Lucene search
K
NvdMost viewed

363679 matches found

NVD
NVD
•added 2023/04/16 3:15 a.m.•49 views

CVE-2022-30076

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...

5.3CVSS5.2AI score0.03543EPSS
Exploits4References1
NVD
NVD
•added 2023/04/11 5:15 p.m.•49 views

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

9.8CVSS9.7AI score0.01275EPSS
Exploits0References1
NVD
NVD
•added 2023/04/06 8:15 a.m.•49 views

CVE-2023-24001

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Yannick Lefebvre Modal Dialog plugin = 3.5.9 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
•added 2023/03/31 1:15 a.m.•49 views

CVE-2023-1755

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

8.4CVSS6AI score0.00615EPSS
Exploits1References2
NVD
NVD
•added 2023/03/28 9:15 p.m.•49 views

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

8.2CVSS8.1AI score0.00906EPSS
Exploits0References1
NVD
NVD
•added 2023/03/19 5:15 p.m.•49 views

CVE-2023-1496

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0...

6.5CVSS5.4AI score0.01585EPSS
Exploits1References2
NVD
NVD
•added 2023/03/13 12:15 p.m.•49 views

CVE-2023-24033

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol SDP module, which can lead to a denial of service...

9.8CVSS7.8AI score0.34546EPSS
Exploits0References3
NVD
NVD
•added 2023/03/06 11:15 p.m.•49 views

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS9.4AI score0.00454EPSS
Exploits0References2
NVD
NVD
•added 2023/03/03 11:15 p.m.•49 views

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

7.5CVSS7.5AI score0.00652EPSS
Exploits1References2
NVD
NVD
•added 2023/02/16 8:15 p.m.•49 views

CVE-2022-30704

Improper initialization in the IntelR TXT SINIT ACM for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.1AI score0.00212EPSS
Exploits0References1
NVD
NVD
•added 2023/02/15 3:15 p.m.•49 views

CVE-2023-25578

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS7.5AI score0.01004EPSS
Exploits1References3
NVD
NVD
•added 2023/02/14 4:15 p.m.•49 views

CVE-2022-22564

Dell EMC Unity versions before 5.2.0.0.5.173 , usees broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information...

5.9CVSS5.8AI score0.00451EPSS
Exploits0References1
NVD
NVD
•added 2023/02/14 11:15 a.m.•49 views

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

7.8CVSS7.9AI score0.00229EPSS
Exploits0References1
NVD
NVD
•added 2023/02/08 5:15 a.m.•49 views

CVE-2023-0739

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...

8.1CVSS7AI score0.0069EPSS
Exploits1References2
NVD
NVD
•added 2023/02/03 8:15 p.m.•49 views

CVE-2023-23925

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

8.6CVSS8.5AI score0.00541EPSS
Exploits0References2
NVD
NVD
•added 2023/01/13 7:15 p.m.•49 views

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS3.7AI score0.00555EPSS
Exploits0References3
NVD
NVD
•added 2023/01/11 8:15 p.m.•49 views

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

7.7CVSS7.4AI score0.00665EPSS
Exploits1References2
NVD
NVD
•added 2023/01/10 9:15 p.m.•49 views

CVE-2022-38393

A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.3AI score0.18847EPSS
Exploits1References2
NVD
NVD
•added 2023/01/10 4:15 a.m.•49 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

9.8CVSS8.9AI score0.00693EPSS
Exploits0References2
NVD
NVD
•added 2023/01/02 4:15 p.m.•49 views

CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6AI score0.06608EPSS
Exploits3References6
NVD
NVD
•added 2022/12/22 9:15 p.m.•49 views

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS0.01594EPSS
Exploits1References4
NVD
NVD
•added 2022/12/21 11:15 a.m.•49 views

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

8.8CVSS0.00211EPSS
Exploits0References1
NVD
NVD
•added 2022/12/21 12:15 a.m.•49 views

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

7.5CVSS0.00524EPSS
Exploits0References2
NVD
NVD
•added 2022/12/20 9:15 p.m.•49 views

CVE-2022-23542

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

9.8CVSS0.0091EPSS
Exploits0References3
NVD
NVD
•added 2022/12/15 7:15 p.m.•49 views

CVE-2022-32531

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...

5.9CVSS0.01021EPSS
Exploits0References1
NVD
NVD
•added 2022/12/14 3:15 p.m.•49 views

CVE-2022-46609

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well ...

9.8CVSS0.01416EPSS
Exploits1References4
NVD
NVD
•added 2022/11/15 8:15 p.m.•49 views

CVE-2022-45401

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00589EPSS
Exploits0References2
NVD
NVD
•added 2022/11/08 8:15 a.m.•49 views

CVE-2022-39343

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a vali...

7.8CVSS0.00822EPSS
Exploits1References2
NVD
NVD
•added 2022/11/03 8:15 p.m.•49 views

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS0.00643EPSS
Exploits1References2
NVD
NVD
•added 2022/11/01 10:15 p.m.•49 views

CVE-2022-3817

A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be...

6.5CVSS0.00771EPSS
Exploits1References3
NVD
NVD
•added 2022/10/31 4:15 p.m.•49 views

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00969EPSS
Exploits2References1
NVD
NVD
•added 2022/10/11 9:15 p.m.•49 views

CVE-2022-41168

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part .catpart, CatiaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
•added 2022/10/10 9:15 p.m.•49 views

CVE-2022-39288

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...

7.5CVSS0.59244EPSS
Exploits0References3
NVD
NVD
•added 2022/10/10 9:15 p.m.•49 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS0.00468EPSS
Exploits2References1
NVD
NVD
•added 2022/09/16 9:15 p.m.•49 views

CVE-2022-35969

TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00383EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 9:15 p.m.•49 views

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
NVD
NVD
•added 2022/08/16 2:15 p.m.•49 views

CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...

8.8CVSS0.01602EPSS
Exploits0References2
NVD
NVD
•added 2022/08/05 9:15 p.m.•49 views

CVE-2022-31614

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure...

7.8CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2022/07/27 3:15 p.m.•49 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS0.00668EPSS
Exploits0References2
NVD
NVD
•added 2022/07/26 8:15 a.m.•49 views

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...

5.7CVSS0.00602EPSS
Exploits0References1
NVD
NVD
•added 2022/07/11 1:15 a.m.•49 views

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01118EPSS
Exploits1References1
NVD
NVD
•added 2022/06/27 11:15 p.m.•49 views

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

7.5CVSS0.01383EPSS
Exploits0References3
NVD
NVD
•added 2022/06/16 9:15 p.m.•49 views

CVE-2021-36609

Cross Site Scripting XSS vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
•added 2022/06/15 11:15 p.m.•49 views

CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

3.3CVSS0.00251EPSS
Exploits0References2
NVD
NVD
•added 2022/06/02 2:15 p.m.•49 views

CVE-2022-29732

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting XSS vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00725EPSS
Exploits2References2
NVD
NVD
•added 2022/04/27 6:15 a.m.•49 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS0.00403EPSS
Exploits0References3
NVD
NVD
•added 2022/03/22 9:15 p.m.•49 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS0.03986EPSS
Exploits1References1
NVD
NVD
•added 2022/03/17 9:15 p.m.•49 views

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

10CVSS0.03106EPSS
Exploits3References2
NVD
NVD
•added 2022/03/14 11:15 a.m.•49 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS0.41861EPSS
Exploits0References16
NVD
NVD
•added 2022/02/21 11:15 a.m.•49 views

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.8CVSS0.18878EPSS
Exploits1References2
Total number of security vulnerabilities5000