Lucene search
K
NvdMost viewed

364450 matches found

NVD
NVD
•added 2023/03/17 8:15 p.m.•47 views

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS5.2AI score0.00552EPSS
Exploits0References4
NVD
NVD
•added 2023/03/10 9:15 p.m.•47 views

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References1
NVD
NVD
•added 2023/03/09 9:15 p.m.•47 views

CVE-2023-27484

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...

6.2CVSS6.2AI score0.00678EPSS
Exploits0References1
NVD
NVD
•added 2023/03/07 8:15 a.m.•47 views

CVE-2023-1239

Cross-site Scripting XSS - Reflected in GitHub repository answerdev/answer prior to 1.0.6...

6CVSS5AI score0.00526EPSS
Exploits1References2
NVD
NVD
•added 2023/03/06 10:15 p.m.•47 views

CVE-2023-24217

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability...

8.8CVSS8.6AI score0.0454EPSS
Exploits3References2
NVD
NVD
•added 2023/02/22 7:15 p.m.•47 views

CVE-2023-0963

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The...

9.8CVSS7.9AI score0.0467EPSS
Exploits5References3
NVD
NVD
•added 2023/02/21 7:15 p.m.•47 views

CVE-2022-48282

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

7.2CVSS6.7AI score0.01049EPSS
Exploits0References3
NVD
NVD
•added 2023/02/15 2:15 p.m.•47 views

CVE-2022-32469

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7CVSS8AI score0.00132EPSS
Exploits0References2
NVD
NVD
•added 2023/02/09 7:15 p.m.•47 views

CVE-2023-21451

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S12 allows attacker to cause memory corruptions...

7.8CVSS6.7AI score0.00167EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 6:15 p.m.•47 views

CVE-2023-0659

A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier...

7.5CVSS5.8AI score0.00723EPSS
Exploits0References2
NVD
NVD
•added 2023/02/03 6:15 p.m.•47 views

CVE-2021-37373

Cross Site Scripting XSS vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware...

5.4CVSS5.4AI score0.00566EPSS
Exploits1References1
NVD
NVD
•added 2023/01/18 10:15 p.m.•47 views

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

8.8CVSS9.1AI score0.0187EPSS
Exploits2References3
NVD
NVD
•added 2023/01/18 9:15 p.m.•47 views

CVE-2023-0242

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

8.8CVSS8.7AI score0.00544EPSS
Exploits0References1
NVD
NVD
•added 2022/12/26 8:15 a.m.•47 views

CVE-2022-4742

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

9.8CVSS0.01005EPSS
Exploits0References4
NVD
NVD
•added 2022/12/20 12:15 a.m.•47 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.5CVSS0.00604EPSS
Exploits0References2
NVD
NVD
•added 2022/12/13 10:15 p.m.•47 views

CVE-2022-41653

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...

9.8CVSS0.00697EPSS
Exploits0References1
NVD
NVD
•added 2022/12/06 3:15 p.m.•47 views

CVE-2020-6627

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...

9.8CVSS0.12453EPSS
Exploits4References4
NVD
NVD
•added 2022/11/22 7:15 p.m.•47 views

CVE-2022-41943

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

9CVSS0.00902EPSS
Exploits0References2
NVD
NVD
•added 2022/11/18 9:15 p.m.•47 views

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

7.5CVSS0.0035EPSS
Exploits1References4
NVD
NVD
•added 2022/11/08 10:15 p.m.•47 views

CVE-2022-41259

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...

6.5CVSS0.00716EPSS
Exploits0References2
NVD
NVD
•added 2022/11/07 4:15 a.m.•47 views

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking...

9.8CVSS0.01195EPSS
Exploits1References4
NVD
NVD
•added 2022/10/31 9:15 p.m.•47 views

CVE-2022-3783

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

6.1CVSS0.00598EPSS
Exploits1References3
NVD
NVD
•added 2022/10/19 4:15 p.m.•47 views

CVE-2022-43422

Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

5.3CVSS0.00666EPSS
Exploits0References2
NVD
NVD
•added 2022/10/13 10:15 p.m.•47 views

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

8.1CVSS0.00598EPSS
Exploits0References2
NVD
NVD
•added 2022/10/07 7:15 a.m.•47 views

CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

8.1CVSS0.01197EPSS
Exploits0References2
NVD
NVD
•added 2022/09/29 3:15 p.m.•47 views

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room ke...

