Lucene search
K
NvdMost viewed

363954 matches found

NVD
NVD
•added 2023/04/16 2:15 a.m.•47 views

CVE-2022-40946

On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the systoken parameter in a cgi-bin/webproc?getpage=html/index.html request...

7.5CVSS7.4AI score0.07974EPSS
Exploits5References3
NVD
NVD
•added 2023/04/05 5:15 p.m.•47 views

CVE-2023-1879

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

5.4CVSS4.8AI score0.00475EPSS
Exploits1References2
NVD
NVD
•added 2023/03/28 9:15 p.m.•47 views

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8.8CVSS8.3AI score0.0132EPSS
Exploits1References1
NVD
NVD
•added 2023/03/27 9:15 p.m.•47 views

CVE-2023-28640

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.4AI score0.0034EPSS
Exploits0References2
NVD
NVD
•added 2023/03/24 8:15 p.m.•47 views

CVE-2021-3684

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...

5.5CVSS5.4AI score0.00249EPSS
Exploits0References3
NVD
NVD
•added 2023/03/20 3:15 p.m.•47 views

CVE-2023-28429

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

6.1CVSS6.3AI score0.00544EPSS
Exploits0References3
NVD
NVD
•added 2023/03/10 9:15 p.m.•47 views

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References1
NVD
NVD
•added 2023/03/09 9:15 p.m.•47 views

CVE-2023-27484

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.2AI score0.00678EPSS
Exploits0References1
NVD
NVD
•added 2023/03/07 8:15 a.m.•47 views

CVE-2023-1239

Cross-site Scripting XSS - Reflected in GitHub repository answerdev/answer prior to 1.0.6...

6CVSS5AI score0.00526EPSS
Exploits1References2
NVD
NVD
•added 2023/03/06 10:15 p.m.•47 views

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

8.8CVSS8.6AI score0.0454EPSS
Exploits3References2
NVD
NVD
•added 2023/02/22 7:15 p.m.•47 views

CVE-2023-0963

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The...

9.8CVSS7.9AI score0.0467EPSS
Exploits5References3
NVD
NVD
•added 2023/02/15 2:15 p.m.•47 views

CVE-2022-32469

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7CVSS8AI score0.00132EPSS
Exploits0References2
NVD
NVD
•added 2023/02/12 4:15 a.m.•47 views

CVE-2022-38686

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

6.4CVSS5.3AI score0.00089EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 6:15 p.m.•47 views

CVE-2023-0659

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

7.5CVSS5.8AI score0.00723EPSS
Exploits0References2
NVD
NVD
•added 2023/02/03 6:15 p.m.•47 views

CVE-2021-37373

Cross Site Scripting XSS vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware...

5.4CVSS5.4AI score0.00566EPSS
Exploits1References1
NVD
NVD
•added 2023/02/01 6:15 p.m.•47 views

CVE-2023-22839

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests...

7.5CVSS7.5AI score0.00626EPSS
Exploits0References1
NVD
NVD
•added 2023/01/30 9:15 p.m.•47 views

CVE-2022-4680

The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS7.1AI score0.01046EPSS
Exploits2References1
NVD
NVD
•added 2023/01/26 9:18 p.m.•47 views

CVE-2023-22736

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

8.5CVSS8.2AI score0.0078EPSS
Exploits0References1
NVD
NVD
•added 2023/01/18 10:15 p.m.•47 views

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

8.8CVSS9.1AI score0.0187EPSS
Exploits2References3
NVD
NVD
•added 2023/01/18 9:15 p.m.•47 views

CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

8.8CVSS8.7AI score0.00544EPSS
Exploits0References1
NVD
NVD
•added 2022/12/26 8:15 a.m.•47 views

CVE-2022-4742

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

9.8CVSS0.01005EPSS
Exploits0References4
NVD
NVD
•added 2022/12/20 12:15 a.m.•47 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.5CVSS0.00604EPSS
Exploits0References2
NVD
NVD
•added 2022/12/13 10:15 p.m.•47 views

CVE-2022-41653

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...

9.8CVSS0.00697EPSS
Exploits0References1
NVD
NVD
•added 2022/12/06 3:15 p.m.•47 views

CVE-2020-6627

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...

