Lucene search
K
NvdMost viewed

363781 matches found

NVD
NVD
added 2024/06/10 8:15 p.m.48 views

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.6CVSS0.01952EPSS
Exploits0References3
NVD
NVD
added 2024/06/09 12:15 p.m.48 views

CVE-2024-33565

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3...

9.1CVSS0.00413EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 9:15 a.m.48 views

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS0.00352EPSS
Exploits0References3
NVD
NVD
added 2024/06/07 10:15 a.m.48 views

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

8.8CVSS0.00493EPSS
Exploits0References3
NVD
NVD
added 2024/05/17 12:15 p.m.48 views

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

5.5CVSS7.7AI score0.00244EPSS
Exploits0References10
NVD
NVD
added 2024/05/16 9:15 a.m.48 views

CVE-2024-4181

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

8.8CVSS9.1AI score0.02118EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 3:38 p.m.48 views

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS8AI score0.00963EPSS
Exploits2References2
NVD
NVD
added 2024/05/14 2:33 p.m.48 views

CVE-2023-6327

The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchas...

5.3CVSS5.5AI score0.00676EPSS
Exploits0References3
NVD
NVD
added 2024/05/03 7:15 a.m.48 views

CVE-2024-33928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0...

7.1CVSS7.2AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 7:15 a.m.48 views

CVE-2024-32971

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...

9CVSS9.3AI score0.00727EPSS
Exploits0References4
NVD
NVD
added 2024/04/22 11:15 p.m.48 views

CVE-2024-32656

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...

7.8CVSS8.2AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2024/04/17 2:15 p.m.48 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects a...

8.1CVSS7.7AI score0.01552EPSS
Exploits0References14
NVD
NVD
added 2024/04/04 8:15 p.m.48 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS7.7AI score0.91327EPSS
Exploits2References10
NVD
NVD
added 2024/03/28 7:16 a.m.48 views

CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors...

4.3CVSS4.3AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2024/03/25 9:15 p.m.48 views

CVE-2024-29179

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...

4.8CVSS4.7AI score0.00508EPSS
Exploits1References1
NVD
NVD
added 2024/03/21 11:15 p.m.48 views

CVE-2024-29031

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of...

7.5CVSS7.6AI score0.00951EPSS
Exploits1References3
NVD
NVD
added 2024/03/15 11:15 p.m.48 views

CVE-2024-28859

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...

9CVSS5.9AI score0.01485EPSS
Exploits1References2
NVD
NVD
added 2024/03/12 3:15 p.m.48 views

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

8CVSS7.9AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2024/03/06 8:15 p.m.48 views

CVE-2024-27917

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7.6AI score0.00611EPSS
Exploits0References4
NVD
NVD
added 2024/02/20 6:15 p.m.48 views

CVE-2024-0794

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file...

9.8CVSS7.5AI score0.01342EPSS
Exploits0References2
NVD
NVD
added 2024/02/18 8:15 a.m.48 views

CVE-2023-6249

Signed to unsigned conversion esp32ipmsend...

9.8CVSS7.8AI score0.00441EPSS
Exploits1References1
NVD
NVD
added 2024/02/16 7:15 p.m.48 views

CVE-2024-21915

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...

9CVSS9.2AI score0.0099EPSS
Exploits0References1
NVD
NVD
added 2024/01/23 2:15 p.m.48 views

CVE-2023-49783

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.5AI score0.00341EPSS
Exploits0References2
NVD
NVD
added 2024/01/19 1:15 a.m.48 views

CVE-2024-22424

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.3AI score0.00386EPSS
Exploits1References3
NVD
NVD
added 2024/01/02 8:15 p.m.48 views

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.2AI score0.00447EPSS
Exploits0References3
NVD
NVD
added 2023/12/22 9:15 p.m.48 views

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

9.1CVSS0.00992EPSS
Exploits1References4
NVD
NVD
added 2023/12/20 2:15 p.m.48 views

CVE-2023-46311

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...

