Lucene search
K
NvdMost viewed

364447 matches found

NVD
NVD
added 2023/10/30 7:15 p.m.47 views

CVE-2023-41891

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

8.8CVSS5.6AI score0.00929EPSS
Exploits0References3
NVD
NVD
added 2023/10/27 11:15 a.m.47 views

CVE-2023-5817

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontextbox shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes color. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00524EPSS
Exploits4References4
NVD
NVD
added 2023/10/26 3:15 p.m.47 views

CVE-2023-5784

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit ha...

9.8CVSS6.8AI score0.00671EPSS
Exploits1References3
NVD
NVD
added 2023/10/18 10:15 p.m.47 views

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

7.1CVSS6.4AI score0.00326EPSS
Exploits0References3
NVD
NVD
added 2023/10/18 9:15 p.m.47 views

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

7.8CVSS7.2AI score0.00354EPSS
Exploits0References3
NVD
NVD
added 2023/10/10 2:15 p.m.47 views

CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

9.4CVSS9.5AI score0.99999EPSS
Exploits15References3
NVD
NVD
added 2023/10/06 7:15 p.m.47 views

CVE-2023-45282

In NASA Open MCT aka openmct before 3.1.0, prototype pollution can occur via an import action...

7.5CVSS7.5AI score0.00941EPSS
Exploits0References4
NVD
NVD
added 2023/09/15 2:15 p.m.47 views

CVE-2022-3466

The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10....

5.3CVSS5.6AI score0.00212EPSS
Exploits0References3
NVD
NVD
added 2023/09/12 5:15 p.m.47 views

CVE-2023-36736

Microsoft Identity Linux Broker Remote Code Execution Vulnerability...

4.4CVSS5AI score0.01693EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 8:15 p.m.47 views

CVE-2023-41336

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2...

6.5CVSS6.4AI score0.00523EPSS
Exploits0References4
NVD
NVD
added 2023/09/06 6:15 p.m.47 views

CVE-2023-41330

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

9.8CVSS9.8AI score0.01877EPSS
Exploits1References3
NVD
NVD
added 2023/09/05 4:15 p.m.47 views

CVE-2023-4778

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV...

5.9CVSS5.5AI score0.00253EPSS
Exploits1References2
NVD
NVD
added 2023/09/04 10:15 a.m.47 views

CVE-2023-39164

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin = 4.6.19 versions...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2023/08/28 10:15 p.m.47 views

CVE-2023-40827

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...

7.5CVSS7.7AI score0.01492EPSS
Exploits1References3
NVD
NVD
added 2023/08/24 11:15 p.m.47 views

CVE-2023-4508

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

5.5CVSS5.6AI score0.00308EPSS
Exploits1References3
NVD
NVD
added 2023/08/23 2:15 a.m.47 views

CVE-2023-4404

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'updatecoreuser' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the...

9.8CVSS9.6AI score0.00765EPSS
Exploits1References2
NVD
NVD
added 2023/08/09 12:15 p.m.47 views

CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

7.2CVSS7AI score0.12342EPSS
Exploits3References3
NVD
NVD
added 2023/08/07 9:15 p.m.47 views

CVE-2023-39529

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds...

9.1CVSS7.1AI score0.00596EPSS
Exploits0References2
NVD
NVD
added 2023/07/27 2:15 p.m.47 views

CVE-2023-38512

Cross-Site Request Forgery CSRF vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through = 4.5.4...

8.8CVSS6.5AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2023/07/18 12:15 p.m.47 views

CVE-2023-25475

Cross-Site Request Forgery CSRF vulnerability in Vladimir Prelovac Smart YouTube PRO plugin = 4.3 versions...

8.8CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2023/07/14 10:15 p.m.47 views

CVE-2023-34236

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

8.5CVSS0.00706EPSS
Exploits1References7
NVD
NVD
added 2023/07/11 3:15 p.m.47 views

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

9.8CVSS9.6AI score0.01406EPSS
Exploits1References1
NVD
NVD
added 2023/07/11 10:15 a.m.47 views

CVE-2023-37391

Cross-Site Request Forgery CSRF vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin = 3.4.1 versions...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References1
NVD
NVD
added 2023/07/05 4:15 p.m.47 views

CVE-2023-31194

An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...

7.8CVSS5.8AI score0.00445EPSS
Exploits1References2
NVD
NVD
added 2023/06/23 10:15 p.m.47 views

CVE-2023-35932

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lea...

