Lucene search
K
NvdMost viewed

366258 matches found

NVD
NVD
added 2023/03/23 5:15 p.m.49 views

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS9.9AI score0.01409EPSS
Exploits0References1
NVD
NVD
added 2023/03/14 6:15 a.m.49 views

CVE-2023-27498

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

7.2CVSS7AI score0.00545EPSS
Exploits0References2
NVD
NVD
added 2023/03/13 12:15 p.m.49 views

CVE-2023-24033

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol SDP module, which can lead to a denial of service...

9.8CVSS7.8AI score0.34546EPSS
Exploits0References3
NVD
NVD
added 2023/03/10 9:15 p.m.49 views

CVE-2022-33242

Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD...

7.8CVSS7.9AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2023/03/09 9:15 p.m.49 views

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

9.1CVSS9.3AI score0.00606EPSS
Exploits1References1
NVD
NVD
added 2023/03/03 11:15 p.m.49 views

CVE-2023-25403

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication...

7.5CVSS7.5AI score0.00652EPSS
Exploits1References2
NVD
NVD
added 2023/03/02 4:15 a.m.49 views

CVE-2023-25806

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

5.3CVSS5.4AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2023/02/21 9:15 p.m.49 views

CVE-2023-25158

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore...

9.8CVSS10AI score0.01072EPSS
Exploits1References2
NVD
NVD
added 2023/02/19 9:15 a.m.49 views

CVE-2023-0916

A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploi...

8.8CVSS7.2AI score0.03074EPSS
Exploits4References3
NVD
NVD
added 2023/02/14 4:15 p.m.49 views

CVE-2022-22564

Dell EMC Unity versions before 5.2.0.0.5.173 , usees broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information...

5.9CVSS5.8AI score0.00451EPSS
Exploits0References1
NVD
NVD
added 2023/02/14 11:15 a.m.49 views

CVE-2022-31808

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V2.85.44, SiPass integrated ACC-AP All versions V2.85.43. Affected devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by...

7.8CVSS7.9AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2023/02/13 3:15 p.m.49 views

CVE-2023-0099

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.01726EPSS
Exploits6References2
NVD
NVD
added 2023/02/12 4:15 a.m.49 views

CVE-2022-38686

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

6.4CVSS5.3AI score0.00089EPSS
Exploits0References1
NVD
NVD
added 2023/02/06 2:15 p.m.49 views

CVE-2022-48085

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter...

5.4CVSS5.6AI score0.00591EPSS
Exploits1References3
NVD
NVD
added 2023/02/03 8:15 p.m.49 views

CVE-2023-23925

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

8.6CVSS8.5AI score0.00541EPSS
Exploits0References2
NVD
NVD
added 2023/01/13 7:15 p.m.49 views

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS3.7AI score0.00555EPSS
Exploits0References3
NVD
NVD
added 2023/01/10 4:15 a.m.49 views

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...

9.8CVSS8.9AI score0.00693EPSS
Exploits0References2
NVD
NVD
added 2022/12/22 9:15 p.m.49 views

CVE-2022-3805

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS0.01594EPSS
Exploits1References4
NVD
NVD
added 2022/12/20 9:15 p.m.49 views

CVE-2022-23542

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

9.8CVSS0.0091EPSS
Exploits0References3
NVD
NVD
added 2022/12/13 4:15 p.m.49 views

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

8.8CVSS0.79933EPSS
Exploits0References2
NVD
NVD
added 2022/11/08 8:15 a.m.49 views

CVE-2022-39343

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a vali...

7.8CVSS0.00822EPSS
Exploits1References2
NVD
NVD
added 2022/11/04 3:15 p.m.49 views

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

7.8CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 2022/11/03 8:15 p.m.49 views

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

5.3CVSS0.00643EPSS
Exploits1References2
NVD
NVD
added 2022/10/11 9:15 p.m.49 views

CVE-2022-41168

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part .catpart, CatiaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
added 2022/10/07 7:15 a.m.49 views

CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

8.1CVSS0.01197EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 10:15 p.m.49 views

CVE-2022-35981

TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHu...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 8:15 p.m.49 views

CVE-2022-35940

TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...

