Lucene search
K
NvdMost viewed

363745 matches found

NVD
NVD
added 2024/07/18 9:15 p.m.48 views

CVE-2024-6455

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekitwidgetareacontent function. This makes it possible for unauthenticated attackers to view any item created in Elementor,...

5.3CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 9:15 a.m.48 views

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

8.8CVSS0.01607EPSS
Exploits0References2
NVD
NVD
added 2024/07/15 8:15 a.m.48 views

CVE-2023-46801

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

8.8CVSS0.01228EPSS
Exploits0References2
NVD
NVD
added 2024/07/12 3:15 p.m.48 views

CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

9.8CVSS0.23414EPSS
Exploits1References2
NVD
NVD
added 2024/07/09 5:15 p.m.48 views

CVE-2024-37331

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01854EPSS
Exploits0References1
NVD
NVD
added 2024/07/04 7:15 p.m.48 views

CVE-2024-39934

Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...

7.8CVSS0.0018EPSS
Exploits0References4
NVD
NVD
added 2024/07/03 4:15 a.m.48 views

CVE-2024-39920

The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system to any server, when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the...

4.3CVSS0.00572EPSS
Exploits0References8
NVD
NVD
added 2024/06/24 10:15 p.m.48 views

CVE-2024-6290

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00516EPSS
Exploits1References4
NVD
NVD
added 2024/06/14 4:15 p.m.48 views

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

7.8CVSS0.0032EPSS
Exploits0References3
NVD
NVD
added 2024/06/14 6:15 a.m.48 views

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

6.5CVSS0.00464EPSS
Exploits2References1
NVD
NVD
added 2024/06/13 5:15 p.m.48 views

CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS0.00529EPSS
Exploits0References2
NVD
NVD
added 2024/06/12 9:15 a.m.48 views

CVE-2024-5203

Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does...

Exploits0
NVD
NVD
added 2024/06/11 5:15 p.m.48 views

CVE-2024-30065

Windows Themes Denial of Service Vulnerability...

5.5CVSS0.00841EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 8:15 p.m.48 views

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.6CVSS0.01952EPSS
Exploits0References3
NVD
NVD
added 2024/06/09 12:15 p.m.48 views

CVE-2024-33565

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3...

9.1CVSS0.00413EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 9:15 a.m.48 views

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS0.00352EPSS
Exploits0References3
NVD
NVD
added 2024/06/07 10:15 a.m.48 views

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

8.8CVSS0.00493EPSS
Exploits0References3
NVD
NVD
added 2024/05/17 12:15 p.m.48 views

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

5.5CVSS7.7AI score0.00244EPSS
Exploits0References10
NVD
NVD
added 2024/05/16 9:15 a.m.48 views

CVE-2024-4181

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

8.8CVSS9.1AI score0.02118EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 3:38 p.m.48 views

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS8AI score0.00963EPSS
Exploits2References2
NVD
NVD
added 2024/05/14 2:33 p.m.48 views

CVE-2023-6327

The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchas...

5.3CVSS5.5AI score0.00676EPSS
Exploits0References3
NVD
NVD
added 2024/05/03 7:15 a.m.48 views

CVE-2024-33928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0...

7.1CVSS7.2AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 2:15 a.m.48 views

CVE-2023-32154

Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS7.9AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 7:15 a.m.48 views

CVE-2024-32971

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...

9CVSS9.3AI score0.00727EPSS
Exploits0References4
NVD
NVD
added 2024/04/22 11:15 p.m.48 views

CVE-2024-32656

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...

7.8CVSS8.2AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2024/04/17 2:15 p.m.48 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects a...

8.1CVSS7.7AI score0.01552EPSS
Exploits0References14
NVD
NVD
added 2024/04/04 8:15 p.m.48 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS7.7AI score0.91327EPSS
Exploits2References10
NVD
NVD
added 2024/03/28 7:16 a.m.48 views

CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors...

4.3CVSS4.3AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2024/03/21 11:15 p.m.48 views

CVE-2024-29031

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of...

7.5CVSS7.6AI score0.00951EPSS
Exploits1References3
NVD
NVD
added 2024/03/15 11:15 p.m.48 views

CVE-2024-28859

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...

9CVSS5.9AI score0.01485EPSS
Exploits1References2
NVD
NVD
added 2024/03/12 3:15 p.m.48 views

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

8CVSS7.9AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2024/03/06 8:15 p.m.48 views

CVE-2024-27917

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7.6AI score0.00611EPSS
Exploits0References4
NVD
NVD
added 2024/02/29 1:42 a.m.48 views

CVE-2023-7107

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file usersignup.php. The manipulation of the argument firstname/middlename/email/address/contact/username leads to sql injection. The attac...

9.8CVSS7.5AI score0.00924EPSS
Exploits1References3
NVD
NVD
added 2024/02/20 6:15 p.m.48 views

CVE-2024-0794

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file...

9.8CVSS7.5AI score0.01342EPSS
Exploits0References2
NVD
NVD
added 2024/02/18 8:15 a.m.48 views

CVE-2023-6249

Signed to unsigned conversion esp32ipmsend...

9.8CVSS7.8AI score0.00441EPSS
Exploits1References1
NVD
NVD
added 2024/02/16 7:15 p.m.48 views

CVE-2024-21915

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

9CVSS9.2AI score0.0099EPSS
Exploits0References1
NVD
NVD
added 2024/01/23 2:15 p.m.48 views

CVE-2023-49783

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.5AI score0.00341EPSS
Exploits0References2
NVD
NVD
added 2024/01/19 1:15 a.m.48 views

CVE-2024-22424

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.3AI score0.00386EPSS
Exploits1References3
NVD
NVD
added 2024/01/02 8:15 p.m.48 views

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.2AI score0.00447EPSS
Exploits0References3
NVD
NVD
added 2023/12/22 9:15 p.m.48 views

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

9.1CVSS0.00992EPSS
Exploits1References4
NVD
NVD
added 2023/12/20 2:15 p.m.48 views

CVE-2023-46311

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...

6.5CVSS0.00527EPSS
Exploits0References1
NVD
NVD
added 2023/11/28 7:15 a.m.48 views

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

6.8CVSS0.01297EPSS
Exploits1References2
NVD
NVD
added 2023/11/28 4:15 a.m.48 views

CVE-2023-32063

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

5CVSS0.00538EPSS
Exploits0References3
NVD
NVD
added 2023/11/21 10:15 p.m.48 views

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

5.4CVSS0.00571EPSS
Exploits0References3
NVD
NVD
added 2023/11/17 10:15 p.m.48 views

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

7.5CVSS0.00307EPSS
Exploits1References2
NVD
NVD
added 2023/11/17 1:15 p.m.48 views

CVE-2023-22272

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

7.5CVSS0.01392EPSS
Exploits0References1
NVD
NVD
added 2023/11/15 9:15 p.m.48 views

CVE-2023-48224

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller use...

9.1CVSS0.00992EPSS
Exploits0References3
NVD
NVD
added 2023/10/25 6:17 p.m.48 views

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 1:15 a.m.48 views

CVE-2023-5564

Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1...

5.2CVSS4.9AI score0.00379EPSS
Exploits1References2
NVD
NVD
added 2023/10/12 4:15 p.m.48 views

CVE-2023-25774

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...

7.5CVSS7.3AI score0.00728EPSS
Exploits1References2
Total number of security vulnerabilities5000