Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2022/11/17 11:15 p.m.48 views

CVE-2022-39181

GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting RXSS. Type 1: Reflected XSS or Non-Persistent - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content t...

6.1CVSS0.00361EPSS
Exploits0References1
NVD
NVD
added 2022/11/14 2:15 p.m.48 views

CVE-2022-45378

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary...

9.8CVSS0.02251EPSS
Exploits0References2
NVD
NVD
added 2022/10/13 3:15 a.m.48 views

CVE-2022-42906

powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...

7.8CVSS0.0042EPSS
Exploits1References3
NVD
NVD
added 2022/10/10 3:15 p.m.48 views

CVE-2022-39292

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...

7.5CVSS0.00657EPSS
Exploits0References2
NVD
NVD
added 2022/09/27 7:15 p.m.48 views

CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and optionally VLAN0 headers...

4.7CVSS0.00594EPSS
Exploits0References6
NVD
NVD
added 2022/09/16 11:15 p.m.48 views

CVE-2022-36000

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 10:15 p.m.48 views

CVE-2022-35981

TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHu...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/09/16 8:15 p.m.48 views

CVE-2022-35940

TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also...

7.5CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2022/09/16 8:15 p.m.48 views

CVE-2022-35960

TensorFlow is an open source platform for machine learning. In core/kernels/listkernels.cc's TensorListReserve, numelements is assumed to be a tensor of size 1. When a numelements of more than 1 element is provided, then tf.rawops.TensorListReserve fails the CHECKEQ in...

7.5CVSS0.00547EPSS
Exploits0References3
NVD
NVD
added 2022/09/14 1:15 p.m.48 views

CVE-2022-37661

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution RCE via the ping host feature...

9.8CVSS0.36187EPSS
Exploits5References4
NVD
NVD
added 2022/08/27 9:15 a.m.48 views

CVE-2022-3013

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...

9.8CVSS0.00466EPSS
Exploits0References1
NVD
NVD
added 2022/08/18 8:15 p.m.48 views

CVE-2022-21812

Improper access control in the IntelR HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS0.00259EPSS
Exploits0References1
NVD
NVD
added 2022/08/01 10:15 p.m.48 views

CVE-2022-35919

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

7.4CVSS0.52334EPSS
Exploits4References4
NVD
NVD
added 2022/07/27 2:15 p.m.48 views

CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...

6.5CVSS0.00855EPSS
Exploits1References2
NVD
NVD
added 2022/06/30 6:15 p.m.48 views

CVE-2022-34782

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

4.3CVSS0.00516EPSS
Exploits0References1
NVD
NVD
added 2022/06/28 10:15 p.m.48 views

CVE-2021-41559

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

6.5CVSS0.00985EPSS
Exploits0References3
NVD
NVD
added 2022/06/27 10:15 p.m.48 views

CVE-2022-31100

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to...

6.5CVSS0.00796EPSS
Exploits0References2
NVD
NVD
added 2022/06/13 8:15 p.m.48 views

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS0.0096EPSS
Exploits1References2
NVD
NVD
added 2022/06/08 3:15 p.m.48 views

CVE-2020-14125

A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service...

7.5CVSS0.06935EPSS
Exploits0References1
NVD
NVD
added 2022/05/04 9:15 a.m.48 views

CVE-2022-1555

DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...

8.8CVSS0.0125EPSS
Exploits1References2
NVD
NVD
added 2022/04/15 7:15 p.m.48 views

CVE-2022-27048

A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle MITM attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 ...

7.4CVSS0.00769EPSS
Exploits0References1
NVD
NVD
added 2022/03/07 10:15 p.m.48 views

CVE-2022-24738

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmo...

8.1CVSS0.01051EPSS
Exploits0References3
NVD
NVD
added 2022/03/01 7:15 a.m.48 views

CVE-2021-4039

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device...

10CVSS0.71048EPSS
Exploits4References2
NVD
NVD
added 2022/02/23 9:15 a.m.48 views

CVE-2022-0736

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1...

