
NVD
NVD
•added 2021/03/01 6:15 p.m.•50 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS0.01038EPSS
Exploits0References1
NVD
NVD
•added 2021/02/25 11:15 p.m.•50 views

CVE-2021-1728

System Center Operations Manager Elevation of Privilege Vulnerability...

8.8CVSS0.01825EPSS
Exploits0References1
NVD
NVD
•added 2020/12/26 4:15 a.m.•50 views

CVE-2020-35376

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...

7.5CVSS7.4AI score0.02057EPSS
Exploits1References3
NVD
NVD
•added 2020/11/23 9:15 p.m.•50 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.7AI score0.02949EPSS
Exploits0References2
NVD
NVD
•added 2020/11/23 8:15 p.m.•50 views

CVE-2020-15247

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.managepages, cms.managelayouts, or cms.managepartials permissions who would normally not be...

5.2CVSS5.8AI score0.0029EPSS
Exploits0References2
NVD
NVD
•added 2020/11/05 2:15 a.m.•50 views

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

8.8CVSS9.5AI score0.18461EPSS
Exploits4References4
NVD
NVD
•added 2020/10/29 3:15 p.m.•50 views

CVE-2020-7384

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine...

9.3CVSS7.5AI score0.30562EPSS
Exploits8References3
NVD
NVD
•added 2020/10/27 5:15 a.m.•50 views

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

7.2CVSS6.7AI score0.03162EPSS
Exploits0References1
NVD
NVD
•added 2020/10/19 6:15 p.m.•50 views

CVE-2020-7149

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS0.06613EPSS
Exploits0References1
NVD
NVD
•added 2020/10/07 9:15 p.m.•50 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5.3CVSS0.00819EPSS
Exploits0References2
NVD
NVD
•added 2020/09/03 5:15 p.m.•50 views

CVE-2020-23814

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file...

6.1CVSS6.1AI score0.01188EPSS
Exploits1References2
NVD
NVD
•added 2020/07/28 5:15 p.m.•50 views

CVE-2020-15608

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdashboard.php. When parsing the aiservice parameter, the process...

10CVSS9.7AI score0.08083EPSS
Exploits0References1
NVD
NVD
•added 2020/06/11 3:15 p.m.•50 views

CVE-2020-0180

In GetOpusHeaderBuffers of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android...

6.5CVSS0.00732EPSS
Exploits0References1
NVD
NVD
•added 2020/06/11 3:15 a.m.•50 views

CVE-2020-13851

Artica Pandora FMS 7.44 allows remote command execution via the events feature...

9CVSS0.91095EPSS
Exploits4References3
NVD
NVD
•added 2020/05/25 5:15 p.m.•50 views

CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action...

8.8CVSS8.8AI score0.00484EPSS
Exploits0References1
NVD
NVD
•added 2020/04/06 2:15 p.m.•50 views

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

5.8CVSS6AI score0.00764EPSS
Exploits0References1
NVD
NVD
•added 2020/04/03 7:15 p.m.•50 views

CVE-2020-6994

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...

9.8CVSS9.7AI score0.01606EPSS
Exploits0References1
NVD
NVD
•added 2020/03/16 6:15 p.m.•50 views

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

7.2CVSS7AI score0.30254EPSS
Exploits6References3
NVD
NVD
•added 2020/02/24 10:15 p.m.•50 views

CVE-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS9.9AI score0.9927EPSS
Exploits45References52
NVD
NVD
•added 2020/02/24 6:15 p.m.•50 views

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...

9CVSS8.6AI score0.0281EPSS
Exploits1References8
NVD
NVD
•added 2020/02/11 10:15 p.m.•50 views

CVE-2020-0663

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used t...

4.2CVSS6.1AI score0.01573EPSS
Exploits0References1
NVD
NVD
•added 2020/01/09 11:15 p.m.•50 views

CVE-2020-6757

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 KDI Version allows authenticated attackers to remotely execute code via the name parameter...

