Lucene search
K
NvdMost viewed

363365 matches found

NVD
NVD
added 2021/01/26 11:15 p.m.75 views

CVE-2021-3317

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...

8.8CVSS9AI score0.41394EPSS
Exploits3References2
NVD
NVD
added 2020/11/19 10:15 p.m.75 views

CVE-2020-7566

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

7.3CVSS7AI score0.0029EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 7:16 a.m.74 views

CVE-2026-6225

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
added 2024/11/07 2:15 p.m.74 views

CVE-2024-43425

A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions...

8.1CVSS0.83343EPSS
Exploits8References2
NVD
NVD
added 2024/10/01 5:15 a.m.74 views

CVE-2024-21489

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype...

8.2CVSS0.00634EPSS
Exploits0References3
NVD
NVD
added 2024/09/19 5:15 p.m.74 views

CVE-2024-31570

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file...

9.8CVSS0.00605EPSS
Exploits0References2
NVD
NVD
added 2024/08/14 12:15 p.m.74 views

CVE-2024-39399

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. A low-privileged attacker could exploit this vulnerability to gai...

7.7CVSS0.00911EPSS
Exploits0References1
NVD
NVD
added 2024/06/21 5:15 p.m.74 views

CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...

5.4CVSS0.00602EPSS
Exploits1References3
NVD
NVD
added 2024/05/20 10:15 a.m.74 views

CVE-2024-35984

In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by...

5.5CVSS5.3AI score0.00257EPSS
Exploits0References12
NVD
NVD
added 2024/04/11 9:15 p.m.74 views

CVE-2024-28458

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c...

7.5CVSS6.5AI score0.00706EPSS
Exploits1References1
NVD
NVD
added 2024/04/10 7:15 p.m.74 views

CVE-2024-31386

Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...

4.3CVSS4.6AI score0.00368EPSS
Exploits0References15
NVD
NVD
added 2024/01/02 11:15 p.m.74 views

CVE-2023-48418

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...

10CVSS9AI score0.0022EPSS
Exploits2References2
NVD
NVD
added 2023/09/06 4:15 a.m.74 views

CVE-2023-30713

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock...

6.2CVSS6.2AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2023/07/17 9:15 p.m.74 views

CVE-2023-37266

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS0.05871EPSS
Exploits1References3
NVD
NVD
added 2023/02/11 1:23 a.m.74 views

CVE-2023-25560

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

9.8CVSS9.2AI score0.00631EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 7:15 p.m.74 views

CVE-2022-44702

Windows Terminal Remote Code Execution Vulnerability...

7.8CVSS0.01365EPSS
Exploits0References2
NVD
NVD
added 2022/08/22 7:15 p.m.74 views

CVE-2022-32777

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the...

7.5CVSS0.01983EPSS
Exploits0References2
NVD
NVD
added 2021/11/18 5:15 p.m.74 views

CVE-2021-35534

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

9CVSS0.01666EPSS
Exploits0References3
NVD
NVD
added 2021/11/05 4:15 p.m.74 views

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

6.1CVSS0.0081EPSS
Exploits1References1
NVD
NVD
added 2021/09/15 2:15 p.m.74 views

CVE-2020-19150

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete' function in the component 'modules/filemanager/FileManagerController.java'...

8.1CVSS0.03379EPSS
Exploits1References1
NVD
NVD
added 2020/06/29 5:15 p.m.74 views

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...

6.1CVSS0.03442EPSS
Exploits0References1
NVD
NVD
added 2020/04/22 4:15 p.m.74 views

CVE-2018-21120

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1....

8CVSS6.1AI score0.00459EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 8:15 p.m.74 views

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

7.8CVSS7.3AI score0.01087EPSS
Exploits2References6
NVD
NVD
added 2019/11/27 9:15 p.m.74 views

CVE-2011-2523

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp...

10CVSS9.5AI score0.96184EPSS
Exploits30References6
NVD
NVD
added 2026/05/28 9:16 p.m.73 views

CVE-2026-46818

Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful...

7.4CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.73 views

CVE-2026-45158

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...

9.1CVSS0.00531EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 4:15 p.m.73 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS0.00583EPSS
Exploits0References1
NVD
NVD
added 2024/09/07 5:15 p.m.73 views

CVE-2024-40711

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution RCE...

