Lucene search
K
NvdMost viewed

364486 matches found

NVD
NVD
added 2024/06/20 6:15 a.m.48 views

CVE-2024-5522

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

6.5CVSS0.02618EPSS
Exploits6References1
NVD
NVD
added 2024/06/19 3:15 p.m.48 views

CVE-2024-34443

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11...

5.9CVSS0.00283EPSS
Exploits1References2
NVD
NVD
added 2024/06/14 4:15 p.m.48 views

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

7.8CVSS0.0032EPSS
Exploits0References3
NVD
NVD
added 2024/06/13 9:15 p.m.48 views

CVE-2024-32896

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

8.1CVSS0.0301EPSS
Exploits0References2
NVD
NVD
added 2024/06/13 5:15 p.m.48 views

CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...

4.9CVSS0.00529EPSS
Exploits0References2
NVD
NVD
added 2024/06/12 9:15 a.m.48 views

CVE-2024-5203

Rejected reason: After careful review of CVE-2024-5203, it has been determined that the issue is not exploitable in real-world scenarios. Moreover, the exploit assumes that the attacker has access to a session code parameter that matches a cookie on the Keycloak server. However the attacker does...

Exploits0
NVD
NVD
added 2024/06/11 5:15 p.m.48 views

CVE-2024-30065

Windows Themes Denial of Service Vulnerability...

5.5CVSS0.00841EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 8:15 p.m.48 views

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.6CVSS0.01952EPSS
Exploits0References3
NVD
NVD
added 2024/06/10 8:15 p.m.48 views

CVE-2024-36411

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

9.6CVSS0.00435EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 5:16 p.m.48 views

CVE-2024-35749

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6...

5.3CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 1:15 p.m.48 views

CVE-2024-32778

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 21.3.4...

8.1CVSS0.00612EPSS
Exploits0References2
NVD
NVD
added 2024/06/09 12:15 p.m.48 views

CVE-2024-33565

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3...

9.1CVSS0.00413EPSS
Exploits0References1
NVD
NVD
added 2024/06/07 10:15 a.m.48 views

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system...

8.8CVSS0.00493EPSS
Exploits0References3
NVD
NVD
added 2024/05/17 12:15 p.m.48 views

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeofvoid on 32-bit architectures is not enough for a 64-bit physaddrt: drivers/firmware/efi/capsule-loader.c: In function 'eficapsuleopen...

5.5CVSS7.7AI score0.00244EPSS
Exploits0References10
NVD
NVD
added 2024/05/16 9:15 a.m.48 views

CVE-2024-4181

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

8.8CVSS9.1AI score0.02118EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 3:38 p.m.48 views

CVE-2024-34070

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS8AI score0.00963EPSS
Exploits2References2
NVD
NVD
added 2024/05/14 2:33 p.m.48 views

CVE-2023-6327

The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchas...

5.3CVSS5.5AI score0.00676EPSS
Exploits0References3
NVD
NVD
added 2024/05/02 7:15 a.m.48 views

CVE-2024-32971

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...

9CVSS9.3AI score0.00727EPSS
Exploits0References4
NVD
NVD
added 2024/04/22 11:15 p.m.48 views

CVE-2024-32656

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...

7.8CVSS8.2AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2024/04/17 2:15 p.m.48 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects a...

8.1CVSS7.7AI score0.01552EPSS
Exploits0References14
NVD
NVD
added 2024/04/17 10:15 a.m.48 views

CVE-2024-32130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1...

6.5CVSS6.5AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2024/04/04 8:15 p.m.48 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS7.7AI score0.91327EPSS
Exploits2References10
NVD
NVD
added 2024/03/28 7:16 a.m.48 views

CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors...

4.3CVSS4.3AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2024/03/21 11:15 p.m.48 views

CVE-2024-29031

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of...

7.5CVSS7.6AI score0.00951EPSS
Exploits1References3
NVD
NVD
added 2024/03/15 11:15 p.m.48 views

CVE-2024-28859

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...

9CVSS5.9AI score0.01485EPSS
Exploits1References2
NVD
NVD
added 2024/03/12 5:15 p.m.48 views

CVE-2024-21330

Open Management Infrastructure OMI Elevation of Privilege Vulnerability...