8.8CVSS7.8AI score0.01401EPSS
Exploits1References1
NVD
NVD
•added 2020/01/08 6:15 a.m.•50 views

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

9.8CVSS9.6AI score0.07329EPSS
Exploits5References2
NVD
NVD
•added 2019/12/17 3:15 p.m.•50 views

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

5.3CVSS5.2AI score0.00819EPSS
Exploits0References2
NVD
NVD
•added 2019/12/10 10:15 p.m.•50 views

CVE-2019-1332

A cross-site scripting XSS vulnerability exists when Microsoft SQL Server Reporting Services SSRS does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'...

6.1CVSS6AI score0.07226EPSS
Exploits1References2
NVD
NVD
•added 2019/11/13 6:15 p.m.•50 views

CVE-2019-2205

In ProxyResolverV8::SetPacScript of proxyresolverv8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

10CVSS9.4AI score0.02864EPSS
Exploits0References1
NVD
NVD
•added 2019/09/14 4:15 p.m.•50 views

CVE-2019-16312

s-cms V3.0 has XSS in index.php?type=text via the Sid parameter...

6.1CVSS6AI score0.00818EPSS
Exploits1References1
NVD
NVD
•added 2019/07/10 2:15 p.m.•50 views

CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

5.3CVSS5.3AI score0.62572EPSS
Exploits5References2
NVD
NVD
•added 2019/05/21 1:29 p.m.•50 views

CVE-2019-10320

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

4.3CVSS4.5AI score0.00969EPSS
Exploits0References7
NVD
NVD
•added 2019/04/30 1:29 p.m.•50 views

CVE-2019-10310

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials I...

8.8CVSS8.6AI score0.01525EPSS
Exploits0References4
NVD
NVD
•added 2018/10/19 10:29 p.m.•50 views

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

5.4CVSS5.3AI score0.01643EPSS
Exploits6References2
NVD
NVD
•added 2018/10/09 5:29 p.m.•50 views

CVE-2018-14649

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell a...

10CVSS10AI score0.11741EPSS
Exploits1References7
NVD
NVD
•added 2018/08/27 5:29 p.m.•50 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...

7.5CVSS6AI score0.01244EPSS
Exploits0References4
NVD
NVD
•added 2014/09/27 10:55 p.m.•50 views

CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS8.7AI score0.64326EPSS
Exploits16References109
NVD
NVD
•added 2014/05/02 2:55 p.m.•50 views

CVE-2013-7061

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API...

5.5CVSS6.3AI score0.00951EPSS
Exploits0References3
NVD
NVD
•added 2013/01/09 6:9 p.m.•50 views

CVE-2013-0006

Microsoft XML Core Services aka MSXML 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."...

9.3CVSS7.4AI score0.28084EPSS
Exploits1References4
NVD
NVD
•added 2011/01/24 7:0 p.m.•50 views

CVE-2010-4706

The pamsmclosesession function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pamxauth PAM check...

4.9CVSS6.1AI score0.00368EPSS
Exploits0References6
NVD
NVD
•added 2010/10/18 5:0 p.m.•50 views

CVE-2010-0219

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...

10CVSS9.7AI score0.89871EPSS
Exploits17References14
NVD
NVD
•added 2009/12/09 6:30 p.m.•50 views

CVE-2009-2508

The single sign-on implementation in Active Directory Federation Services ADFS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previou...

6.9CVSS6.2AI score0.01262EPSS
Exploits1References3
NVD
NVD
•added 2009/11/05 4:30 p.m.•50 views

CVE-2009-3869

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...

9.3CVSS7.7AI score0.65461EPSS
Exploits9References27
NVD
NVD
•added 2004/12/23 5:0 a.m.•50 views

CVE-2004-0867

Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected...

7.5CVSS6.5AI score0.17183EPSS
Exploits0References7
Total number of security vulnerabilities5000