Lucene search
K
NvdMost viewed

364584 matches found

NVD
NVD
added 2024/09/07 9:15 a.m.47 views

CVE-2024-6849

The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00286EPSS
Exploits0References3
NVD
NVD
added 2024/09/03 8:15 p.m.47 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS0.00329EPSS
Exploits0References6
NVD
NVD
added 2024/08/23 9:15 p.m.47 views

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS0.00769EPSS
Exploits2References2
NVD
NVD
added 2024/08/21 1:15 a.m.47 views

CVE-2024-43878

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix input error path memory access When there is a misconfiguration of input state slow path KASAN report error. Fix this error. west login: 52.987278 eth1: renamed from veth11 53.078814 eth1: renamed from veth21 53.181355...

7.1CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 3:15 p.m.47 views

CVE-2024-43406

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...

8.8CVSS0.00894EPSS
Exploits1References2
NVD
NVD
added 2024/08/15 7:15 p.m.47 views

CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

10CVSS0.01283EPSS
Exploits1References11
NVD
NVD
added 2024/08/15 3:15 p.m.47 views

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

9.3CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.47 views

CVE-2024-38131

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability...

8.8CVSS0.01237EPSS
Exploits0References1
NVD
NVD
added 2024/08/07 11:15 a.m.47 views

CVE-2024-6522

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mecfesform' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitra...

9.6CVSS0.00405EPSS
Exploits0References4
NVD
NVD
added 2024/08/05 3:16 a.m.47 views

CVE-2024-7467

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpnconfigmod of the file /vpn/listipnetwork.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

9.8CVSS0.23402EPSS
Exploits1References4
NVD
NVD
added 2024/08/02 10:16 a.m.47 views

CVE-2024-40719

The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it...

6.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2024/07/30 3:15 p.m.47 views

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to /admin/index/statistics with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the...

6.5CVSS0.00483EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 8:15 p.m.47 views

CVE-2024-41112

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

9.8CVSS0.01395EPSS
Exploits1References4
NVD
NVD
added 2024/07/25 8:15 p.m.47 views

CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

7.3CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2024/07/22 3:15 p.m.47 views

CVE-2024-41131

ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9...

7.5CVSS0.00669EPSS
Exploits0References5
NVD
NVD
added 2024/07/21 10:15 p.m.47 views

CVE-2024-37459

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PayPlus LTD PayPlus Payment Gateway allows Reflected XSS.This issue affects PayPlus Payment Gateway: from n/a through 6.6.8...

7.1CVSS0.00327EPSS
Exploits0References1
NVD
NVD
added 2024/07/10 7:15 a.m.47 views

CVE-2024-36451

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered,...

8.8CVSS0.00569EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 9:15 a.m.47 views

CVE-2024-5810

The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for...

5.3CVSS0.00444EPSS
Exploits0References6
NVD
NVD
added 2024/07/08 4:15 p.m.47 views

CVE-2024-39699

Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security...

5CVSS0.00435EPSS
Exploits1References2
NVD
NVD
added 2024/07/05 8:15 p.m.47 views

CVE-2024-5753

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

7.5CVSS0.00604EPSS
Exploits0References1
NVD
NVD
added 2024/07/03 7:15 p.m.47 views

CVE-2024-36113

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

6.5CVSS0.00418EPSS
Exploits0References3
NVD
NVD
added 2024/07/02 6:15 p.m.47 views

CVE-2024-39891

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...

5.3CVSS0.01477EPSS
Exploits0References5
NVD
NVD
added 2024/07/01 10:15 p.m.47 views

CVE-2024-23737

Cross Site Request Forgery CSRF vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email...

5.4CVSS0.00109EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 7:15 p.m.47 views

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

10CVSS0.00686EPSS
Exploits0References2
NVD
NVD
added 2024/06/28 10:15 p.m.47 views

CVE-2024-38532

The NXP Data Co-Processor DCP is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcptool reference implementation included in the repository selected the test key, regardless of its -t argument. This...

7.1CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2024/06/28 7:15 p.m.47 views

CVE-2022-27540

A potential Time-of-Check to Time-of Use TOCTOU vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...

7.8CVSS0.00118EPSS
Exploits0References1
NVD
NVD
added 2024/06/27 10:15 p.m.47 views

CVE-2024-39705

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...

9.8CVSS0.01346EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 9:15 p.m.47 views

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

4.9CVSS0.00369EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 8:15 p.m.47 views

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS0.90067EPSS
Exploits5References3
NVD
NVD
added 2024/06/24 9:15 a.m.47 views

CVE-2024-36495

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

7.7CVSS0.0031EPSS
Exploits1References3
NVD
NVD
added 2024/06/21 1:15 p.m.47 views

CVE-2024-35771

Cross-Site Request Forgery CSRF vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21...

8.8CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 2024/06/15 9:15 a.m.47 views

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized...

9.9CVSS0.02778EPSS
Exploits1References4
NVD
NVD
added 2024/06/13 8:16 a.m.47 views

CVE-2024-36230

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires us...

5.4CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 5:16 p.m.47 views

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability...

7.8CVSS0.25222EPSS
Exploits7References2
NVD
NVD
added 2024/06/11 4:15 p.m.47 views

CVE-2024-34753

Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73...

5.3CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 3:16 p.m.47 views

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

4.4CVSS0.03469EPSS
Exploits1References1
NVD
NVD
added 2024/06/11 3:16 p.m.47 views

CVE-2024-23110

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands...

7.8CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2024/06/07 3:15 p.m.47 views

CVE-2024-37162

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine...

5.3CVSS0.00292EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 7:16 p.m.47 views

CVE-2024-3322

A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...

9.8CVSS0.00726EPSS
Exploits1References2
NVD
NVD
added 2024/06/04 8:15 p.m.47 views

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

6.1CVSS6AI score0.00434EPSS
Exploits0References2
NVD
NVD
added 2024/05/08 2:15 p.m.47 views

CVE-2024-32886

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the vtgate will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7...

4.9CVSS5AI score0.00751EPSS
Exploits0References7
NVD
NVD
added 2024/05/03 2:15 a.m.47 views

CVE-2023-35736

D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00855EPSS
Exploits0References2
NVD
NVD
added 2024/04/29 5:15 p.m.47 views

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...

7.6CVSS7.4AI score0.59867EPSS
Exploits4References2
NVD
NVD
added 2024/04/29 4:15 a.m.47 views

CVE-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

9.4CVSS8.9AI score0.32568EPSS
Exploits2References10
NVD
NVD
added 2024/04/25 5:15 p.m.47 views

CVE-2024-28240

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.8CVSS7.3AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2024/04/16 8:15 p.m.47 views

CVE-2024-30378

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon bbe-smgd to crash upon execution of specific CLI commands, creating a Denial of Service DoS condition. The...

6.9CVSS5.8AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2024/04/15 8:15 p.m.47 views

CVE-2024-32035

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

6.5CVSS5.2AI score0.00629EPSS
Exploits0References5
NVD
NVD
added 2024/04/05 5:15 a.m.47 views

CVE-2024-2509

The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

6.5CVSS5.5AI score0.00427EPSS
Exploits3References2
NVD
NVD
added 2024/03/21 2:52 a.m.47 views

CVE-2024-27926

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References2
NVD
NVD
added 2024/02/26 4:27 p.m.47 views

CVE-2024-25913

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2...

10CVSS9.6AI score0.0063EPSS
Exploits0References1
Total number of security vulnerabilities5000