Lucene search
K
NvdMost viewed

363836 matches found

NVD
NVD
added 2025/01/13 2:15 p.m.47 views

CVE-2025-22777

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through = 3.19.3...

9.8CVSS0.00909EPSS
Exploits1References2
NVD
NVD
added 2025/01/02 4:15 p.m.47 views

CVE-2024-55543

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

7.8CVSS0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/12/26 6:15 a.m.47 views

CVE-2024-11223

The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7CVSS0.00492EPSS
Exploits1References1
NVD
NVD
added 2024/12/23 4:15 p.m.47 views

CVE-2024-45387

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrad...

9.9CVSS0.41841EPSS
Exploits0References2
NVD
NVD
added 2024/12/19 11:15 p.m.47 views

CVE-2024-56327

pyrage is a set of Python bindings for the rage file encryption library age in Rust. pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. S...

9.8CVSS0.00472EPSS
Exploits0References3
NVD
NVD
added 2024/12/19 10:15 a.m.47 views

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS0.00571EPSS
Exploits0References4
NVD
NVD
added 2024/12/13 4:15 p.m.47 views

CVE-2024-55887

Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts...

8.6CVSS0.00539EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 6:15 a.m.47 views

CVE-2024-9651

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS0.00357EPSS
Exploits1References1
NVD
NVD
added 2024/12/05 4:15 p.m.47 views

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

7.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/12/05 4:15 p.m.47 views

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

6.1CVSS0.0042EPSS
Exploits1References3
NVD
NVD
added 2024/12/03 6:15 p.m.47 views

CVE-2024-25020

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

9.8CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/11/20 4:15 p.m.47 views

CVE-2024-11487

A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndatesreport.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql...

8.8CVSS0.004EPSS
Exploits0References3
NVD
NVD
added 2024/11/18 4:15 p.m.47 views

CVE-2024-52568

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Teamcenter Visualization V2406 All versions V2406.0005, Tecnomatix Plant Simulation V2302...

7.8CVSS0.00192EPSS
Exploits0References2
NVD
NVD
added 2024/11/16 4:15 a.m.47 views

CVE-2024-6628

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2024/10/31 7:15 p.m.47 views

CVE-2024-51064

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php...

9.8CVSS0.00544EPSS
Exploits1References1
NVD
NVD
added 2024/10/20 11:15 a.m.47 views

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

8.8CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 8:15 p.m.47 views

CVE-2024-45292

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize "javascript:" URLs from hyperlink href attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2,...

5.4CVSS0.00316EPSS
Exploits1References1
NVD
NVD
added 2024/10/01 8:15 a.m.47 views

CVE-2024-8548

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible...

8.1CVSS0.00358EPSS
Exploits0References2
NVD
NVD
added 2024/09/19 5:15 p.m.47 views

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

6.1CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 4:15 p.m.47 views

CVE-2024-6587

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

7.5CVSS0.36945EPSS
Exploits1References2
NVD
NVD
added 2024/09/12 8:15 p.m.47 views

CVE-2024-6077

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover...

8.7CVSS0.00562EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 1:15 p.m.47 views

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/07 9:15 a.m.47 views

CVE-2024-6849

The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00286EPSS
Exploits0References3
NVD
NVD
added 2024/09/03 8:15 p.m.47 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS0.00329EPSS
Exploits0References6
NVD
NVD
added 2024/09/02 12:15 p.m.47 views

CVE-2024-33057

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location...

7.5CVSS0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 7:15 a.m.47 views

CVE-2023-52895

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: don't reissue in case of poll race on multishot request A previous commit fixed a poll race that can occur, but it's only applicable for multishot requests. For a multishot request, we can safely ignore a spurious...

5.5CVSS0.00205EPSS
Exploits0References2
NVD
NVD
added 2024/08/21 1:15 a.m.47 views

CVE-2024-43878

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: 52.987278 eth1: renamed from veth11 53.078814 eth1: renamed from veth21 53.181355...

7.1CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 3:15 p.m.47 views

CVE-2024-43406

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...

8.8CVSS0.00894EPSS
Exploits1References2
NVD
NVD
added 2024/08/14 7:15 a.m.47 views

CVE-2024-7731

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

9.8CVSS0.00835EPSS
Exploits0References2
NVD
NVD
added 2024/08/06 2:15 a.m.47 views

CVE-2024-7484

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handleuploadedfiles' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to...

7.2CVSS0.0093EPSS
Exploits0References3
NVD
NVD
added 2024/08/05 3:16 a.m.47 views

CVE-2024-7467

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpnconfigmod of the file /vpn/listipnetwork.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

9.8CVSS0.23402EPSS
Exploits1References4
NVD
NVD
added 2024/08/02 10:16 a.m.47 views

CVE-2024-40719

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it...

6.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2024/07/30 3:15 p.m.47 views

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

6.5CVSS0.00483EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 8:15 p.m.47 views

CVE-2024-41112

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

9.8CVSS0.01395EPSS
Exploits1References4
NVD
NVD
added 2024/07/25 8:15 p.m.47 views

CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

7.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2024/07/22 3:15 p.m.47 views

CVE-2024-41131

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9...

7.5CVSS0.00669EPSS
Exploits0References5
NVD
NVD
added 2024/07/21 10:15 p.m.47 views

CVE-2024-37459

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...

7.1CVSS0.00327EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 1:15 a.m.47 views

CVE-2024-6345

A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code...

8.8CVSS0.01939EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 5:15 p.m.47 views

CVE-2024-38051

Windows Graphics Component Remote Code Execution Vulnerability...

7.8CVSS0.01131EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.47 views

CVE-2024-38020

Microsoft Outlook Spoofing Vulnerability...

6.5CVSS0.01857EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 9:15 a.m.47 views

CVE-2024-5810

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

5.3CVSS0.00444EPSS
Exploits0References6
NVD
NVD
added 2024/07/08 4:15 p.m.47 views

CVE-2024-39699

Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security...

5CVSS0.00435EPSS
Exploits1References2
NVD
NVD
added 2024/07/03 7:15 p.m.47 views

CVE-2024-36113

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

6.5CVSS0.00418EPSS
Exploits0References3
NVD
NVD
added 2024/07/02 8:15 p.m.47 views

CVE-2024-39315

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

6.5CVSS0.00416EPSS
Exploits0References2
NVD
NVD
added 2024/07/02 6:15 p.m.47 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS0.01477EPSS
Exploits0References5
NVD
NVD
added 2024/07/01 10:15 p.m.47 views

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

5.4CVSS0.00109EPSS
Exploits0References1
NVD
NVD
added 2024/06/28 10:15 p.m.47 views

CVE-2024-38532

The NXP Data Co-Processor DCP is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcptool reference implementation included in the repository selected the test key, regardless of its -t argument. This...

7.1CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2024/06/28 7:15 p.m.47 views

CVE-2022-27540

A potential Time-of-Check to Time-of Use TOCTOU vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...

7.8CVSS0.00118EPSS
Exploits0References1
NVD
NVD
added 2024/06/27 10:15 p.m.47 views

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

9.8CVSS0.01346EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 9:15 p.m.47 views

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

4.9CVSS0.00369EPSS
Exploits0References1
Total number of security vulnerabilities5000