Lucene search
K
NvdMost viewed

363706 matches found

NVD
NVD
added 2024/04/25 8:15 a.m.49 views

CVE-2024-3988

The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to...

6.4CVSS5.7AI score0.0043EPSS
Exploits0References3
NVD
NVD
added 2024/04/22 10:15 p.m.49 views

CVE-2024-32479

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability...

7.1CVSS6.9AI score0.34128EPSS
Exploits1References3
NVD
NVD
added 2024/04/12 8:15 p.m.49 views

CVE-2024-32000

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack,...

4.3CVSS4.4AI score0.0045EPSS
Exploits0References3
NVD
NVD
added 2024/04/03 1:16 p.m.49 views

CVE-2024-30570

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

5.3CVSS6.2AI score0.01231EPSS
Exploits1References2
NVD
NVD
added 2024/03/06 7:15 p.m.49 views

CVE-2024-27303

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...

7.3CVSS7.1AI score0.00282EPSS
Exploits0References3
NVD
NVD
added 2024/03/05 12:15 p.m.49 views

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS7.4AI score0.00378EPSS
Exploits1References6
NVD
NVD
added 2024/02/26 4:28 p.m.49 views

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

5.9CVSS6.4AI score0.00326EPSS
Exploits1References3
NVD
NVD
added 2024/02/17 8:15 a.m.49 views

CVE-2024-1512

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...

9.8CVSS9.7AI score0.77729EPSS
Exploits1References2
NVD
NVD
added 2024/02/15 11:15 p.m.49 views

CVE-2023-40114

In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

8.4CVSS6.8AI score0.00097EPSS
Exploits0References2
NVD
NVD
added 2024/02/13 8:15 p.m.49 views

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

6CVSS6.3AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 2024/02/13 7:15 p.m.49 views

CVE-2024-1374

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required acce...

9.1CVSS9.6AI score0.02632EPSS
Exploits0References4
NVD
NVD
added 2024/02/09 11:15 p.m.49 views

CVE-2024-24828

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

7.8CVSS6.7AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2024/02/09 1:15 a.m.49 views

CVE-2024-23639

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

7.8CVSS6.3AI score0.00261EPSS
Exploits0References2
NVD
NVD
added 2024/01/30 4:15 p.m.49 views

CVE-2024-21671

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

3.7CVSS4AI score0.00398EPSS
Exploits0References2
NVD
NVD
added 2024/01/29 8:15 p.m.49 views

CVE-2023-51839

DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm...

9.1CVSS9.3AI score0.00376EPSS
Exploits0References3
NVD
NVD
added 2024/01/19 9:15 p.m.49 views

CVE-2024-22420

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

6.5CVSS6.5AI score0.00568EPSS
Exploits0References3
NVD
NVD
added 2023/12/29 5:16 p.m.49 views

CVE-2023-51663

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

5.3CVSS0.00367EPSS
Exploits0References1
NVD
NVD
added 2023/12/22 9:15 p.m.49 views

CVE-2023-50727

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue occurs when /queues is appended with /". This issue has been patched in version 2.6.0...

6.3CVSS0.00514EPSS
Exploits0References3
NVD
NVD
added 2023/12/22 8:15 p.m.49 views

CVE-2023-50725

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in resque-web have been found to be vulnerable to reflected XSS: "/failed/?class=alertdocument.cookie" and "/queues/". This issue has been patched in...

6.3CVSS0.00526EPSS
Exploits0References4
NVD
NVD
added 2023/12/21 8:15 p.m.49 views

CVE-2023-50732

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...

8.3CVSS0.00486EPSS
Exploits1References3
NVD
NVD
added 2023/12/18 5:15 p.m.49 views

CVE-2023-48762

Cross-Site Request Forgery CSRF vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13...

8.8CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2023/12/04 11:15 p.m.49 views

CVE-2023-40459

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service DoS condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by...

7.5CVSS0.02296EPSS
Exploits2References1
NVD
NVD
added 2023/11/17 10:15 p.m.49 views

CVE-2023-48294

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to graph.php to access graphs generated on t...

