Lucene search
K
NvdMost viewed

363745 matches found

NVD
NVD
•added 2022/10/31 4:15 p.m.•49 views

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00969EPSS
Exploits2References1
NVD
NVD
•added 2022/10/11 9:15 p.m.•49 views

CVE-2022-41168

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part .catpart, CatiaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
•added 2022/10/10 9:15 p.m.•49 views

CVE-2022-39288

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...

7.5CVSS0.59244EPSS
Exploits0References3
NVD
NVD
•added 2022/10/10 9:15 p.m.•49 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS0.00468EPSS
Exploits2References1
NVD
NVD
•added 2022/09/16 9:15 p.m.•49 views

CVE-2022-35969

TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00383EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 9:15 p.m.•49 views

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
NVD
NVD
•added 2022/08/16 2:15 p.m.•49 views

CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...

8.8CVSS0.01602EPSS
Exploits0References2
NVD
NVD
•added 2022/08/05 9:15 p.m.•49 views

CVE-2022-31614

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure...

7.8CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2022/07/27 3:15 p.m.•49 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS0.00668EPSS
Exploits0References2
NVD
NVD
•added 2022/07/26 8:15 a.m.•49 views

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...

5.7CVSS0.00602EPSS
Exploits0References1
NVD
NVD
•added 2022/07/11 1:15 a.m.•49 views

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01118EPSS
Exploits1References1
NVD
NVD
•added 2022/06/27 11:15 p.m.•49 views

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

7.5CVSS0.01383EPSS
Exploits0References3
NVD
NVD
•added 2022/06/16 9:15 p.m.•49 views

CVE-2021-36609

Cross Site Scripting XSS vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
•added 2022/06/15 11:15 p.m.•49 views

CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

3.3CVSS0.00251EPSS
Exploits0References2
NVD
NVD
•added 2022/06/02 2:15 p.m.•49 views

CVE-2022-29732

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting XSS vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00725EPSS
Exploits2References2
NVD
NVD
•added 2022/04/27 6:15 a.m.•49 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS0.00403EPSS
Exploits0References3
NVD
NVD
•added 2022/04/18 5:15 p.m.•49 views

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This...

7.7CVSS0.0091EPSS
Exploits0References1
NVD
NVD
•added 2022/03/22 9:15 p.m.•49 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS0.03986EPSS
Exploits1References1
NVD
NVD
•added 2022/03/17 9:15 p.m.•49 views

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

10CVSS0.03106EPSS
Exploits3References2
NVD
NVD
•added 2022/03/14 11:15 a.m.•49 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS0.41861EPSS
Exploits0References16
NVD
NVD
•added 2022/02/21 11:15 a.m.•49 views

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.8CVSS0.18878EPSS
Exploits1References2
NVD
NVD
•added 2021/12/10 10:15 a.m.•49 views

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message...

10CVSS0.99999EPSS
Exploits351References52
NVD
NVD
•added 2021/12/09 5:15 p.m.•49 views

CVE-2021-22568

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 accesstoken that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend...

8.8CVSS0.00915EPSS
Exploits0References3
NVD
NVD
•added 2021/12/07 2:15 p.m.•49 views

CVE-2021-22956

An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

7.5CVSS0.00894EPSS
Exploits0References1
NVD
NVD
•added 2021/11/23 8:15 p.m.•49 views

CVE-2021-25986

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

5.4CVSS0.00583EPSS
Exploits0References2
NVD
NVD
•added 2021/10/25 5:15 p.m.•49 views

CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

6.5CVSS0.00258EPSS
Exploits0References2
NVD
NVD
•added 2021/10/11 3:15 a.m.•49 views

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS0.00755EPSS
Exploits0References1
NVD
NVD
•added 2021/10/07 5:15 p.m.•49 views

CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

10CVSS0.69882EPSS
Exploits2References3
NVD
NVD
•added 2021/09/28 6:15 p.m.•49 views

CVE-2021-41318

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...