8.8CVSS8AI score0.01841EPSS
Exploits0References2
NVD
NVD
added 2023/06/20 3:15 p.m.47 views

CVE-2020-20726

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...

8.8CVSS8.9AI score0.00665EPSS
Exploits1References1
NVD
NVD
added 2023/06/19 11:15 a.m.47 views

CVE-2023-2401

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00442EPSS
Exploits2References1
NVD
NVD
added 2023/06/12 4:15 p.m.47 views

CVE-2023-34212

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

6.5CVSS6.4AI score0.02351EPSS
Exploits1References3
NVD
NVD
added 2023/06/07 8:15 p.m.47 views

CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

9.8CVSS9.9AI score0.01731EPSS
Exploits0References5
NVD
NVD
added 2023/06/07 2:15 p.m.47 views

CVE-2022-31693

VMware Tools for Windows 12.x.y prior to 12.1.5, 11.x.y and 10.x.y contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a...

5.5CVSS5.6AI score0.00233EPSS
Exploits0References3
NVD
NVD
added 2023/06/03 5:15 a.m.47 views

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.5CVSS6AI score0.00419EPSS
Exploits2References5
NVD
NVD
added 2023/06/01 5:15 p.m.47 views

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

6.1CVSS5.2AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2023/05/30 8:15 a.m.47 views

CVE-2023-0329

The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role...

7.2CVSS7.2AI score0.19695EPSS
Exploits7References2
NVD
NVD
added 2023/05/24 3:15 p.m.47 views

CVE-2023-31748

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file...

7.8CVSS7.6AI score0.00828EPSS
Exploits4References1
NVD
NVD
added 2023/05/23 1:15 a.m.47 views

CVE-2023-31664

A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...

6.1CVSS5.9AI score0.012EPSS
Exploits1References3
NVD
NVD
added 2023/05/17 8:15 a.m.47 views

CVE-2023-2753

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta...

7.2CVSS5.8AI score0.00552EPSS
Exploits0References2
NVD
NVD
added 2023/05/12 7:15 a.m.47 views

CVE-2023-2668

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function managercategory of the file admin/?page=categories/managecategory of the component GET Parameter Handler. The manipulation of the argument id leads ...

9.8CVSS7.3AI score0.00819EPSS
Exploits1References3
NVD
NVD
added 2023/05/10 6:15 p.m.47 views

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

9CVSS8.4AI score0.00652EPSS
Exploits0References3
NVD
NVD
added 2023/04/28 7:15 p.m.47 views

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

6.1CVSS6AI score0.00535EPSS
Exploits1References2
NVD
NVD
added 2023/04/26 4:15 p.m.47 views

CVE-2023-30211

OURPHP = 7.2.0 is vulnerable to SQL Injection...

9.8CVSS9.7AI score0.00953EPSS
Exploits1References1
NVD
NVD
added 2023/04/24 9:15 p.m.47 views

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

6.7CVSS6.6AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 9:15 p.m.47 views

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

4.3CVSS4.4AI score0.00882EPSS
Exploits1References3
NVD
NVD
added 2023/04/16 2:15 a.m.47 views

CVE-2022-40946

On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the systoken parameter in a cgi-bin/webproc?getpage=html/index.html request...

7.5CVSS7.4AI score0.07974EPSS
Exploits5References3
NVD
NVD
added 2023/03/29 7:15 p.m.47 views

CVE-2022-36970

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

7.8CVSS7.8AI score0.00647EPSS
Exploits0References2
NVD
NVD
added 2023/03/28 9:15 p.m.47 views

CVE-2023-28637

DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerabili...

8.8CVSS8.3AI score0.0132EPSS
Exploits1References1
NVD
NVD
added 2023/03/27 9:15 p.m.47 views

CVE-2023-28640

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.4AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2023/03/24 8:15 p.m.47 views

CVE-2021-3684

A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the...

5.5CVSS5.4AI score0.00249EPSS
Exploits0References3
NVD
NVD
added 2023/03/20 3:15 p.m.47 views

CVE-2023-28429

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

6.1CVSS6.3AI score0.00544EPSS
Exploits0References3
NVD
NVD
added 2023/03/17 8:15 p.m.47 views

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS5.2AI score0.00552EPSS
Exploits0References4
NVD
NVD
added 2023/03/10 9:15 p.m.47 views

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References1
Total number of security vulnerabilities5000