Lucene search
K
NvdMost viewed

363922 matches found

NVD
NVD
•added 2023/10/18 10:15 p.m.•47 views

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.4AI score0.00326EPSS
Exploits0References3
NVD
NVD
•added 2023/10/18 9:15 p.m.•47 views

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

7.8CVSS7.2AI score0.00354EPSS
Exploits0References3
NVD
NVD
•added 2023/10/10 2:15 p.m.•47 views

CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

9.4CVSS9.5AI score0.99999EPSS
Exploits15References3
NVD
NVD
•added 2023/10/06 7:15 p.m.•47 views

CVE-2023-45282

In NASA Open MCT aka openmct before 3.1.0, prototype pollution can occur via an import action...

7.5CVSS7.5AI score0.00941EPSS
Exploits0References4
NVD
NVD
•added 2023/09/15 2:15 p.m.•47 views

CVE-2022-3466

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10....

5.3CVSS5.6AI score0.00212EPSS
Exploits0References3
NVD
NVD
•added 2023/09/11 8:15 p.m.•47 views

CVE-2023-41336

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

6.5CVSS6.4AI score0.00523EPSS
Exploits0References4
NVD
NVD
•added 2023/09/06 6:15 p.m.•47 views

CVE-2023-41330

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

9.8CVSS9.8AI score0.01877EPSS
Exploits1References3
NVD
NVD
•added 2023/09/05 4:15 p.m.•47 views

CVE-2023-4778

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV...

5.9CVSS5.5AI score0.00253EPSS
Exploits1References2
NVD
NVD
•added 2023/09/04 10:15 a.m.•47 views

CVE-2023-39164

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1
NVD
NVD
•added 2023/08/28 10:15 p.m.•47 views

CVE-2023-40827

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...

7.5CVSS7.7AI score0.01492EPSS
Exploits1References3
NVD
NVD
•added 2023/08/24 11:15 p.m.•47 views

CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

5.5CVSS5.6AI score0.00308EPSS
Exploits1References3
NVD
NVD
•added 2023/08/23 2:15 a.m.•47 views

CVE-2023-4404

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

9.8CVSS9.6AI score0.00765EPSS
Exploits1References2
NVD
NVD
•added 2023/08/22 7:16 p.m.•47 views

CVE-2022-48545

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02...

5.5CVSS5.7AI score0.00232EPSS
Exploits0References1
NVD
NVD
•added 2023/08/10 11:15 a.m.•47 views

CVE-2023-37988

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...

7.1CVSS6.2AI score0.01231EPSS
Exploits3References2
NVD
NVD
•added 2023/08/09 12:15 p.m.•47 views

CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

7.2CVSS7AI score0.12342EPSS
Exploits3References3
NVD
NVD
•added 2023/08/07 9:15 p.m.•47 views

CVE-2023-39529

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds...

9.1CVSS7.1AI score0.00596EPSS
Exploits0References2
NVD
NVD
•added 2023/07/18 12:15 p.m.•47 views

CVE-2023-25475

Cross-Site Request Forgery CSRF vulnerability in Vladimir Prelovac Smart YouTube PRO plugin = 4.3 versions...

8.8CVSS0.00253EPSS
Exploits0References1
NVD
NVD
•added 2023/07/14 10:15 p.m.•47 views

CVE-2023-34236

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

8.5CVSS0.00706EPSS
Exploits1References7
NVD
NVD
•added 2023/07/11 3:15 p.m.•47 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.8CVSS9.6AI score0.01406EPSS
Exploits1References1
NVD
NVD
•added 2023/07/11 10:15 a.m.•47 views

CVE-2023-37391

Cross-Site Request Forgery CSRF vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin = 3.4.1 versions...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References1
NVD
NVD
•added 2023/07/10 4:15 p.m.•47 views

CVE-2023-28989

Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References1
NVD
NVD
•added 2023/07/05 4:15 p.m.•47 views

CVE-2023-31194

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...

7.8CVSS5.8AI score0.00445EPSS
Exploits1References2
NVD
NVD
•added 2023/06/23 10:15 p.m.•47 views

CVE-2023-35932

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

8.8CVSS8AI score0.01841EPSS
Exploits0References2
NVD
NVD
•added 2023/06/20 3:15 p.m.•47 views

CVE-2020-20726

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...

8.8CVSS8.9AI score0.00665EPSS
Exploits1References1
NVD
NVD
•added 2023/06/19 11:15 a.m.•47 views

CVE-2023-2401

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00442EPSS
Exploits2References1
NVD
NVD
•added 2023/06/12 4:15 p.m.•47 views

CVE-2023-34212

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

6.5CVSS6.4AI score0.02351EPSS
Exploits1References3
NVD
NVD
•added 2023/06/08 12:15 a.m.•47 views

CVE-2023-34239

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in...

