Lucene search
K
NvdMost viewed

364188 matches found

NVD
NVD
•added 2022/01/05 7:15 p.m.•48 views

CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this...

4.3CVSS0.00727EPSS
Exploits0References2
NVD
NVD
•added 2021/12/27 12:15 a.m.•48 views

CVE-2021-45699

An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap...

7.8CVSS0.01466EPSS
Exploits0References2
NVD
NVD
•added 2021/12/23 8:15 p.m.•48 views

CVE-2021-20318

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

7.2CVSS0.01701EPSS
Exploits0References1
NVD
NVD
•added 2021/12/20 12:15 p.m.•48 views

CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

9.8CVSS0.97108EPSS
Exploits4References20
NVD
NVD
•added 2021/11/26 7:15 p.m.•48 views

CVE-2021-43776

Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other...

7.4CVSS0.00656EPSS
Exploits0References2
NVD
NVD
•added 2021/11/15 8:15 p.m.•48 views

CVE-2021-41263

railsmultisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker t...

8.8CVSS0.00608EPSS
Exploits0References2
NVD
NVD
•added 2021/11/09 1:15 p.m.•48 views

CVE-2021-43114

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation...

7.5CVSS0.01095EPSS
Exploits0References6
NVD
NVD
•added 2021/10/11 7:15 p.m.•48 views

CVE-2021-25738

Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution...

6.7CVSS0.00458EPSS
Exploits0References3
NVD
NVD
•added 2021/08/12 11:15 p.m.•48 views

CVE-2021-37665

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS0.00185EPSS
Exploits0References3
NVD
NVD
•added 2021/08/08 6:15 a.m.•48 views

CVE-2021-38193

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...

6.1CVSS0.00702EPSS
Exploits1References2
NVD
NVD
•added 2021/08/05 9:15 p.m.•48 views

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

8.1CVSS0.00838EPSS
Exploits0References1
NVD
NVD
•added 2021/07/09 7:15 p.m.•48 views

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

7.8CVSS0.00295EPSS
Exploits0References1
NVD
NVD
•added 2021/06/25 7:15 p.m.•48 views

CVE-2021-34427

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance...

9.8CVSS0.5771EPSS
Exploits4References3
NVD
NVD
•added 2021/05/14 8:15 p.m.•48 views

CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS0.00189EPSS
Exploits1References2
NVD
NVD
•added 2021/04/27 3:15 p.m.•48 views

CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions...

8.8CVSS0.01866EPSS
Exploits2References3
NVD
NVD
•added 2021/04/23 4:15 p.m.•48 views

CVE-2020-36321

Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 Vaadin 14.0.0 through 14.4.2, and 3.0 prior to 5.0 Vaadin 15 prior to 18 allows attacker to request arbitrary files stored outside of intended frontend resources folder...

7.5CVSS0.01211EPSS
Exploits0References2
NVD
NVD
•added 2021/04/16 10:15 p.m.•48 views

CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS0.01238EPSS
Exploits0References2
NVD
NVD
•added 2021/04/15 5:15 p.m.•48 views

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

6.1CVSS0.00725EPSS
Exploits1References1
NVD
NVD
•added 2021/03/15 6:15 p.m.•48 views

CVE-2021-27946

SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...

8.8CVSS0.04201EPSS
Exploits5References2
NVD
NVD
•added 2021/02/17 8:15 a.m.•48 views

CVE-2021-23339

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

6.5CVSS0.00705EPSS
Exploits0References2
NVD
NVD
•added 2021/02/07 8:15 p.m.•48 views

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...

10CVSS0.87383EPSS
Exploits3References3
NVD
NVD
•added 2021/02/02 3:15 p.m.•48 views

CVE-2021-25310

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002US20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the uilanguage POST parameter to the apply.cgi form endpoint. This occurs in doupgradepost in...

9CVSS0.04633EPSS
Exploits1References2
NVD
NVD
•added 2021/01/26 6:16 p.m.•48 views

CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

9CVSS7.2AI score0.16782EPSS
Exploits4References2
NVD
NVD
•added 2020/11/25 12:15 a.m.•48 views

CVE-2020-26238

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

8.1CVSS8.2AI score0.04204EPSS
Exploits1References13
NVD
NVD
•added 2020/10/21 9:15 p.m.•48 views

CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

9.8CVSS0.53619EPSS
Exploits4References4
NVD
NVD
•added 2020/10/16 11:15 p.m.•48 views

CVE-2020-17003

A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Base3D rendering engine...

9.3CVSS0.03871EPSS
Exploits0References1
NVD
NVD
•added 2020/10/05 8:15 a.m.•48 views

CVE-2020-7709

This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported...