6.1CVSS0.05881EPSS
Exploits4References2
NVD
NVD
•added 2021/09/10 10:15 p.m.•49 views

CVE-2021-24040

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...

9.8CVSS0.17353EPSS
Exploits4References3
NVD
NVD
•added 2021/08/16 5:15 a.m.•49 views

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

5.5CVSS0.01541EPSS
Exploits2References3
NVD
NVD
•added 2021/08/13 12:15 p.m.•49 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8CVSS0.2382EPSS
Exploits5References2
NVD
NVD
•added 2021/08/12 6:15 p.m.•49 views

CVE-2021-37653

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

5.5CVSS0.00152EPSS
Exploits0References2
NVD
NVD
•added 2021/08/11 1:15 p.m.•49 views

CVE-2021-0084

Improper input validation in the IntelR Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00316EPSS
Exploits0References2
NVD
NVD
•added 2021/07/30 10:15 p.m.•49 views

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS0.02032EPSS
Exploits0References3
NVD
NVD
•added 2021/07/19 3:15 p.m.•49 views

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

10CVSS0.07376EPSS
Exploits0References1
NVD
NVD
•added 2021/05/27 7:15 p.m.•49 views

CVE-2020-10716

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects...

6.5CVSS0.00768EPSS
Exploits0References2
NVD
NVD
•added 2021/05/27 6:15 p.m.•49 views

CVE-2021-32643

Http4s is a Scala interface for HTTP services. StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a...

5.8CVSS0.01395EPSS
Exploits0References3
NVD
NVD
•added 2021/05/13 6:15 p.m.•49 views

CVE-2021-22135

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

5.3CVSS0.01162EPSS
Exploits0References2
NVD
NVD
•added 2021/05/10 2:15 p.m.•49 views

CVE-2021-23008

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD Active Directory authentication can be bypassed via a spoofed AS-REP Kerberos Authentication Service Response response sent over a hijacked KDC...

9.8CVSS0.01326EPSS
Exploits0References1
NVD
NVD
•added 2021/04/16 10:15 p.m.•49 views

CVE-2021-29445

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS0.01238EPSS
Exploits0References2
NVD
NVD
•added 2021/03/04 1:15 p.m.•49 views

CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...

8.8CVSS0.02935EPSS
Exploits3References5
NVD
NVD
•added 2021/02/23 10:15 p.m.•49 views

CVE-2021-20182

A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as...

8.8CVSS0.01145EPSS
Exploits0References1
NVD
NVD
•added 2021/02/11 6:15 p.m.•49 views

CVE-2021-21299

hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple...

8.1CVSS0.04771EPSS
Exploits0References5
NVD
NVD
•added 2021/02/05 8:15 p.m.•49 views

CVE-2021-1072

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream rxdiag.dll where an arbitrary file deletion due to improper handling of log files may lead to denial of service...

7.1CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2021/02/01 9:15 p.m.•49 views

CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READEXTERNALSTORAGE, WRITEEXTERNALSTORAGE, and READCONTACTS...

9.8CVSS9.5AI score0.02295EPSS
Exploits0References3
NVD
NVD
•added 2021/01/19 8:15 p.m.•49 views

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

7.2CVSS6.8AI score0.01605EPSS
Exploits0References5
NVD
NVD
•added 2020/09/30 6:15 p.m.•49 views

CVE-2020-26149

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server...

7.5CVSS0.01476EPSS
Exploits0References3
NVD
NVD
•added 2020/09/03 2:15 a.m.•49 views

CVE-2020-25086

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advancedsettings/adminUsers.php...

6.1CVSS6AI score0.00679EPSS
Exploits0References1
NVD
NVD
•added 2020/08/20 1:17 a.m.•49 views

CVE-2020-15143

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

8.8CVSS8.1AI score0.01914EPSS
Exploits1References1
Total number of security vulnerabilities5000