9.1CVSS7.7AI score0.00651EPSS
Exploits0References3
NVD
NVD
•added 2023/06/07 8:15 p.m.•47 views

CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

9.8CVSS9.9AI score0.01731EPSS
Exploits0References5
NVD
NVD
•added 2023/06/07 2:15 p.m.•47 views

CVE-2022-31693

VMware Tools for Windows 12.x.y prior to 12.1.5, 11.x.y and 10.x.y contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a...

5.5CVSS5.6AI score0.00233EPSS
Exploits0References3
NVD
NVD
•added 2023/06/01 5:15 p.m.•47 views

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

6.1CVSS5.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
•added 2023/05/30 8:15 a.m.•47 views

CVE-2023-0329

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...

7.2CVSS7.2AI score0.19695EPSS
Exploits7References2
NVD
NVD
•added 2023/05/24 3:15 p.m.•47 views

CVE-2023-31748

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file...

7.8CVSS7.6AI score0.00879EPSS
Exploits4References2
NVD
NVD
•added 2023/05/23 1:15 a.m.•47 views

CVE-2023-31664

A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...

6.1CVSS5.9AI score0.012EPSS
Exploits1References3
NVD
NVD
•added 2023/05/17 8:15 a.m.•47 views

CVE-2023-2753

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta...

7.2CVSS5.8AI score0.00552EPSS
Exploits0References2
NVD
NVD
•added 2023/05/12 7:15 a.m.•47 views

CVE-2023-2668

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function managercategory of the file admin/?page=categories/managecategory of the component GET Parameter Handler. The manipulation of the argument id leads ...

9.8CVSS7.3AI score0.00819EPSS
Exploits1References3
NVD
NVD
•added 2023/05/10 6:15 p.m.•47 views

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

9CVSS8.4AI score0.00652EPSS
Exploits0References3
NVD
NVD
•added 2023/04/28 7:15 p.m.•47 views

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

6.1CVSS6AI score0.00535EPSS
Exploits1References2
NVD
NVD
•added 2023/04/26 4:15 p.m.•47 views

CVE-2023-30211

OURPHP = 7.2.0 is vulnerable to SQL Injection...

9.8CVSS9.7AI score0.00953EPSS
Exploits1References1
NVD
NVD
•added 2023/04/17 9:15 p.m.•47 views

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

4.3CVSS4.4AI score0.00882EPSS
Exploits1References3
NVD
NVD
•added 2023/04/16 2:15 a.m.•47 views

CVE-2022-40946

On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the systoken parameter in a cgi-bin/webproc?getpage=html/index.html request...

7.5CVSS7.4AI score0.07974EPSS
Exploits5References3
NVD
NVD
•added 2023/04/05 5:15 p.m.•47 views

CVE-2023-1879

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

5.4CVSS4.8AI score0.00475EPSS
Exploits1References2
NVD
NVD
•added 2023/03/28 9:15 p.m.•47 views

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8.8CVSS8.3AI score0.0132EPSS
Exploits1References1
NVD
NVD
•added 2023/03/27 9:15 p.m.•47 views

CVE-2023-28640

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.4AI score0.0034EPSS
Exploits0References2
NVD
NVD
•added 2023/03/24 8:15 p.m.•47 views

CVE-2021-3684

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...

5.5CVSS5.4AI score0.00249EPSS
Exploits0References3
NVD
NVD
•added 2023/03/20 3:15 p.m.•47 views

CVE-2023-28429

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

6.1CVSS6.3AI score0.00544EPSS
Exploits0References3
NVD
NVD
•added 2023/03/10 9:15 p.m.•47 views

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References1
NVD
NVD
•added 2023/03/09 9:15 p.m.•47 views

CVE-2023-27484

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.2AI score0.00678EPSS
Exploits0References1
NVD
NVD
•added 2023/03/07 8:15 a.m.•47 views

CVE-2023-1239

Cross-site Scripting XSS - Reflected in GitHub repository answerdev/answer prior to 1.0.6...

6CVSS5AI score0.00526EPSS
Exploits1References2
NVD
NVD
•added 2023/03/06 10:15 p.m.•47 views

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

8.8CVSS8.6AI score0.0454EPSS
Exploits3References2
NVD
NVD
•added 2023/02/22 7:15 p.m.•47 views

CVE-2023-0963

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The...

9.8CVSS7.9AI score0.0467EPSS
Exploits5References3
Total number of security vulnerabilities5000