Lucene search
K
NvdMost viewed

363779 matches found

NVD
NVD
added 2025/07/28 6:15 a.m.47 views

CVE-2025-8260

A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgridserver.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out...

7.5CVSS0.00228EPSS
Exploits1References5
NVD
NVD
added 2025/07/22 10:15 p.m.47 views

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

7.3CVSS0.00316EPSS
Exploits0References3
NVD
NVD
added 2025/06/03 3:16 p.m.47 views

CVE-2025-5506

A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The...

5.4CVSS0.00291EPSS
Exploits1References5
NVD
NVD
added 2025/05/17 10:15 p.m.47 views

CVE-2025-4839

A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissiv...

8.1CVSS0.00252EPSS
Exploits1References4
NVD
NVD
added 2025/05/07 3:15 a.m.47 views

CVE-2025-4335

The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the savemultipleshippingaddresses function. This makes it possible for...

8.8CVSS0.00316EPSS
Exploits0References2
NVD
NVD
added 2025/05/06 5:16 p.m.47 views

CVE-2025-30165

vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...

8CVSS0.00502EPSS
Exploits0References3
NVD
NVD
added 2025/05/05 9:15 p.m.47 views

CVE-2025-4289

A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component RNTO Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

9.8CVSS0.00612EPSS
Exploits1References4
NVD
NVD
added 2025/05/01 6:15 a.m.47 views

CVE-2025-3503

The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00236EPSS
Exploits1References1
NVD
NVD
added 2025/04/29 6:15 p.m.47 views

CVE-2025-46350

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

4.8CVSS0.00241EPSS
Exploits1References2
NVD
NVD
added 2025/04/27 4:15 p.m.47 views

CVE-2025-46657

Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI...

7.2CVSS0.00273EPSS
Exploits2References1
NVD
NVD
added 2025/04/20 5:15 p.m.47 views

CVE-2025-3830

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricte...

9.8CVSS0.00412EPSS
Exploits1References4
NVD
NVD
added 2025/04/11 1:15 p.m.47 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS0.01119EPSS
Exploits0References3
NVD
NVD
added 2025/04/10 5:15 a.m.47 views

CVE-2025-3102

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secretkey' value in the 'autheticateuser' function in all versions up to, and including, 1.0.78. Th...

8.1CVSS0.76126EPSS
Exploits8References3
NVD
NVD
added 2025/04/09 8:15 p.m.47 views

CVE-2025-30649

An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service DoS...

8.7CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 3:16 p.m.47 views

CVE-2025-31180

A flaw was found in gnuplot. The CANVAStext function may lead to a segmentation fault and cause a system crash...

6.2CVSS0.00184EPSS
Exploits0References3
NVD
NVD
added 2025/03/06 5:15 p.m.47 views

CVE-2025-2032

A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used...

5.1CVSS0.00535EPSS
Exploits1References4
NVD
NVD
added 2025/02/25 8:15 p.m.47 views

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

8.8CVSS0.00514EPSS
Exploits0References2
NVD
NVD
added 2025/02/21 12:15 p.m.47 views

CVE-2024-13846

The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘postid’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS0.00367EPSS
Exploits0References2
NVD
NVD
added 2025/02/18 11:15 a.m.47 views

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

4.3CVSS0.00382EPSS
Exploits0References3
NVD
NVD
added 2025/02/12 7:15 p.m.47 views

CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS0.00715EPSS
Exploits0References3
NVD
NVD
added 2025/01/17 8:15 p.m.47 views

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

9.8CVSS0.00596EPSS
Exploits1References2
NVD
NVD
added 2025/01/15 10:15 p.m.47 views

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

8.8CVSS0.00434EPSS
Exploits1References5
NVD
NVD
added 2025/01/15 6:15 p.m.47 views

CVE-2025-23040

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...

6.6CVSS0.00747EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 3:15 p.m.47 views

CVE-2024-39763

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.04815EPSS
Exploits1References2
NVD
NVD
added 2025/01/13 4:15 p.m.47 views

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...

7.5CVSS0.00268EPSS
Exploits0References4
NVD
NVD
added 2025/01/13 2:15 p.m.47 views

CVE-2025-22777

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through = 3.19.3...

9.8CVSS0.00909EPSS
Exploits1References2
NVD
NVD
added 2025/01/02 4:15 p.m.47 views

CVE-2024-55543

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

7.8CVSS0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/12/26 6:15 a.m.47 views

CVE-2024-11223

The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7CVSS0.00492EPSS
Exploits1References1
NVD
NVD
added 2024/12/23 4:15 p.m.47 views

CVE-2024-45387

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrad...

9.9CVSS0.41841EPSS
Exploits0References2
NVD
NVD
added 2024/12/19 11:15 p.m.47 views

CVE-2024-56327

pyrage is a set of Python bindings for the rage file encryption library age in Rust. pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. S...

9.8CVSS0.00472EPSS
Exploits0References3
NVD
NVD
added 2024/12/19 10:15 a.m.47 views

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS0.00571EPSS
Exploits0References4
NVD
NVD
added 2024/12/13 4:15 p.m.47 views

CVE-2024-55887

Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts...

8.6CVSS0.00539EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 6:15 a.m.47 views

CVE-2024-9651

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS0.00357EPSS
Exploits1References1
NVD
NVD
added 2024/12/05 4:15 p.m.47 views

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

7.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/12/05 4:15 p.m.47 views

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

6.1CVSS0.0042EPSS
Exploits1References3
NVD
NVD
added 2024/11/20 4:15 p.m.47 views

CVE-2024-11487

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...

8.8CVSS0.004EPSS
Exploits0References3
NVD
NVD
added 2024/11/18 4:15 p.m.47 views

CVE-2024-52568

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Teamcenter Visualization V2406 All versions V2406.0005, Tecnomatix Plant Simulation V2302...

7.8CVSS0.00192EPSS
Exploits0References2
NVD
NVD
added 2024/11/16 4:15 a.m.47 views

CVE-2024-6628

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2024/10/31 7:15 p.m.47 views

CVE-2024-51064

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php...

9.8CVSS0.00544EPSS
Exploits1References1
NVD
NVD
added 2024/10/20 11:15 a.m.47 views

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

8.8CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 8:15 p.m.47 views

CVE-2024-45292

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

5.4CVSS0.00316EPSS
Exploits1References1
NVD
NVD
added 2024/10/01 8:15 a.m.47 views

CVE-2024-8548

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible...

8.1CVSS0.00358EPSS
Exploits0References2
NVD
NVD
added 2024/09/19 5:15 p.m.47 views

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

6.1CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 4:15 p.m.47 views

CVE-2024-6587

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS0.36945EPSS
Exploits1References2
NVD
NVD
added 2024/09/12 8:15 p.m.47 views

CVE-2024-6077

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover...

8.7CVSS0.00562EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 1:15 p.m.47 views

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/07 9:15 a.m.47 views

CVE-2024-6849

The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00286EPSS
Exploits0References3
NVD
NVD
added 2024/09/03 8:15 p.m.47 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS0.00329EPSS
Exploits0References6
NVD
NVD
added 2024/09/02 12:15 p.m.47 views

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location...

7.5CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 7:15 a.m.47 views

CVE-2023-52895

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. For a multishot request, we can safely ignore a spurious...

5.5CVSS0.00205EPSS
Exploits0References2
Total number of security vulnerabilities5000