8.6CVSS0.00555EPSS
Exploits0References2
NVD
NVD
•added 2022/09/28 8:15 p.m.•47 views

CVE-2022-39248

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker...

8.6CVSS0.00753EPSS
Exploits0References4
NVD
NVD
•added 2022/09/23 7:15 a.m.•47 views

CVE-2022-39225

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign th...

4.3CVSS0.00408EPSS
Exploits0References1
NVD
NVD
•added 2022/09/16 8:15 p.m.•47 views

CVE-2022-35952

TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...

7.5CVSS0.00558EPSS
Exploits0References3
NVD
NVD
•added 2022/09/13 5:15 p.m.•47 views

CVE-2022-36020

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...

6.1CVSS0.00633EPSS
Exploits0References4
NVD
NVD
•added 2022/09/08 6:15 p.m.•47 views

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS0.00687EPSS
Exploits0References3
NVD
NVD
•added 2022/09/06 6:15 p.m.•47 views

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

5.5CVSS0.05291EPSS
Exploits6References5
NVD
NVD
•added 2022/09/05 12:15 a.m.•47 views

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...

6.5CVSS0.01167EPSS
Exploits1References1
NVD
NVD
•added 2022/08/16 9:15 p.m.•47 views

CVE-2020-10728

A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerabilit...

7.8CVSS0.00209EPSS
Exploits0References1
NVD
NVD
•added 2022/08/12 9:15 p.m.•47 views

CVE-2022-35943

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

8.8CVSS0.00474EPSS
Exploits1References4
NVD
NVD
•added 2022/08/10 8:15 p.m.•47 views

CVE-2022-31675

VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges...

7.5CVSS0.00718EPSS
Exploits1References1
NVD
NVD
•added 2022/08/09 8:15 p.m.•47 views

CVE-2022-33640

System Center Operations Manager: Open Management Infrastructure OMI Elevation of Privilege Vulnerability...

7.8CVSS0.00551EPSS
Exploits0References1
NVD
NVD
•added 2022/08/05 4:15 p.m.•47 views

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...

6.1CVSS0.00334EPSS
Exploits0References2
NVD
NVD
•added 2022/08/01 10:15 p.m.•47 views

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

7.5CVSS0.01483EPSS
Exploits0References4
NVD
NVD
•added 2022/08/01 9:15 p.m.•47 views

CVE-2022-31192

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS0.00611EPSS
Exploits0References3
NVD
NVD
•added 2022/08/01 5:15 p.m.•47 views

CVE-2022-31109

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS0.00615EPSS
Exploits0References3
NVD
NVD
•added 2022/07/26 10:15 p.m.•47 views

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

9.8CVSS0.00325EPSS
Exploits0References3
NVD
NVD
•added 2022/07/22 4:15 a.m.•47 views

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

7.5CVSS0.00413EPSS
Exploits0References2
NVD
NVD
•added 2022/07/22 4:15 a.m.•47 views

CVE-2022-31162

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

7.5CVSS0.00739EPSS
Exploits0References2
NVD
NVD
•added 2022/06/30 10:15 p.m.•47 views

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

8.8CVSS0.01501EPSS
Exploits1References3
NVD
NVD
•added 2022/06/24 3:15 p.m.•47 views

CVE-2022-1746

The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and...

7.6CVSS0.00287EPSS
Exploits0References1
NVD
NVD
•added 2022/06/23 5:15 p.m.•47 views

CVE-2022-34298

The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."...

5.3CVSS0.03074EPSS
Exploits1References3
NVD
NVD
•added 2022/06/21 1:15 p.m.•47 views

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

9.8CVSS0.01174EPSS
Exploits0References2
NVD
NVD
•added 2022/06/14 10:15 a.m.•47 views

CVE-2022-22057

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

8.4CVSS0.00401EPSS
Exploits1References2
NVD
NVD
•added 2022/06/13 6:15 p.m.•47 views

CVE-2021-41663

A cross-site scripting XSS vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page...

6.1CVSS0.00732EPSS
Exploits1References2
Total number of security vulnerabilities5000