7.5CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2022/08/31 4:15 p.m.49 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.1CVSS0.00746EPSS
Exploits0References2
NVD
NVD
added 2022/08/27 9:15 a.m.49 views

CVE-2022-3013

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...

9.8CVSS0.00466EPSS
Exploits0References1
NVD
NVD
added 2022/08/22 3:15 p.m.49 views

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

7.5CVSS0.12485EPSS
Exploits5References2
NVD
NVD
added 2022/08/16 2:15 p.m.49 views

CVE-2022-38362

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...

8.8CVSS0.01602EPSS
Exploits0References2
NVD
NVD
added 2022/08/01 10:15 p.m.49 views

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

7.5CVSS0.01483EPSS
Exploits0References4
NVD
NVD
added 2022/07/26 8:15 a.m.49 views

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in the CSV importing feature of JSM Insight. When running in an environment...

5.7CVSS0.00602EPSS
Exploits0References1
NVD
NVD
added 2022/06/30 6:15 p.m.49 views

CVE-2022-34782

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

4.3CVSS0.00516EPSS
Exploits0References1
NVD
NVD
added 2022/06/27 11:15 p.m.49 views

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

7.5CVSS0.01416EPSS
Exploits0References3
NVD
NVD
added 2022/06/16 9:15 p.m.49 views

CVE-2021-36609

Cross Site Scripting XSS vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php...

5.4CVSS0.00446EPSS
Exploits1References1
NVD
NVD
added 2022/06/02 2:15 p.m.49 views

CVE-2022-29732

Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting XSS vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00725EPSS
Exploits2References2
NVD
NVD
added 2022/04/18 5:15 p.m.49 views

CVE-2020-25163

A remote attacker with write access to PI ProcessBook files could inject code that is imported into OSIsoft PI Vision 2020 versions prior to 3.5.0. Unauthorized information disclosure, modification, or deletion is also possible if a victim views or interacts with the infected display. This...

7.7CVSS0.0091EPSS
Exploits0References1
NVD
NVD
added 2022/04/12 5:15 p.m.49 views

CVE-2022-27261

An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server...

7.5CVSS0.01359EPSS
Exploits1References2
NVD
NVD
added 2022/03/22 9:15 p.m.49 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi...

9.8CVSS0.03986EPSS
Exploits1References1
NVD
NVD
added 2022/03/17 9:15 p.m.49 views

CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

10CVSS0.03106EPSS
Exploits3References2
NVD
NVD
added 2022/03/16 3:15 p.m.49 views

CVE-2021-39734

In sendMessage of OneToOneChatImpl.java ? TBD, there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2022/03/14 11:15 a.m.49 views

CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

9.1CVSS0.41861EPSS
Exploits0References16
NVD
NVD
added 2022/02/21 11:15 a.m.49 views

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...

9.8CVSS0.18878EPSS
Exploits1References2
NVD
NVD
added 2022/02/17 3:15 p.m.49 views

CVE-2022-23632

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security TLS configuration when the host header is a fully qualified domain name FQDN. For a request, the TLS configuration choice can be different than the router choice, which...

7.5CVSS0.01714EPSS
Exploits0References4
NVD
NVD
added 2022/01/17 2:15 a.m.49 views

CVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...

9.8CVSS0.02944EPSS
Exploits0References5
NVD
NVD
added 2021/12/23 8:15 p.m.49 views

CVE-2021-20318

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS0.01701EPSS
Exploits0References1
NVD
NVD
added 2021/12/07 2:15 p.m.49 views

CVE-2021-22956

An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

7.5CVSS0.00894EPSS
Exploits0References1
NVD
NVD
added 2021/11/23 8:15 p.m.49 views

CVE-2021-25986

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

5.4CVSS0.00583EPSS
Exploits0References2
NVD
NVD
added 2021/11/17 8:15 p.m.49 views

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...

9.3CVSS0.0052EPSS
Exploits0References2
Total number of security vulnerabilities5000