8.2CVSS0.01551EPSS
Exploits1References2
NVD
NVD
added 2022/02/17 3:15 p.m.48 views

CVE-2022-23632

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security TLS configuration when the host header is a fully qualified domain name FQDN. For a request, the TLS configuration choice can be different than the router choice, which...

7.5CVSS0.01688EPSS
Exploits0References4
NVD
NVD
added 2022/02/11 6:15 p.m.48 views

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

4CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2022/02/09 4:15 p.m.48 views

CVE-2021-46158

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.01774EPSS
Exploits0References4
NVD
NVD
added 2022/02/04 11:15 p.m.48 views

CVE-2022-23571

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...

6.5CVSS0.00469EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 11:15 p.m.48 views

CVE-2022-23565

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS0.00469EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 11:15 p.m.48 views

CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

4.3CVSS0.00716EPSS
Exploits1References3
NVD
NVD
added 2022/02/04 11:15 p.m.48 views

CVE-2021-38130

A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack...

6.5CVSS0.00857EPSS
Exploits2References1
NVD
NVD
added 2022/02/01 1:15 p.m.48 views

CVE-2021-45416

Reflected Cross-site scripting XSS vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the searchterm parameter in the modules/Scheduling/Courses.php script...

6.1CVSS0.03002EPSS
Exploits2References1
NVD
NVD
added 2022/01/31 9:15 p.m.48 views

CVE-2022-21659

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

5.3CVSS0.00953EPSS
Exploits0References2
NVD
NVD
added 2022/01/28 8:15 p.m.48 views

CVE-2021-40404

An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability...

6.5CVSS0.01229EPSS
Exploits1References1
NVD
NVD
added 2022/01/26 11:15 a.m.48 views

CVE-2022-22932

Apache Karaf obr: commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr: commands are not very used and the entry is set by user. This has been fixed in revision:...

5.3CVSS0.0283EPSS
Exploits0References1
NVD
NVD
added 2022/01/10 2:10 p.m.48 views

CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...

9.8CVSS0.01762EPSS
Exploits1References2
NVD
NVD
added 2022/01/05 7:15 p.m.48 views

CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS0.00727EPSS
Exploits0References2
NVD
NVD
added 2021/12/27 12:15 a.m.48 views

CVE-2021-45699

An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap...

7.8CVSS0.01466EPSS
Exploits0References2
NVD
NVD
added 2021/12/23 8:15 p.m.48 views

CVE-2021-20318

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS0.01701EPSS
Exploits0References1
NVD
NVD
added 2021/12/20 12:15 p.m.48 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS0.97108EPSS
Exploits4References20
NVD
NVD
added 2021/11/26 7:15 p.m.48 views

CVE-2021-43776

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

7.4CVSS0.00656EPSS
Exploits0References2
NVD
NVD
added 2021/11/17 8:15 p.m.48 views

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...

9.3CVSS0.0052EPSS
Exploits0References2
NVD
NVD
added 2021/11/15 8:15 p.m.48 views

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

8.8CVSS0.00608EPSS
Exploits0References2
NVD
NVD
added 2021/11/09 1:15 p.m.48 views

CVE-2021-43114

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation...

7.5CVSS0.01095EPSS
Exploits0References6
NVD
NVD
added 2021/10/11 7:15 p.m.48 views

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

6.7CVSS0.00458EPSS
Exploits0References3
NVD
NVD
added 2021/08/12 11:15 p.m.48 views

CVE-2021-37665

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS0.00185EPSS
Exploits0References3
NVD
NVD
added 2021/08/08 6:15 a.m.48 views

CVE-2021-38193

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...

6.1CVSS0.00702EPSS
Exploits1References2
NVD
NVD
added 2021/08/05 9:15 p.m.48 views

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

8.1CVSS0.00838EPSS
Exploits0References1
NVD
NVD
added 2021/07/09 7:15 p.m.48 views

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

7.8CVSS0.00295EPSS
Exploits0References1
NVD
NVD
added 2021/06/25 7:15 p.m.48 views

CVE-2021-34427

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...

9.8CVSS0.5771EPSS
Exploits4References3
Total number of security vulnerabilities5000