4.3CVSS0.00695EPSS
Exploits1References3
NVD
NVD
added 2023/11/17 1:15 p.m.49 views

CVE-2023-22273

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

7.2CVSS0.01937EPSS
Exploits0References1
NVD
NVD
added 2023/11/10 6:15 p.m.49 views

CVE-2023-47128

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

9.1CVSS0.00776EPSS
Exploits1References2
NVD
NVD
added 2023/11/07 12:15 p.m.49 views

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS0.00434EPSS
Exploits0References2
NVD
NVD
added 2023/11/01 6:15 p.m.49 views

CVE-2023-20031

A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs whe...

5.4CVSS5.2AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 9:15 p.m.49 views

CVE-2023-45128

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to injec...

10CVSS9.6AI score0.00313EPSS
Exploits0References2
NVD
NVD
added 2023/09/20 3:15 a.m.49 views

CVE-2023-4088

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service DoS condition, if the...

9.3CVSS8.8AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2023/09/05 6:15 p.m.49 views

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

9.8CVSS9.8AI score0.01391EPSS
Exploits1References1
NVD
NVD
added 2023/09/05 4:15 a.m.49 views

CVE-2023-36308

disintegration Imaging 1.6.2 allows attackers to cause a panic because of an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenc...

5.5CVSS5.3AI score0.00354EPSS
Exploits1References4
NVD
NVD
added 2023/08/16 3:15 p.m.49 views

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

5.3CVSS5.2AI score0.00547EPSS
Exploits0References2
NVD
NVD
added 2023/08/03 3:15 p.m.49 views

CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses...

7.4CVSS7.3AI score0.00746EPSS
Exploits0References3
NVD
NVD
added 2023/08/03 5:15 a.m.49 views

CVE-2023-4112

A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...

6.1CVSS5.1AI score0.05177EPSS
Exploits4References3
NVD
NVD
added 2023/08/02 8:15 p.m.49 views

CVE-2023-29409

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

5.3CVSS6.7AI score0.01328EPSS
Exploits0References6
NVD
NVD
added 2023/07/31 11:15 p.m.49 views

CVE-2023-3462

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed i...

5.3CVSS5.5AI score0.00613EPSS
Exploits0References1
NVD
NVD
added 2023/07/31 3:15 p.m.49 views

CVE-2023-38308

An issue was discovered in Webmin 2.021. A Cross-Site Scripting XSS vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitra...

6.1CVSS6AI score0.00615EPSS
Exploits1References2
NVD
NVD
added 2023/07/27 4:15 p.m.49 views

CVE-2023-38492

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still...

7.5CVSS6.3AI score0.01028EPSS
Exploits0References7
NVD
NVD
added 2023/07/13 11:15 p.m.49 views

CVE-2023-37274

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

7.8CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2023/07/11 9:15 a.m.49 views

CVE-2023-34015

Cross-Site Request Forgery CSRF vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin = 1.6.4.4 versions...

8.8CVSS6.5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2023/06/28 6:15 p.m.49 views

CVE-2023-21171

In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

6.7CVSS6.5AI score0.00096EPSS
Exploits0References1
NVD
NVD
added 2023/06/27 2:15 p.m.49 views

CVE-2023-0588

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

6.1CVSS6.1AI score0.00458EPSS
Exploits2References1
NVD
NVD
added 2023/06/26 10:15 a.m.49 views

CVE-2023-29430

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CTHthemes TheRoof theme = 1.0.3 versions...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2023/06/19 5:15 p.m.49 views

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...

7.5CVSS7.5AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2023/06/14 10:15 p.m.49 views

CVE-2023-34251

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...

9.9CVSS9.9AI score0.02338EPSS
Exploits1References3
NVD
NVD
added 2023/06/07 1:15 a.m.49 views

CVE-2023-33781

An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file...

8.8CVSS8.9AI score0.36026EPSS
Exploits2References4
NVD
NVD
added 2023/05/27 7:15 p.m.49 views

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

9.8CVSS9.9AI score0.01332EPSS
Exploits0References5
NVD
NVD
added 2023/05/18 11:15 a.m.49 views

CVE-2023-27423

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Auto Prune Posts plugin = 1.8.0 versions...

8.8CVSS6.5AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2023/05/15 4:15 a.m.49 views

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

7.5CVSS7.4AI score0.01033EPSS
Exploits0References5
NVD
NVD
added 2023/05/11 7:15 a.m.49 views

CVE-2023-2643

A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/updatepassword.php of the component POST Parameter Handler. The manipulation of the argument newpassword leads to sql injection. The...

9.8CVSS7.5AI score0.00726EPSS
Exploits1References3
Total number of security vulnerabilities5000