9.8CVSS0.12453EPSS
Exploits4References4
NVD
NVD
•added 2022/11/17 10:15 p.m.•47 views

CVE-2022-39389

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

8.2CVSS0.00999EPSS
Exploits1References4
NVD
NVD
•added 2022/10/19 4:15 p.m.•47 views

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.3CVSS0.00666EPSS
Exploits0References2
NVD
NVD
•added 2022/10/13 10:15 p.m.•47 views

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

8.1CVSS0.00598EPSS
Exploits0References2
NVD
NVD
•added 2022/09/29 3:15 p.m.•47 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS0.00555EPSS
Exploits0References2
NVD
NVD
•added 2022/09/28 8:15 p.m.•47 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.0072EPSS
Exploits0References4
NVD
NVD
•added 2022/09/23 7:15 a.m.•47 views

CVE-2022-39225

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign th...

4.3CVSS0.00408EPSS
Exploits0References1
NVD
NVD
•added 2022/09/13 5:15 p.m.•47 views

CVE-2022-36020

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...

6.1CVSS0.00633EPSS
Exploits0References4
NVD
NVD
•added 2022/09/05 12:15 a.m.•47 views

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...

6.5CVSS0.01167EPSS
Exploits1References1
NVD
NVD
•added 2022/08/27 9:15 a.m.•47 views

CVE-2022-3013

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated...

9.8CVSS0.00466EPSS
Exploits0References1
NVD
NVD
•added 2022/08/16 9:15 p.m.•47 views

CVE-2020-10728

A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerabilit...

7.8CVSS0.00209EPSS
Exploits0References1
NVD
NVD
•added 2022/08/12 9:15 p.m.•47 views

CVE-2022-35943

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

8.8CVSS0.00474EPSS
Exploits1References4
NVD
NVD
•added 2022/08/10 8:15 p.m.•47 views

CVE-2022-31675

VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges...

7.5CVSS0.00718EPSS
Exploits1References1
NVD
NVD
•added 2022/08/09 8:15 p.m.•47 views

CVE-2022-33640

System Center Operations Manager: Open Management Infrastructure OMI Elevation of Privilege Vulnerability...

7.8CVSS0.00551EPSS
Exploits0References1
NVD
NVD
•added 2022/08/05 4:15 p.m.•47 views

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

6.1CVSS0.00334EPSS
Exploits0References2
NVD
NVD
•added 2022/08/01 10:15 p.m.•47 views

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

7.5CVSS0.01483EPSS
Exploits0References4
NVD
NVD
•added 2022/08/01 9:15 p.m.•47 views

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS0.00611EPSS
Exploits0References3
NVD
NVD
•added 2022/08/01 5:15 p.m.•47 views

CVE-2022-31109

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS0.00615EPSS
Exploits0References3
NVD
NVD
•added 2022/07/26 10:15 p.m.•47 views

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

9.8CVSS0.00325EPSS
Exploits0References3
NVD
NVD
•added 2022/07/22 4:15 a.m.•47 views

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS0.00413EPSS
Exploits0References2
NVD
NVD
•added 2022/07/22 4:15 a.m.•47 views

CVE-2022-31162

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

7.5CVSS0.00739EPSS
Exploits0References2
NVD
NVD
•added 2022/06/30 10:15 p.m.•47 views

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

8.8CVSS0.01501EPSS
Exploits1References3
NVD
NVD
•added 2022/06/24 3:15 p.m.•47 views

CVE-2022-1746

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

7.6CVSS0.00287EPSS
Exploits0References1
NVD
NVD
•added 2022/06/23 5:15 p.m.•47 views

CVE-2022-34298

The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."...

5.3CVSS0.03074EPSS
Exploits1References3
NVD
NVD
•added 2022/06/21 1:15 p.m.•47 views

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

9.8CVSS0.01166EPSS
Exploits0References2
NVD
NVD
•added 2022/06/14 10:15 a.m.•47 views

CVE-2022-22057

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

8.4CVSS0.00401EPSS
Exploits1References2
NVD
NVD
•added 2022/06/12 12:15 p.m.•47 views

CVE-2021-41750

A cross-site scripting XSS vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName...

6.1CVSS0.01029EPSS
Exploits0References3
Total number of security vulnerabilities5000