Lucene search
K
NvdMost viewed

364876 matches found

NVD
NVD
•added 2021/02/05 8:15 p.m.•49 views

CVE-2021-1072

NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream rxdiag.dll where an arbitrary file deletion due to improper handling of log files may lead to denial of service...

7.1CVSS0.00259EPSS
Exploits0References1
NVD
NVD
•added 2021/02/01 9:15 p.m.•49 views

CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READEXTERNALSTORAGE, WRITEEXTERNALSTORAGE, and READCONTACTS...

9.8CVSS9.5AI score0.02295EPSS
Exploits0References3
NVD
NVD
•added 2021/01/19 8:15 p.m.•49 views

CVE-2021-21263

Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an...

7.2CVSS6.8AI score0.01605EPSS
Exploits0References5
NVD
NVD
•added 2021/01/12 3:15 p.m.•49 views

CVE-2021-21449

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

8.8CVSS5.6AI score0.01199EPSS
Exploits0References2
NVD
NVD
•added 2020/10/21 9:15 p.m.•49 views

CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

9.8CVSS0.53619EPSS
Exploits4References4
NVD
NVD
•added 2020/10/05 8:15 a.m.•49 views

CVE-2020-7709

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

7.2CVSS0.01783EPSS
Exploits1References3
NVD
NVD
•added 2020/10/01 5:15 p.m.•49 views

CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy header map API does not replace all existing occurences of a non-inline header...

8.3CVSS0.01317EPSS
Exploits1References2
NVD
NVD
•added 2020/09/30 6:15 p.m.•49 views

CVE-2020-26149

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server...

7.5CVSS0.01476EPSS
Exploits0References3
NVD
NVD
•added 2020/09/03 2:15 a.m.•49 views

CVE-2020-25086

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advancedsettings/adminUsers.php...

6.1CVSS6AI score0.00679EPSS
Exploits0References1
NVD
NVD
•added 2020/08/20 1:17 a.m.•49 views

CVE-2020-15143

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

8.8CVSS8.1AI score0.01914EPSS
Exploits1References1
NVD
NVD
•added 2020/08/11 6:15 p.m.•49 views

CVE-2020-14979

The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calli...

7.8CVSS7.7AI score0.00605EPSS
Exploits1References2
NVD
NVD
•added 2020/07/15 9:15 p.m.•49 views

CVE-2020-6164

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. There is no disclosure of the specific version. The functionality on this URL path is limited to...

7.5CVSS0.018EPSS
Exploits0References1
NVD
NVD
•added 2020/07/14 8:15 p.m.•49 views

CVE-2020-15100

In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1...

3.3CVSS0.00324EPSS
Exploits0References2
NVD
NVD
•added 2020/05/22 5:15 p.m.•49 views

CVE-2020-13388

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

9.8CVSS9.8AI score0.04422EPSS
Exploits1References3
NVD
NVD
•added 2020/05/08 9:15 p.m.•49 views

CVE-2020-11532

Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user...

10CVSS9.7AI score0.77477EPSS
Exploits7References3
NVD
NVD
•added 2020/05/06 6:15 p.m.•49 views

CVE-2020-11727

A cross-site scripting XSS vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woeposttype parameter...

6.1CVSS6AI score0.01955EPSS
Exploits4References4
NVD
NVD
•added 2020/05/04 1:15 p.m.•49 views

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

9.8CVSS9.8AI score0.04821EPSS
Exploits0References1
NVD
NVD
•added 2020/04/30 5:15 a.m.•49 views

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

6.1CVSS6.4AI score0.013EPSS
Exploits1References5
NVD
NVD
•added 2020/03/06 9:15 p.m.•49 views

CVE-2020-10111

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...

7.5CVSS7.6AI score0.0195EPSS
Exploits3References3
NVD
NVD
•added 2020/02/14 8:15 p.m.•49 views

CVE-2013-4211

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...

9.8CVSS9.7AI score0.76415EPSS
Exploits5References5
NVD
NVD
•added 2019/12/17 5:15 p.m.•49 views

CVE-2019-19849

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel Backend Module: DB...

8.8CVSS8.6AI score0.01267EPSS
Exploits0References2
NVD
NVD
•added 2019/10/25 7:15 p.m.•49 views

CVE-2019-17139

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS8.1AI score0.05783EPSS
Exploits0References2
NVD
NVD
•added 2019/09/25 4:15 p.m.•49 views

CVE-2019-10417

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS9.6AI score0.01205EPSS
Exploits0References2
NVD
NVD
•added 2019/07/31 1:15 p.m.•49 views

CVE-2019-10356

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts...

8.8CVSS8.9AI score0.025EPSS
Exploits0References5
NVD
NVD
•added 2019/07/19 3:15 p.m.•49 views

CVE-2019-1167

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'...

