Lucene search
K
NvdMost viewed

364155 matches found

NVD
NVD
added 2024/12/31 1:15 p.m.49 views

CVE-2024-55991

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.2.9.1...

6.5CVSS0.00334EPSS
Exploits0References1
NVD
NVD
added 2024/12/18 9:15 p.m.49 views

CVE-2024-45338

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS0.00856EPSS
Exploits0References5
NVD
NVD
added 2024/12/18 1:15 p.m.49 views

CVE-2024-50570

A Cleartext Storage of Sensitive Information vulnerability CWE-312 in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN passwor...

5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2024/12/17 3:15 a.m.49 views

CVE-2020-12487

Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege...

7CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/12/03 6:15 p.m.49 views

CVE-2024-52548

An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

6.7CVSS0.00163EPSS
Exploits1References2
NVD
NVD
added 2024/12/03 6:15 p.m.49 views

CVE-2024-41775

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 10:15 p.m.49 views

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS0.00435EPSS
Exploits0References2
NVD
NVD
added 2024/11/26 11:21 a.m.49 views

CVE-2024-11024

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possibl...

9.8CVSS0.00678EPSS
Exploits0References2
NVD
NVD
added 2024/11/21 11:15 a.m.49 views

CVE-2024-10696

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

4.3CVSS0.00484EPSS
Exploits0References2
NVD
NVD
added 2024/11/18 4:15 p.m.49 views

CVE-2024-52424

Cross-Site Request Forgery CSRF vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through = 1.0...

7.1CVSS0.00156EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 3:15 p.m.49 views

CVE-2024-52436

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal Post SMTP post-smtp allows Blind SQL Injection.This issue affects Post SMTP: from n/a through = 2.9.9...

7.6CVSS0.00456EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 6:15 p.m.49 views

CVE-2024-43459

SQL Server Native Client Remote Code Execution Vulnerability...

8.8CVSS0.01577EPSS
Exploits0References1
NVD
NVD
added 2024/11/11 8:15 p.m.49 views

CVE-2024-51489

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

5.4CVSS0.00272EPSS
Exploits1References1
NVD
NVD
added 2024/11/06 11:15 p.m.49 views

CVE-2024-10928

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site...

6.1CVSS0.00383EPSS
Exploits1References4
NVD
NVD
added 2024/11/01 3:15 p.m.49 views

CVE-2024-37250

Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...

5.4CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 2:15 p.m.49 views

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...

7.5CVSS0.17156EPSS
Exploits1References2
NVD
NVD
added 2024/10/21 8:15 p.m.49 views

CVE-2022-48985

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi workdone After calling napicompletedone, the NAPIFSTATESCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq-workdone. If the other thread for...

4.7CVSS0.00226EPSS
Exploits0References3
NVD
NVD
added 2024/10/18 6:15 a.m.49 views

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS0.00631EPSS
Exploits1References2
NVD
NVD
added 2024/09/19 4:15 p.m.49 views

CVE-2024-45861

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information...

9.2CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 7:15 p.m.49 views

CVE-2024-45612

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

5.3CVSS0.00298EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 5:15 p.m.49 views

CVE-2024-43461

Windows MSHTML Platform Spoofing Vulnerability...

8.8CVSS0.51883EPSS
Exploits0References2
NVD
NVD
added 2024/09/07 4:15 p.m.49 views

CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS0.01302EPSS
Exploits0References3
NVD
NVD
added 2024/08/27 7:15 p.m.49 views

CVE-2024-8210

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...

9.8CVSS0.07482EPSS
Exploits1References6
NVD
NVD
added 2024/08/02 1:15 a.m.49 views

CVE-2024-22278

Incorrect user permission validation in Harbor v2.9.5 and Harbor v2.10.3 allows authenticated users to modify configurations...

6.4CVSS0.00368EPSS
Exploits0References1
NVD
NVD
added 2024/08/01 4:15 a.m.49 views

CVE-2024-7339

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...

6.9CVSS0.32028EPSS
Exploits2References4
NVD
NVD
added 2024/07/29 6:15 a.m.49 views

CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP...

9.1CVSS0.28993EPSS
Exploits2References1
NVD
NVD
added 2024/07/25 8:15 p.m.49 views

CVE-2024-29068

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

6.6CVSS0.00212EPSS
Exploits0References2
NVD
NVD
added 2024/07/25 7:15 p.m.49 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS0.00306EPSS
Exploits1References3
NVD
NVD
added 2024/07/22 7:15 p.m.49 views

CVE-2024-37380

A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Affected Products: UniFi U6+ Access Point Version 6.6.65 and earlier Mitigation: Update your UniFi U6+ Access Point to Version 6.6.74 or later...

5.3CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2024/07/17 9:15 a.m.49 views

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

8.8CVSS0.01607EPSS
Exploits0References2
NVD
NVD
added 2024/07/16 9:15 p.m.49 views

CVE-2024-21687

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the...

8.1CVSS0.00746EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 6:15 p.m.49 views

CVE-2024-40737

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add...

6.1CVSS0.00353EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 6:15 p.m.49 views

CVE-2024-38970

vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function...

4.9CVSS0.00441EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.49 views

CVE-2024-30061

Microsoft Dynamics 365 On-Premises Information Disclosure Vulnerability...

7.3CVSS0.01373EPSS
Exploits0References1
NVD
NVD
added 2024/07/08 6:15 p.m.49 views

CVE-2024-39896

Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs t...

7.5CVSS0.00506EPSS
Exploits1References2
NVD
NVD
added 2024/07/04 7:15 p.m.49 views

CVE-2024-39934

Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...

7.8CVSS0.0018EPSS
Exploits0References4
NVD
NVD
added 2024/07/01 9:15 p.m.49 views

CVE-2024-32230

FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideoenc.c:1216:21 in loadinputpicture in FFmpeg7.0...

7.8CVSS0.00355EPSS
Exploits1References1
NVD
NVD
added 2024/07/01 1:15 p.m.49 views

CVE-2024-38996

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the .mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS0.01158EPSS
Exploits1References3
NVD
NVD
added 2024/06/28 6:15 p.m.49 views

CVE-2024-38374

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...

7.5CVSS0.00589EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 7:15 p.m.49 views

CVE-2023-38368

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: 261195...

5.5CVSS0.00186EPSS
Exploits1References3
NVD
NVD
added 2024/06/24 10:15 p.m.49 views

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00516EPSS
Exploits1References4
NVD
NVD
added 2024/06/20 2:15 a.m.49 views

CVE-2024-3562

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...

8.8CVSS0.0063EPSS
Exploits0References4
NVD
NVD
added 2024/06/14 4:15 p.m.49 views

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

4.3CVSS0.00431EPSS
Exploits0References3
NVD
NVD
added 2024/06/14 6:15 a.m.49 views

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

6.5CVSS0.00464EPSS
Exploits2References1
NVD
NVD
added 2024/06/12 5:15 p.m.49 views

CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...

7.5CVSS0.00366EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 2:15 p.m.49 views

CVE-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00456EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 5:15 p.m.49 views

CVE-2024-30101

Microsoft Office Remote Code Execution Vulnerability...

7.5CVSS0.01754EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 5:15 p.m.49 views

CVE-2024-30087

Win32k Elevation of Privilege Vulnerability...

7.8CVSS0.09505EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 4:15 p.m.49 views

CVE-2024-37051

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...

9.3CVSS0.03837EPSS
Exploits1References2
NVD
NVD
added 2024/06/08 9:15 a.m.49 views

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS0.00352EPSS
Exploits0References3
Total number of security vulnerabilities5000