Lucene search
K
NvdMost viewed

364109 matches found

NVD
NVD
•added 2023/03/31 1:15 a.m.•49 views

CVE-2023-1755

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

8.4CVSS6AI score0.00615EPSS
Exploits1References2
NVD
NVD
•added 2023/03/28 9:15 p.m.•49 views

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

8.2CVSS8.1AI score0.00906EPSS
Exploits0References1
NVD
NVD
•added 2023/03/19 5:15 p.m.•49 views

CVE-2023-1496

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0...

6.5CVSS5.4AI score0.01585EPSS
Exploits1References2
NVD
NVD
•added 2023/03/13 12:15 p.m.•49 views

CVE-2023-24033

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol SDP module, which can lead to a denial of service...

9.8CVSS7.8AI score0.34546EPSS
Exploits0References3
NVD
NVD
•added 2023/03/06 11:15 p.m.•49 views

CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS9.4AI score0.00454EPSS
Exploits0References2
NVD
NVD
•added 2023/03/03 11:15 p.m.•49 views

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

7.5CVSS7.5AI score0.00652EPSS
Exploits1References2
NVD
NVD
•added 2023/03/02 4:15 a.m.•49 views

CVE-2023-25806

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

5.3CVSS5.4AI score0.00328EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 8:15 p.m.•49 views

CVE-2022-30704

Improper initialization in the IntelR TXT SINIT ACM for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.1AI score0.00212EPSS
Exploits0References1
NVD
NVD
•added 2023/02/14 4:15 p.m.•49 views

CVE-2022-22564

Dell EMC Unity versions before 5.2.0.0.5.173 , usees broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information...

5.9CVSS5.8AI score0.00451EPSS
Exploits0References1
NVD
NVD
•added 2023/02/14 11:15 a.m.•49 views

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

7.8CVSS7.9AI score0.00229EPSS
Exploits0References1
NVD
NVD
•added 2023/02/11 6:15 p.m.•49 views

CVE-2023-0783

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS6AI score0.00875EPSS
Exploits1References3
NVD
NVD
•added 2023/02/08 5:15 a.m.•49 views

CVE-2023-0739

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...

8.1CVSS7AI score0.0069EPSS
Exploits1References2
NVD
NVD
•added 2023/02/03 8:15 p.m.•49 views

CVE-2023-23925

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

8.6CVSS8.5AI score0.00541EPSS
Exploits0References2
NVD
NVD
•added 2023/01/13 7:15 p.m.•49 views

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS3.7AI score0.00555EPSS
Exploits0References3
NVD
NVD
•added 2023/01/10 9:15 p.m.•49 views

CVE-2022-38393

A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.3AI score0.18847EPSS
Exploits1References2
NVD
NVD
•added 2023/01/10 4:15 a.m.•49 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

9.8CVSS8.9AI score0.00693EPSS
Exploits0References2
NVD
NVD
•added 2023/01/02 4:15 p.m.•49 views

CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6AI score0.06608EPSS
Exploits3References6
NVD
NVD
•added 2022/12/22 9:15 p.m.•49 views

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS0.01594EPSS
Exploits1References4
NVD
NVD
•added 2022/12/21 11:15 a.m.•49 views

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

8.8CVSS0.00211EPSS
Exploits0References1
NVD
NVD
•added 2022/12/21 12:15 a.m.•49 views

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

7.5CVSS0.00524EPSS
Exploits0References2
NVD
NVD
•added 2022/12/20 9:15 p.m.•49 views

CVE-2022-23542

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

9.8CVSS0.0091EPSS
Exploits0References3
NVD
NVD
•added 2022/12/15 7:15 p.m.•49 views

CVE-2022-32531

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...

5.9CVSS0.01021EPSS
Exploits0References1
NVD
NVD
•added 2022/11/15 8:15 p.m.•49 views

CVE-2022-45401

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00589EPSS
Exploits0References2
NVD
NVD
•added 2022/11/08 8:15 a.m.•49 views

CVE-2022-39343

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a vali...

7.8CVSS0.00822EPSS
Exploits1References2
NVD
NVD
•added 2022/11/04 3:15 p.m.•49 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7.8CVSS0.0025EPSS
Exploits0References1
NVD
NVD
•added 2022/11/03 8:15 p.m.•49 views

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS0.00643EPSS
Exploits1References2
NVD
NVD
•added 2022/10/31 4:15 p.m.•49 views

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00969EPSS
Exploits2References1
NVD
NVD
•added 2022/10/11 9:15 p.m.•49 views

CVE-2022-41168

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part .catpart, CatiaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
•added 2022/10/11 7:15 p.m.•49 views

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, becaus...

10CVSS0.02591EPSS
Exploits0References2
NVD
NVD
•added 2022/10/10 9:15 p.m.•49 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS0.00468EPSS
Exploits2References1
NVD
NVD
•added 2022/09/16 9:15 p.m.•49 views

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
NVD
NVD
•added 2022/08/31 4:15 p.m.•49 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.1CVSS0.00746EPSS
Exploits0References2
NVD
NVD
•added 2022/08/16 2:15 p.m.•49 views

CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...

8.8CVSS0.01602EPSS
Exploits0References2
NVD
NVD
•added 2022/07/27 3:15 p.m.•49 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS0.00668EPSS
Exploits0References2
NVD
NVD
•added 2022/07/26 8:15 a.m.•49 views

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...

5.7CVSS0.00602EPSS
Exploits0References1
NVD
NVD
•added 2022/07/11 1:15 a.m.•49 views

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01118EPSS
Exploits1References1
NVD
NVD
•added 2022/06/27 11:15 p.m.•49 views

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

7.5CVSS0.01383EPSS
Exploits0References3
NVD
NVD
•added 2022/06/16 9:15 p.m.•49 views

CVE-2021-36609

Cross Site Scripting XSS vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
•added 2022/06/15 11:15 p.m.•49 views

CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

3.3CVSS0.00251EPSS
Exploits0References2
NVD
NVD
•added 2022/06/02 2:15 p.m.•49 views

CVE-2022-29732

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting XSS vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00725EPSS
Exploits2References2
NVD
NVD
•added 2022/04/18 5:15 p.m.•49 views

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This...

7.7CVSS0.0091EPSS
Exploits0References1
NVD
NVD
•added 2022/04/12 5:15 p.m.•49 views

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

7.5CVSS0.01359EPSS
Exploits1References2
NVD
NVD
•added 2022/03/22 9:15 p.m.•49 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS0.03986EPSS
Exploits1References1
NVD
NVD
•added 2022/03/17 9:15 p.m.•49 views

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

10CVSS0.03106EPSS
Exploits3References2
NVD
NVD
•added 2022/03/14 11:15 a.m.•49 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS0.41861EPSS
Exploits0References16
NVD
NVD
•added 2022/02/21 11:15 a.m.•49 views

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.8CVSS0.18878EPSS
Exploits1References2
NVD
NVD
•added 2022/01/17 2:15 a.m.•49 views

CVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

9.8CVSS0.02944EPSS
Exploits0References4
NVD
NVD
•added 2021/12/09 5:15 p.m.•49 views

CVE-2021-22568

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 accesstoken that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend...

8.8CVSS0.00915EPSS
Exploits0References3
NVD
NVD
•added 2021/12/07 2:15 p.m.•49 views

CVE-2021-22956

An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

7.5CVSS0.00894EPSS
Exploits0References1
NVD
NVD
•added 2021/11/23 8:15 p.m.•49 views

CVE-2021-25986

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

5.4CVSS0.00583EPSS
Exploits0References2
Total number of security vulnerabilities5000