9.8CVSS0.88193EPSS
Exploits3References3
NVD
NVD
added 2024/08/13 4:15 p.m.73 views

CVE-2024-36505

An improper access control vulnerability CWE-284 in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system via another hypothetical exploit to bypass the file integrity...

5.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 2024/04/03 5:15 p.m.73 views

CVE-2024-26777

In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In...

5.5CVSS6.2AI score0.00254EPSS
Exploits0References10
NVD
NVD
added 2023/12/22 5:15 p.m.73 views

CVE-2023-49790

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workaroun...

4.3CVSS0.00288EPSS
Exploits0References3
NVD
NVD
added 2023/07/06 4:15 p.m.73 views

CVE-2023-37260

league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException...

8.2CVSS8.2AI score0.00783EPSS
Exploits0References3
NVD
NVD
added 2023/07/06 4:15 p.m.73 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.1AI score0.0039EPSS
Exploits1References2
NVD
NVD
added 2022/12/16 4:15 p.m.73 views

CVE-2022-20522

In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.8CVSS0.00156EPSS
Exploits0References1
NVD
NVD
added 2022/01/28 10:15 p.m.73 views

CVE-2021-44410

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. UpgradePrepare param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS0.01207EPSS
Exploits1References1
NVD
NVD
added 2021/12/15 7:15 p.m.73 views

CVE-2021-1001

In PVInitVideoEncoder of mp4encapi.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android...

5.5CVSS0.00117EPSS
Exploits0References1
NVD
NVD
added 2020/09/01 5:15 p.m.73 views

CVE-2020-23839

A Reflected Cross-Site Scripting XSS vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the logi...

6.1CVSS6AI score0.10459EPSS
Exploits5References4
NVD
NVD
added 2020/08/24 3:15 p.m.73 views

CVE-2020-19883

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for userlogin, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

4.8CVSS4.9AI score0.00659EPSS
Exploits1References1
NVD
NVD
added 2026/05/09 3:16 a.m.72 views

CVE-2026-8207

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.phpL145 feature. Successful exploitation requires Teacher or high...

7CVSS0.00226EPSS
Exploits0References2
NVD
NVD
added 2025/07/14 9:15 p.m.72 views

CVE-2025-53818

GitHub Kanban MCP Server is a Model Context Protocol MCP server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Serv...

9.3CVSS0.01287EPSS
Exploits0References4
NVD
NVD
added 2025/05/06 9:16 p.m.72 views

CVE-2025-46573

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

8.6CVSS0.00326EPSS
Exploits0References2
NVD
NVD
added 2025/04/15 6:15 p.m.72 views

CVE-2025-33028

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this...

6.1CVSS0.00477EPSS
Exploits0References3
NVD
NVD
added 2024/10/21 8:15 p.m.72 views

CVE-2022-48994

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix function prototype mismatch in sndseqexpandvarevent With clang's kernel control flow integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to make sure...

5.5CVSS0.00235EPSS
Exploits0References8
NVD
NVD
added 2024/07/22 6:15 p.m.72 views

CVE-2024-40634

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to...

7.5CVSS0.01392EPSS
Exploits1References4
NVD
NVD
added 2024/05/01 1:15 p.m.72 views

CVE-2024-27063

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 "leds: trigger: netdev: add additional specific link speed mode" in the various changes, reworked the way to set the LINKUP mode in commi...

5.5CVSS7.2AI score0.00222EPSS
Exploits0References4
NVD
NVD
added 2023/12/17 1:15 a.m.72 views

CVE-2023-6888

A vulnerability classified as critical was found in PHZ76 RtspServer 1.0.0. This vulnerability affects the function ParseRequestLine of the file RtspMesaage.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publ...

9.8CVSS0.0096EPSS
Exploits1References4
NVD
NVD
added 2023/07/03 5:15 p.m.72 views

CVE-2023-36814

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

7.5CVSS7.6AI score0.00723EPSS
Exploits0References2
NVD
NVD
added 2023/06/05 7:15 a.m.72 views

CVE-2023-3099

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function deletefile in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch...

7.1CVSS5.4AI score0.00306EPSS
Exploits1References3
NVD
NVD
added 2023/04/04 10:15 p.m.72 views

CVE-2023-29003

SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protecti...

8.8CVSS8.9AI score0.00557EPSS
Exploits1References3
NVD
NVD
added 2023/03/28 8:15 p.m.72 views

CVE-2023-28395

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product...

8.3CVSS8.4AI score0.00649EPSS
Exploits1References1
Total number of security vulnerabilities5000