4.1CVSS4.3AI score0.011EPSS
Exploits0References1
NVD
NVD
•added 2019/04/11 7:29 p.m.•49 views

CVE-2019-5715

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...

9.8CVSS9.8AI score0.01564EPSS
Exploits0References2
NVD
NVD
•added 2019/03/21 4:1 p.m.•49 views

CVE-2019-6973

Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server based on gSOAP 2.8.x is configured for an iterative queueing approach aka non-threaded operation with a timeout of several seconds...

7.5CVSS7.5AI score0.13776EPSS
Exploits5References3
NVD
NVD
•added 2018/09/20 2:29 p.m.•49 views

CVE-2018-17254

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter...

9.8CVSS9.9AI score0.82976EPSS
Exploits5References2
NVD
NVD
•added 2018/09/10 7:29 p.m.•49 views

CVE-2018-14620

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmqclusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container...

9.8CVSS5.9AI score0.00597EPSS
Exploits0References3
NVD
NVD
•added 2018/04/26 8:29 p.m.•49 views

CVE-2018-7527

A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file...

6.8CVSS5.4AI score0.00732EPSS
Exploits0References2
NVD
NVD
•added 2018/04/16 7:29 p.m.•49 views

CVE-2016-9093

A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able t...

7CVSS6.8AI score0.00396EPSS
Exploits0References3
NVD
NVD
•added 2018/03/14 1:29 p.m.•49 views

CVE-2018-1000129

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...

6.1CVSS6.1AI score0.25459EPSS
Exploits1References4
NVD
NVD
•added 2018/01/23 6:29 p.m.•49 views

CVE-2017-17999

SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...

9.8CVSS10AI score0.03344EPSS
Exploits5References2
NVD
NVD
•added 2016/07/03 2:59 p.m.•49 views

CVE-2016-4509

Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file...

6CVSS6.7AI score0.01973EPSS
Exploits0References3
NVD
NVD
•added 2014/04/01 3:24 a.m.•49 views

CVE-2013-5640

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

7.5CVSS8.3AI score0.02387EPSS
Exploits6References4
NVD
NVD
•added 2013/09/28 3:40 a.m.•49 views

CVE-2013-5160

Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference...

3.3CVSS6AI score0.00342EPSS
Exploits1References2
NVD
NVD
•added 2011/12/30 1:55 a.m.•49 views

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

8.5CVSS6AI score0.45576EPSS
Exploits2References3
NVD
NVD
•added 2011/12/25 1:55 a.m.•49 views

CVE-2009-5109

Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file...

9.3CVSS8AI score0.32817EPSS
Exploits2References5
NVD
NVD
•added 2010/12/23 6:0 p.m.•49 views

CVE-2010-3972

Heap-based buffer overflow in the TELNETSTREAMCONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services IIS 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service daemon crash via a crafted FTP...

10CVSS8AI score0.94534EPSS
Exploits3References10
NVD
NVD
•added 2010/12/06 8:12 p.m.•49 views

CVE-2010-2639

IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."...

5CVSS6.5AI score0.01242EPSS
Exploits0References4
NVD
NVD
•added 2010/08/11 6:47 p.m.•49 views

CVE-2010-2554

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL...

7.8CVSS6.3AI score0.0192EPSS
Exploits7References2
NVD
NVD
•added 2008/11/10 2:12 p.m.•49 views

CVE-2008-5004

SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie...

7.5CVSS8.3AI score0.00967EPSS
Exploits1References3
NVD
NVD
•added 2006/08/01 9:4 p.m.•49 views

CVE-2006-3949

PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component comartlinks for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

6.8CVSS7.6AI score0.04432EPSS
Exploits1References4
NVD
NVD
•added 2026/05/14 12:16 p.m.•48 views

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS0.00487EPSS
Exploits0References3
NVD
NVD
•added 2026/05/13 8:16 p.m.•48 views

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS0.00185EPSS
Exploits0References1
NVD
NVD
•added 2026/05/13 5:16 p.m.•48 views

CVE-2026-44576

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

5.4CVSS0.0025EPSS
Exploits0References1
NVD
NVD
•added 2026/05/13 4:16 p.m.•48 views

CVE-2026-44288

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
•added 2026/05/12 2:17 p.m.•48 views

CVE-2026-45091

sealed-env is a cross-stack, zero-trust secret management library for Node.js and Java/Spring Boot. In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token. JWS payload is base64-encode...

9.1CVSS0.00326EPSS
Exploits1References1
NVD
NVD
•added 2026/05/10 5:16 a.m.•48 views

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

8.8CVSS0.04944EPSS
Exploits1References4
NVD
NVD
•added 2026/05/09 4:16 a.m.•48 views

CVE-2026-42051

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS0.00193EPSS
Exploits0References3
Total number of security vulnerabilities5000