Lucene search
K
NvdMost viewed

364838 matches found

NVD
NVD
added 2025/07/30 3:15 p.m.48 views

CVE-2025-43018

Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book...

6.9CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 2025/07/07 7:15 a.m.48 views

CVE-2025-41672

A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices...

10CVSS0.00346EPSS
Exploits0References2
NVD
NVD
added 2025/05/05 9:15 p.m.48 views

CVE-2025-4289

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component RNTO Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

9.8CVSS0.00612EPSS
Exploits1References4
NVD
NVD
added 2025/05/01 6:15 a.m.48 views

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00236EPSS
Exploits1References1
NVD
NVD
added 2025/04/20 7:15 a.m.48 views

CVE-2025-3822

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirmpassword/txtnewpassword/txtoldpassword leads to cro...

5.4CVSS0.00393EPSS
Exploits1References4
NVD
NVD
added 2025/04/15 6:15 p.m.48 views

CVE-2024-42189

HCL BigFix Web Reports might be subject to a Denial of Service DoS attack, due to a potentially weak validation of an API parameter...

6.5CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2025/04/12 3:15 a.m.48 views

CVE-2025-2881

The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in th...

5.3CVSS0.00348EPSS
Exploits0References3
NVD
NVD
added 2025/04/12 3:15 a.m.48 views

CVE-2025-2841

The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

5.3CVSS0.00359EPSS
Exploits0References5
NVD
NVD
added 2025/04/11 4:15 p.m.48 views

CVE-2025-31354

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters...

5.3CVSS0.00122EPSS
Exploits0References1
NVD
NVD
added 2025/04/11 1:15 p.m.48 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS0.01119EPSS
Exploits0References3
NVD
NVD
added 2025/04/09 4:15 p.m.48 views

CVE-2025-32375

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized...

9.8CVSS0.50446EPSS
Exploits5References1
NVD
NVD
added 2025/03/19 6:15 p.m.48 views

CVE-2025-29925

XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent...

8.7CVSS0.00906EPSS
Exploits1References5
NVD
NVD
added 2025/03/08 10:15 a.m.48 views

CVE-2025-1322

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...

4.3CVSS0.00417EPSS
Exploits0References2
NVD
NVD
added 2025/03/06 5:15 p.m.48 views

CVE-2025-2032

A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used...

5.1CVSS0.00478EPSS
Exploits1References4
NVD
NVD
added 2025/02/25 8:15 p.m.48 views

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

8.8CVSS0.00514EPSS
Exploits0References2
NVD
NVD
added 2025/02/18 11:15 a.m.48 views

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

4.3CVSS0.00382EPSS
Exploits0References3
NVD
NVD
added 2025/02/12 5:15 p.m.48 views

CVE-2024-11629

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 2025.1.205, using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF...

7.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 11:15 p.m.48 views

CVE-2025-23199

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: /ajaxform.php - param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...

5.4CVSS0.01221EPSS
Exploits1References1
NVD
NVD
added 2025/01/16 6:15 p.m.48 views

CVE-2024-41746

IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

7.2CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2025/01/15 10:15 p.m.48 views

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

8.8CVSS0.00434EPSS
Exploits1References5
NVD
NVD
added 2025/01/15 6:15 p.m.48 views

CVE-2025-23040

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...

6.6CVSS0.00747EPSS
Exploits0References3
NVD
NVD
added 2025/01/11 4:15 a.m.48 views

CVE-2025-23109

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address. This vulnerability was fixed in Firefox for iOS 134...

6.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2025/01/03 5:15 p.m.48 views

CVE-2024-56409

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php...

8.3CVSS0.00325EPSS
Exploits1References2
NVD
NVD
added 2024/12/30 10:15 a.m.48 views

CVE-2024-47918

Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS0.003EPSS
Exploits0References1
NVD
NVD
added 2024/12/27 5:15 p.m.48 views

CVE-2024-12988

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The...

7.5CVSS0.00822EPSS
Exploits1References6
NVD
NVD
added 2024/12/18 1:15 p.m.48 views

CVE-2024-48889

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below,...

7.2CVSS0.01652EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 4:15 p.m.48 views

CVE-2024-55887

Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts...

8.6CVSS0.0055EPSS
Exploits0References1
NVD
NVD
added 2024/12/03 6:15 p.m.48 views

CVE-2024-25020

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

9.8CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 2:15 p.m.48 views

CVE-2024-53976

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS 133...

5.4CVSS0.00294EPSS
Exploits0References2
NVD
NVD
added 2024/11/23 8:15 a.m.48 views

CVE-2024-9511

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

9.8CVSS0.01123EPSS
Exploits0References4
NVD
NVD
added 2024/11/20 4:15 p.m.48 views

CVE-2024-11487

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...

8.8CVSS0.004EPSS
Exploits0References3
NVD
NVD
added 2024/11/14 12:15 p.m.48 views

CVE-2022-31669

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

7.7CVSS0.00396EPSS
Exploits0References1
NVD
NVD
added 2024/11/11 7:15 a.m.48 views

CVE-2024-52354

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through = 1.1...

6.5CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2024/11/10 11:15 p.m.48 views

CVE-2024-11058

A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be...

7.2CVSS0.00507EPSS
Exploits1References5
NVD
NVD
added 2024/10/15 4:15 p.m.48 views

CVE-2024-48913

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery CSRF middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Th...

5.9CVSS0.00304EPSS
Exploits1References3
NVD
NVD
added 2024/10/08 6:15 p.m.48 views

CVE-2024-43609

Microsoft Office Spoofing Vulnerability...

6.5CVSS0.02035EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 4:15 p.m.48 views

CVE-2024-28709

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields...

6.1CVSS0.00521EPSS
Exploits0References1
NVD
NVD
added 2024/10/05 4:15 p.m.48 views

CVE-2024-47370

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.21...

6.5CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2024/09/27 2:15 p.m.48 views

CVE-2024-47182

Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3...

7.5CVSS0.00208EPSS
Exploits0References2
NVD
NVD
added 2024/09/19 11:15 p.m.48 views

CVE-2024-46984

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

9.8CVSS0.00637EPSS
Exploits0References6
NVD
NVD
added 2024/09/19 5:15 p.m.48 views

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

6.1CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 4:15 p.m.48 views

CVE-2024-6587

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS0.37197EPSS
Exploits1References2
NVD
NVD
added 2024/09/05 5:15 a.m.48 views

CVE-2024-43102

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

10CVSS0.00681EPSS
Exploits0References2
NVD
NVD
added 2024/09/02 12:15 p.m.48 views

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location...

7.5CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 11:15 a.m.48 views

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

5.3CVSS0.09269EPSS
Exploits4References3
NVD
NVD
added 2024/08/29 3:15 a.m.48 views

CVE-2024-45436

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory...

9.1CVSS0.02581EPSS
Exploits2References2
NVD
NVD
added 2024/08/26 9:15 p.m.48 views

CVE-2024-43257

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36...

6.5CVSS0.00418EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 1:15 p.m.48 views

CVE-2024-8162

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/webcste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to hard-coded credentials. It is possible to launch the attack...

10CVSS0.01666EPSS
Exploits1References5
NVD
NVD
added 2024/08/21 7:15 a.m.48 views

CVE-2023-52895

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. For a multishot request, we can safely ignore a spurious...

5.5CVSS0.00205EPSS
Exploits0References2
NVD
NVD
added 2024/08/14 3:15 p.m.48 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS0.0032EPSS
Exploits0References3
Total number of security vulnerabilities5000