6.5CVSS0.00527EPSS
Exploits0References1
NVD
NVD
added 2023/11/28 7:15 a.m.48 views

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

6.8CVSS0.01297EPSS
Exploits1References2
NVD
NVD
added 2023/11/28 4:15 a.m.48 views

CVE-2023-32063

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

5CVSS0.00538EPSS
Exploits0References3
NVD
NVD
added 2023/11/21 10:15 p.m.48 views

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

5.4CVSS0.00571EPSS
Exploits0References3
NVD
NVD
added 2023/11/17 10:15 p.m.48 views

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

7.5CVSS0.00307EPSS
Exploits1References2
NVD
NVD
added 2023/11/17 1:15 p.m.48 views

CVE-2023-22272

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

7.5CVSS0.01392EPSS
Exploits0References1
NVD
NVD
added 2023/11/15 9:15 p.m.48 views

CVE-2023-48224

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller use...

9.1CVSS0.00992EPSS
Exploits0References3
NVD
NVD
added 2023/10/25 6:17 p.m.48 views

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 1:15 a.m.48 views

CVE-2023-5564

Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1...

5.2CVSS4.9AI score0.00379EPSS
Exploits1References2
NVD
NVD
added 2023/10/12 4:15 p.m.48 views

CVE-2023-25774

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...

7.5CVSS7.3AI score0.00728EPSS
Exploits1References2
NVD
NVD
added 2023/09/12 8:15 p.m.48 views

CVE-2023-3710

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM Printer web page modules allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 e.g. P10.19.050006...

9.9CVSS9.6AI score0.33094EPSS
Exploits3References3
NVD
NVD
added 2023/09/12 3:15 a.m.48 views

CVE-2023-40621

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...

6.3CVSS6.4AI score0.00646EPSS
Exploits0References2
NVD
NVD
added 2023/09/11 7:15 p.m.48 views

CVE-2023-31069

An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page...

9.8CVSS9.5AI score0.01932EPSS
Exploits3References2
NVD
NVD
added 2023/08/30 2:15 a.m.48 views

CVE-2023-4597

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.7AI score0.00576EPSS
Exploits2References4
NVD
NVD
added 2023/08/22 7:16 p.m.48 views

CVE-2021-33388

dpic 2021.04.10 has a Heap Buffer Overflow in themakevar function in dpic.y...

9.8CVSS9.6AI score0.00631EPSS
Exploits0References1
NVD
NVD
added 2023/08/21 5:15 p.m.48 views

CVE-2023-38836

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...

8.8CVSS8.8AI score0.73027EPSS
Exploits8References3
NVD
NVD
added 2023/08/16 9:15 p.m.48 views

CVE-2023-40034

Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a for...

8.1CVSS8.1AI score0.00716EPSS
Exploits0References4
NVD
NVD
added 2023/08/14 9:15 p.m.48 views

CVE-2023-21134

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

6.8CVSS6.7AI score0.00125EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 1:15 p.m.48 views

CVE-2023-30187

An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file...

9.8CVSS9.6AI score0.01856EPSS
Exploits1References6
NVD
NVD
added 2023/08/07 7:15 p.m.48 views

CVE-2023-39363

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

9.1CVSS5.6AI score0.00706EPSS
Exploits1References5
NVD
NVD
added 2023/07/27 3:15 p.m.48 views

CVE-2023-38488

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file e.g. via a...

8.8CVSS7.5AI score0.00799EPSS
Exploits0References7
NVD
NVD
added 2023/07/25 1:15 p.m.48 views

CVE-2023-3637

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

6.5CVSS5.2AI score0.00969EPSS
Exploits0References3
NVD
NVD
added 2023/07/20 11:15 p.m.48 views

CVE-2023-3800

A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack i...

6.6CVSS4.9AI score0.00557EPSS
Exploits0References3
NVD
NVD
added 2023/07/12 10:15 a.m.48 views

CVE-2022-45855

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.3AI score0.01052EPSS
Exploits0References1
Total number of security vulnerabilities5000