7.8CVSS8.7AI score0.00988EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 3:15 p.m.48 views

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

8CVSS7.9AI score0.00663EPSS
Exploits0References1
NVD
NVD
added 2024/03/06 8:15 p.m.48 views

CVE-2024-27917

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

7.5CVSS7.6AI score0.00611EPSS
Exploits0References4
NVD
NVD
added 2024/02/20 6:15 p.m.48 views

CVE-2024-0794

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file...

9.8CVSS7.5AI score0.01342EPSS
Exploits0References2
NVD
NVD
added 2024/02/18 8:15 a.m.48 views

CVE-2023-6249

Signed to unsigned conversion esp32ipmsend...

9.8CVSS7.8AI score0.00441EPSS
Exploits1References1
NVD
NVD
added 2024/01/23 2:15 p.m.48 views

CVE-2023-49783

Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ModelAdmin can still edit or delete records using...

4.3CVSS4.5AI score0.00341EPSS
Exploits0References2
NVD
NVD
added 2024/01/19 1:15 a.m.48 views

CVE-2024-22424

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery CSRF attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo C...

8.3CVSS8.3AI score0.00386EPSS
Exploits1References3
NVD
NVD
added 2024/01/11 9:15 a.m.48 views

CVE-2023-4372

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5.7AI score0.19684EPSS
Exploits2References4
NVD
NVD
added 2024/01/11 1:15 a.m.48 views

CVE-2024-21665

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

4.3CVSS4.3AI score0.0049EPSS
Exploits1References4
NVD
NVD
added 2024/01/02 8:15 p.m.48 views

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.2AI score0.00447EPSS
Exploits0References3
NVD
NVD
added 2023/12/22 9:15 p.m.48 views

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

9.1CVSS0.00992EPSS
Exploits1References4
NVD
NVD
added 2023/12/20 2:15 p.m.48 views

CVE-2023-46311

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...

6.5CVSS0.00527EPSS
Exploits0References1
NVD
NVD
added 2023/12/05 3:15 a.m.48 views

CVE-2023-33082

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE...

9.8CVSS0.00528EPSS
Exploits0References1
NVD
NVD
added 2023/11/28 7:15 a.m.48 views

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

6.8CVSS0.01297EPSS
Exploits1References2
NVD
NVD
added 2023/11/28 4:15 a.m.48 views

CVE-2023-32063

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

5CVSS0.00538EPSS
Exploits0References3
NVD
NVD
added 2023/11/21 10:15 p.m.48 views

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

5.4CVSS0.00571EPSS
Exploits0References3
NVD
NVD
added 2023/11/17 10:15 p.m.48 views

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

7.5CVSS0.00304EPSS
Exploits1References2
NVD
NVD
added 2023/11/17 1:15 p.m.48 views

CVE-2023-22272

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

7.5CVSS0.01392EPSS
Exploits0References1
NVD
NVD
added 2023/11/13 9:15 p.m.48 views

CVE-2023-47117

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

7.5CVSS0.04055EPSS
Exploits3References2
NVD
NVD
added 2023/11/06 11:15 p.m.48 views

CVE-2023-36769

Microsoft OneNote Spoofing Vulnerability...

5.4CVSS4.9AI score0.00423EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 6:17 p.m.48 views

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

6.5CVSS6.3AI score0.00722EPSS
Exploits0References3
NVD
NVD
added 2023/10/25 6:17 p.m.48 views

CVE-2023-41339

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

8.6CVSS8.7AI score0.00514EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 1:15 a.m.48 views

CVE-2023-5564

Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1...

5.2CVSS4.9AI score0.00379EPSS
Exploits1References2
NVD
NVD
added 2023/10/12 4:15 p.m.48 views

CVE-2023-25774

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...

7.5CVSS7.3AI score0.00728EPSS
Exploits1References2
NVD
NVD
added 2023/09/25 4:15 p.m.48 views

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

7.2CVSS7.1AI score0.00628EPSS
Exploits1References1
Total number of security vulnerabilities5000