Lucene search
K
NvdMost viewed

364393 matches found

NVD
NVD
added 2023/02/14 4:15 p.m.49 views

CVE-2022-22564

Dell EMC Unity versions before 5.2.0.0.5.173 , usees broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information...

5.9CVSS5.8AI score0.00451EPSS
Exploits0References1
NVD
NVD
added 2023/02/14 11:15 a.m.49 views

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

7.8CVSS7.9AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2023/02/11 6:15 p.m.49 views

CVE-2023-0783

A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS6AI score0.00875EPSS
Exploits1References3
NVD
NVD
added 2023/02/08 5:15 a.m.49 views

CVE-2023-0739

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in GitHub repository answerdev/answer prior to 1.0.4...

8.1CVSS7AI score0.0069EPSS
Exploits1References2
NVD
NVD
added 2023/02/03 8:15 p.m.49 views

CVE-2023-23925

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

8.6CVSS8.5AI score0.00541EPSS
Exploits0References2
NVD
NVD
added 2023/02/02 1:15 p.m.49 views

CVE-2022-46604

An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution...

8.8CVSS8.9AI score0.08627EPSS
Exploits5References4
NVD
NVD
added 2023/01/26 9:18 p.m.49 views

CVE-2023-23613

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

6.5CVSS5.7AI score0.00821EPSS
Exploits0References2
NVD
NVD
added 2023/01/13 7:15 p.m.49 views

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS3.7AI score0.00555EPSS
Exploits0References3
NVD
NVD
added 2023/01/10 9:15 p.m.49 views

CVE-2022-38393

A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this...

7.5CVSS7.3AI score0.18847EPSS
Exploits1References2
NVD
NVD
added 2023/01/10 4:15 a.m.49 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

9.8CVSS8.9AI score0.00693EPSS
Exploits0References2
NVD
NVD
added 2023/01/02 4:15 p.m.49 views

CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS6AI score0.06608EPSS
Exploits3References6
NVD
NVD
added 2022/12/22 9:15 p.m.49 views

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS0.01594EPSS
Exploits1References4
NVD
NVD
added 2022/12/21 11:15 a.m.49 views

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

8.8CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2022/12/21 12:15 a.m.49 views

CVE-2022-42949

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions...

7.5CVSS0.00524EPSS
Exploits0References2
NVD
NVD
added 2022/12/20 9:15 p.m.49 views

CVE-2022-23542

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

9.8CVSS0.0091EPSS
Exploits0References3
NVD
NVD
added 2022/12/15 7:15 p.m.49 views

CVE-2022-32531

The Apache Bookkeeper Java Client before 4.14.6 and also 4.15.0 does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 a...

5.9CVSS0.01021EPSS
Exploits0References1
NVD
NVD
added 2022/11/15 8:15 p.m.49 views

CVE-2022-45401

Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00589EPSS
Exploits0References2
NVD
NVD
added 2022/11/08 8:15 a.m.49 views

CVE-2022-39343

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a vali...

7.8CVSS0.00822EPSS
Exploits1References2
NVD
NVD
added 2022/11/04 3:15 p.m.49 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7.8CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2022/11/03 8:15 p.m.49 views

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS0.00643EPSS
Exploits1References2
NVD
NVD
added 2022/10/11 9:15 p.m.49 views

CVE-2022-41168

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part .catpart, CatiaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
added 2022/10/11 7:15 p.m.49 views

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, becaus...

10CVSS0.02591EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 9:15 p.m.49 views

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
NVD
NVD
added 2022/08/31 4:15 p.m.49 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.1CVSS0.00746EPSS
Exploits0References2
NVD
NVD
added 2022/08/16 2:15 p.m.49 views

CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...

8.8CVSS0.01602EPSS
Exploits0References2
NVD
NVD
added 2022/07/27 3:15 p.m.49 views

CVE-2022-36907

A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

6.5CVSS0.00668EPSS
Exploits0References2
NVD
NVD
added 2022/07/26 8:15 a.m.49 views

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...

5.7CVSS0.00602EPSS
Exploits0References1
NVD
NVD
added 2022/06/27 11:15 p.m.49 views

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

7.5CVSS0.01383EPSS
Exploits0References3
NVD
NVD
added 2022/06/16 9:15 p.m.49 views

CVE-2021-36609

Cross Site Scripting XSS vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
added 2022/06/02 2:15 p.m.49 views

CVE-2022-29732

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting XSS vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00725EPSS
Exploits2References2
NVD
NVD
added 2022/04/18 5:15 p.m.49 views

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This...

7.7CVSS0.0091EPSS
Exploits0References1
NVD
NVD
added 2022/04/12 5:15 p.m.49 views

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

7.5CVSS0.01359EPSS
Exploits1References2
NVD
NVD
added 2022/03/22 9:15 p.m.49 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS0.03986EPSS
Exploits1References1
NVD
NVD
added 2022/03/17 9:15 p.m.49 views

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

10CVSS0.03106EPSS
Exploits3References2
NVD
NVD
added 2022/03/14 11:15 a.m.49 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS0.41861EPSS
Exploits0References16
NVD
NVD
added 2022/02/21 11:15 a.m.49 views

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.8CVSS0.18878EPSS
Exploits1References2
NVD
NVD
added 2022/01/17 2:15 a.m.49 views

CVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

9.8CVSS0.02944EPSS
Exploits0References4
NVD
NVD
added 2021/12/09 5:15 p.m.49 views

CVE-2021-22568

When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 accesstoken that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend...

8.8CVSS0.00915EPSS
Exploits0References3
NVD
NVD
added 2021/12/07 2:15 p.m.49 views

CVE-2021-22956

An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

7.5CVSS0.00894EPSS
Exploits0References1
NVD
NVD
added 2021/11/23 8:15 p.m.49 views

CVE-2021-25986

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

5.4CVSS0.00583EPSS
Exploits0References2
NVD
NVD
added 2021/11/17 8:15 p.m.49 views

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...

9.3CVSS0.0052EPSS
Exploits0References2
NVD
NVD
added 2021/10/25 5:15 p.m.49 views

CVE-2021-34855

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

6.5CVSS0.00258EPSS
Exploits0References2
NVD
NVD
added 2021/10/07 5:15 p.m.49 views

CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

10CVSS0.69882EPSS
Exploits2References3
NVD
NVD
added 2021/09/28 6:15 p.m.49 views

CVE-2021-41318

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...

6.1CVSS0.05881EPSS
Exploits4References2
NVD
NVD
added 2021/09/10 10:15 p.m.49 views

CVE-2021-24040

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...

9.8CVSS0.17353EPSS
Exploits4References3
NVD
NVD
added 2021/08/16 5:15 a.m.49 views

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

5.5CVSS0.01541EPSS
Exploits2References3
NVD
NVD
added 2021/08/13 12:15 p.m.49 views

CVE-2021-37343

A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios...

8.8CVSS0.2382EPSS
Exploits5References2
NVD
NVD
added 2021/08/12 6:15 p.m.49 views

CVE-2021-37653

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

5.5CVSS0.00152EPSS
Exploits0References2
NVD
NVD
added 2021/08/11 1:15 p.m.49 views

CVE-2021-0084

Improper input validation in the IntelR Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00316EPSS
Exploits0References2
NVD
NVD
added 2021/07/30 10:15 p.m.49 views

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS0.02032EPSS
Exploits0References3
Total number of security vulnerabilities5000