7.2CVSS0.01783EPSS
Exploits1References3
NVD
NVD
•added 2020/09/25 6:15 p.m.•48 views

CVE-2020-16242

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting XSS, which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts...

6.1CVSS0.00706EPSS
Exploits0References1
NVD
NVD
•added 2020/09/16 7:15 p.m.•48 views

CVE-2020-13259

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

9.3CVSS0.04663EPSS
Exploits6References2
NVD
NVD
•added 2020/09/11 1:15 p.m.•48 views

CVE-2020-16218

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access t...

3.5CVSS0.00658EPSS
Exploits0References2
NVD
NVD
•added 2020/09/08 10:15 a.m.•48 views

CVE-2020-11120

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

7.8CVSS7.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
•added 2020/08/11 8:15 p.m.•48 views

CVE-2020-8911

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

5.6CVSS5.9AI score0.00348EPSS
Exploits1References2
NVD
NVD
•added 2020/08/11 8:15 p.m.•48 views

CVE-2020-8912

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

2.5CVSS4AI score0.00231EPSS
Exploits1References2
NVD
NVD
•added 2020/08/11 1:15 p.m.•48 views

CVE-2020-10777

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms...

5.4CVSS6AI score0.00661EPSS
Exploits0References2
NVD
NVD
•added 2020/06/19 8:15 p.m.•48 views

CVE-2020-10750

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

7.1CVSS0.00427EPSS
Exploits0References2
NVD
NVD
•added 2020/06/03 1:15 p.m.•48 views

CVE-2020-2190

Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.3AI score0.0076EPSS
Exploits0References2
NVD
NVD
•added 2020/05/29 10:15 p.m.•48 views

CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...

7.8CVSS7.5AI score0.00319EPSS
Exploits0References1
NVD
NVD
•added 2020/05/20 1:15 p.m.•48 views

CVE-2020-12835

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...

9.8CVSS9.7AI score0.117EPSS
Exploits3References4
NVD
NVD
•added 2020/04/07 2:15 p.m.•48 views

CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

9.8CVSS9.5AI score0.03516EPSS
Exploits1References2
NVD
NVD
•added 2020/03/06 9:15 p.m.•48 views

CVE-2020-10111

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization...

7.5CVSS7.6AI score0.0195EPSS
Exploits3References3
NVD
NVD
•added 2020/02/18 2:15 a.m.•48 views

CVE-2020-1872

Huawei smart phones P10 Plus with versions earlier than 9.1.0.201C01E75R1P12T8, earlier than 9.1.0.252C185E2R1P9T8, earlier than 9.1.0.252C432E4R1P9T8, and earlier than 9.1.0.255C576E6R1P8T8 have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance...

4.6CVSS4.7AI score0.00214EPSS
Exploits0References1
NVD
NVD
•added 2020/02/14 8:15 p.m.•48 views

CVE-2013-4211

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code...

9.8CVSS9.7AI score0.76415EPSS
Exploits5References5
NVD
NVD
•added 2019/10/09 4:15 p.m.•48 views

CVE-2019-17124

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control...

10CVSS9.6AI score0.2254EPSS
Exploits5References2
NVD
NVD
•added 2019/08/20 7:15 p.m.•48 views

CVE-2019-10745

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...

7.5CVSS7.4AI score0.01142EPSS
Exploits1References1
NVD
NVD
•added 2019/08/15 7:15 p.m.•48 views

CVE-2019-13513

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application...

7.8CVSS7.7AI score0.0385EPSS
Exploits0References6
NVD
NVD
•added 2019/07/19 3:15 p.m.•48 views

CVE-2019-1167

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'...

4.1CVSS4.3AI score0.011EPSS
Exploits0References1
NVD
NVD
•added 2019/05/31 10:29 p.m.•48 views

CVE-2019-10038

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file...

7.8CVSS7.6AI score0.01307EPSS
Exploits4References3
NVD
NVD
•added 2019/01/09 4:29 p.m.•48 views

CVE-2018-20679

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components consumed by the DHCP server, client, and relay allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcpgetoption in...

7.5CVSS7.1AI score0.07694EPSS
Exploits2References7
NVD
NVD
•added 2018/12/10 2:29 p.m.•48 views

CVE-2018-1000864

A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop...

6.5CVSS6.8AI score0.02751EPSS
Exploits0References3
NVD
NVD
•added 2018/09/18 2:29 p.m.•48 views

CVE-2018-11787

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

8.1CVSS8.1AI score0.02573EPSS
Exploits0References3
Total number of security vulnerabilities5000