Lucene search
K
NvdMost viewed

364473 matches found

NVD
NVD
added 2025/04/29 7:15 a.m.47 views

CVE-2025-2893

The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00231EPSS
Exploits0References4
NVD
NVD
added 2025/04/27 4:15 p.m.47 views

CVE-2025-46657

Karaz Karazal through 2025-04-14 allows reflected XSS via the lang parameter to the default URI...

7.2CVSS0.00273EPSS
Exploits2References1
NVD
NVD
added 2025/04/20 5:15 p.m.47 views

CVE-2025-3830

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricte...

9.8CVSS0.00412EPSS
Exploits1References4
NVD
NVD
added 2025/04/11 1:15 p.m.47 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS0.01119EPSS
Exploits0References3
NVD
NVD
added 2025/04/10 5:15 a.m.47 views

CVE-2025-3102

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secretkey' value in the 'autheticateuser' function in all versions up to, and including, 1.0.78. Th...

8.1CVSS0.76126EPSS
Exploits8References3
NVD
NVD
added 2025/04/09 8:15 p.m.47 views

CVE-2025-30649

An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service DoS...

8.7CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 3:16 p.m.47 views

CVE-2025-31180

A flaw was found in gnuplot. The CANVAStext function may lead to a segmentation fault and cause a system crash...

6.2CVSS0.00184EPSS
Exploits0References3
NVD
NVD
added 2025/03/06 5:15 p.m.47 views

CVE-2025-2032

A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used...

5.1CVSS0.00535EPSS
Exploits1References4
NVD
NVD
added 2025/02/21 12:15 p.m.47 views

CVE-2024-13846

The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ‘postid’ parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

4.9CVSS0.00367EPSS
Exploits0References2
NVD
NVD
added 2025/02/18 11:15 a.m.47 views

CVE-2024-13783

The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin da...

4.3CVSS0.00382EPSS
Exploits0References3
NVD
NVD
added 2025/02/12 7:15 p.m.47 views

CVE-2025-25283

parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to 50ms per one operation, with a varying size from...

7.5CVSS0.00715EPSS
Exploits0References3
NVD
NVD
added 2025/02/07 4:15 p.m.47 views

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

7.5CVSS0.00345EPSS
Exploits0References2
NVD
NVD
added 2025/01/28 12:15 a.m.47 views

CVE-2022-31749

An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM...

6.5CVSS0.01242EPSS
Exploits2References2
NVD
NVD
added 2025/01/17 8:15 p.m.47 views

CVE-2024-57034

WeGIA 3.2.0 is vulnerable to SQL Injection in querygeracaoauto.php via the query parameter...

9.8CVSS0.00596EPSS
Exploits1References2
NVD
NVD
added 2025/01/15 10:15 p.m.47 views

CVE-2025-0489

A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlinkdodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...

8.8CVSS0.00434EPSS
Exploits1References5
NVD
NVD
added 2025/01/15 6:15 p.m.47 views

CVE-2025-23040

GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop...

6.6CVSS0.00747EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 3:15 p.m.47 views

CVE-2024-39763

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS0.04815EPSS
Exploits1References2
NVD
NVD
added 2025/01/13 4:15 p.m.47 views

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...

7.5CVSS0.00268EPSS
Exploits0References4
NVD
NVD
added 2025/01/13 2:15 p.m.47 views

CVE-2025-22777

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through = 3.19.3...

9.8CVSS0.00909EPSS
Exploits1References2
NVD
NVD
added 2025/01/02 4:15 p.m.47 views

CVE-2024-55543

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

7.8CVSS0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/12/23 4:15 p.m.47 views

CVE-2024-45387

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrad...

9.9CVSS0.41841EPSS
Exploits0References2
NVD
NVD
added 2024/12/19 11:15 p.m.47 views

CVE-2024-56327

pyrage is a set of Python bindings for the rage file encryption library age in Rust. pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. S...

9.8CVSS0.00472EPSS
Exploits0References3
NVD
NVD
added 2024/12/19 10:15 a.m.47 views

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

10CVSS0.00571EPSS
Exploits0References4
NVD
NVD
added 2024/12/09 6:15 a.m.47 views

CVE-2024-9651

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS0.00357EPSS
Exploits1References1
NVD
NVD
added 2024/12/05 4:15 p.m.47 views

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

6.1CVSS0.0042EPSS
Exploits1References3
NVD
NVD
added 2024/11/18 4:15 p.m.47 views

CVE-2024-52568

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Teamcenter Visualization V2406 All versions V2406.0005, Tecnomatix Plant Simulation V2302...

7.8CVSS0.00192EPSS
Exploits0References2
NVD
NVD
added 2024/11/16 4:15 a.m.47 views

CVE-2024-6628

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2024/11/08 8:15 a.m.47 views

CVE-2024-10999

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the...

7.2CVSS0.00552EPSS
Exploits1References4
NVD
NVD
added 2024/10/31 7:15 p.m.47 views

CVE-2024-51064

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php...

9.8CVSS0.00544EPSS
Exploits1References1
NVD
NVD
added 2024/10/20 11:15 a.m.47 views

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

8.8CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 8:15 a.m.47 views

CVE-2024-8548

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible...

8.1CVSS0.00363EPSS
Exploits0References2
NVD
NVD
added 2024/09/19 5:15 p.m.47 views

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

6.1CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 6:15 p.m.47 views

CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

9.8CVSS0.54143EPSS
Exploits0References2
NVD
NVD
added 2024/09/12 8:15 p.m.47 views

CVE-2024-6077

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover...

8.7CVSS0.00562EPSS
Exploits0References1
NVD
NVD
added 2024/09/12 1:15 p.m.47 views

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/10 3:15 p.m.47 views

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

8.1CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2024/09/07 9:15 a.m.47 views

CVE-2024-6849

The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00286EPSS
Exploits0References3
NVD
NVD
added 2024/09/03 8:15 p.m.47 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS0.00329EPSS
Exploits0References6
NVD
NVD
added 2024/08/23 9:15 p.m.47 views

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS0.00769EPSS
Exploits2References2
NVD
NVD
added 2024/08/21 1:15 a.m.47 views

CVE-2024-43878

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: 52.987278 eth1: renamed from veth11 53.078814 eth1: renamed from veth21 53.181355...

7.1CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 3:15 p.m.47 views

CVE-2024-43406

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...

8.8CVSS0.00894EPSS
Exploits1References2
NVD
NVD
added 2024/08/15 7:15 p.m.47 views

CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

10CVSS0.01283EPSS
Exploits1References11
NVD
NVD
added 2024/08/15 3:15 p.m.47 views

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

9.3CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.47 views

CVE-2024-38131

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability...

8.8CVSS0.01237EPSS
Exploits0References1
NVD
NVD
added 2024/08/07 11:15 a.m.47 views

CVE-2024-6522

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mecfesform' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitra...

9.6CVSS0.00405EPSS
Exploits0References4
NVD
NVD
added 2024/08/05 3:16 a.m.47 views

CVE-2024-7467

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpnconfigmod of the file /vpn/listipnetwork.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

9.8CVSS0.23402EPSS
Exploits1References4
NVD
NVD
added 2024/08/02 10:16 a.m.47 views

CVE-2024-40719

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it...

6.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2024/07/30 3:15 p.m.47 views

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

6.5CVSS0.00483EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 8:15 p.m.47 views

CVE-2024-41112

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

9.8CVSS0.01395EPSS
Exploits1References4
NVD
NVD
added 2024/07/25 8:15 p.m.47 views

CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

7.3CVSS0.00228EPSS
Exploits0References1
Total number of security vulnerabilities5000