Lucene search
K
NvdMost viewed

364067 matches found

NVD
NVD
added 2021/04/15 5:15 p.m.47 views

CVE-2021-3243

Wfilter ICF 5.0.117 contains a cross-site scripting XSS vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function...

6.1CVSS0.00725EPSS
Exploits1References1
NVD
NVD
added 2021/04/12 2:15 p.m.47 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS0.0082EPSS
Exploits1References2
NVD
NVD
added 2021/03/23 2:15 a.m.47 views

CVE-2021-21355

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

8.6CVSS0.01631EPSS
Exploits0References3
NVD
NVD
added 2021/02/09 6:15 p.m.47 views

CVE-2020-35572

Adminer through 4.7.8 allows XSS via the history parameter to the default URI...

6.1CVSS0.02003EPSS
Exploits1References2
NVD
NVD
added 2021/02/08 10:15 p.m.47 views

CVE-2021-26913

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet...

9.3CVSS0.13276EPSS
Exploits2References3
NVD
NVD
added 2021/02/04 7:15 a.m.47 views

CVE-2020-6088

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS0.03454EPSS
Exploits1References1
NVD
NVD
added 2020/12/31 9:15 a.m.47 views

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

5.5CVSS5.5AI score0.00374EPSS
Exploits1References1
NVD
NVD
added 2020/12/24 9:15 p.m.47 views

CVE-2020-26282

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was...

10CVSS9.9AI score0.04629EPSS
Exploits1References4
NVD
NVD
added 2020/12/16 8:15 a.m.47 views

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.8CVSS9.9AI score0.8533EPSS
Exploits5References2
NVD
NVD
added 2020/12/11 7:15 p.m.47 views

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.2AI score0.01028EPSS
Exploits0References1
NVD
NVD
added 2020/12/09 5:15 p.m.47 views

CVE-2020-26261

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...

7.9CVSS7.7AI score0.00471EPSS
Exploits0References4
NVD
NVD
added 2020/11/17 2:15 a.m.47 views

CVE-2020-14389

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have...

8.1CVSS7.9AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2020/11/12 6:15 p.m.47 views

CVE-2020-0588

Improper conditions check in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS6.7AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2020/11/06 7:15 p.m.47 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root...

9CVSS9AI score0.63267EPSS
Exploits10References5
NVD
NVD
added 2020/09/30 6:15 p.m.47 views

CVE-2020-25761

Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc...

6.1CVSS0.01825EPSS
Exploits2References4
NVD
NVD
added 2020/09/02 5:15 p.m.47 views

CVE-2020-14209

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control e.g., to let .noexe files be executed as PHP co...

8.8CVSS9AI score0.27482EPSS
Exploits4References3
NVD
NVD
added 2020/07/01 4:15 p.m.47 views

CVE-2020-12497

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

7.8CVSS0.14668EPSS
Exploits0References3
NVD
NVD
added 2020/06/23 8:15 p.m.47 views

CVE-2020-14974

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...

7.1CVSS0.00897EPSS
Exploits1References2
NVD
NVD
added 2020/06/04 8:15 p.m.47 views

CVE-2020-12847

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is...

7.2CVSS6.9AI score0.01684EPSS
Exploits1References3
NVD
NVD
added 2020/03/19 11:15 p.m.47 views

CVE-2019-16068

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

8.8CVSS8.3AI score0.00947EPSS
Exploits5References1
NVD
NVD
added 2020/02/17 4:15 a.m.47 views

CVE-2020-9026

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected...

10CVSS9.9AI score0.03059EPSS
Exploits1References1
NVD
NVD
added 2020/01/30 8:15 p.m.47 views

CVE-2020-5229

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

8.1CVSS7.8AI score0.00626EPSS
Exploits0References2
NVD
NVD
added 2020/01/27 9:15 p.m.47 views

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

5.3CVSS4.7AI score0.00737EPSS
Exploits0References2
NVD
NVD
added 2020/01/23 5:15 p.m.47 views

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS7.4AI score0.0212EPSS
Exploits0References3
NVD
NVD
added 2019/12/11 11:15 p.m.47 views

CVE-2019-18245

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application...

7.8CVSS7.7AI score0.004EPSS
Exploits0References1
NVD
NVD
added 2019/12/05 3:15 a.m.47 views

CVE-2019-19596

GitBook through 2.6.9 allows XSS via a local .md file...

5.4CVSS5.2AI score0.00717EPSS
Exploits1References1
NVD
NVD
added 2019/11/25 3:15 p.m.47 views

CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator b...

6.5CVSS5.3AI score0.00992EPSS
Exploits0References3
NVD
NVD
added 2019/11/22 11:15 p.m.47 views

CVE-2019-11291

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

4.8CVSS4.1AI score0.00796EPSS
Exploits0References2
NVD
NVD
added 2019/11/14 2:15 p.m.47 views

CVE-2019-18895

Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file...

7.8CVSS7.8AI score0.00499EPSS
Exploits5References4
NVD
NVD
added 2019/10/09 4:15 p.m.47 views

CVE-2019-17124

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control...

10CVSS9.6AI score0.2254EPSS
Exploits5References2
NVD
NVD
added 2019/07/29 1:15 p.m.47 views

CVE-2019-1020014

docker-credential-helpers before 0.6.3 has a double free in the List functions...

5.5CVSS5.5AI score0.00406EPSS
Exploits0References5
NVD
NVD
added 2019/07/19 3:15 p.m.47 views

CVE-2019-1167

A security feature bypass vulnerability exists in Windows Defender Application Control WDAC which could allow an attacker to bypass WDAC enforcement, aka 'Windows Defender Application Control Security Feature Bypass Vulnerability'...

4.1CVSS4.3AI score0.011EPSS
Exploits0References1
NVD
NVD
added 2019/04/17 3:29 p.m.47 views

CVE-2019-10949

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files...

5.5CVSS6AI score0.0241EPSS
Exploits0References13
NVD
NVD
added 2018/10/18 6:29 a.m.47 views

CVE-2018-18454

CCITTFaxStream::readRow in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted pdf file, as demonstrated by pdftoppm...

5.5CVSS5.7AI score0.01221EPSS
Exploits0References2
NVD
NVD
added 2018/09/18 2:29 p.m.47 views

CVE-2018-11787

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web...

8.1CVSS8.1AI score0.02573EPSS
Exploits0References3
NVD
NVD
added 2018/08/21 1:29 a.m.47 views

CVE-2018-15599

The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...

5.3CVSS5.7AI score0.02709EPSS
Exploits0References5
NVD
NVD
added 2018/08/20 7:31 p.m.47 views

CVE-2018-1000652

JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This...

10CVSS9.4AI score0.01937EPSS
Exploits0References2
NVD
NVD
added 2018/06/05 8:29 p.m.47 views

CVE-2018-1000183

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

6.5CVSS6.3AI score0.01013EPSS
Exploits0References1
NVD
NVD
added 2018/04/24 3:29 p.m.47 views

CVE-2017-17257

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20,...

7.5CVSS7.4AI score0.01279EPSS
Exploits0References1
NVD
NVD
added 2018/02/09 11:29 p.m.47 views

CVE-2018-1000060

Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redactsensitive that can result in sensitive configuration data e.g. passwords may be logged in clear-text. This attack appear to be exploitabl...

9.8CVSS9.4AI score0.02404EPSS
Exploits0References5
NVD
NVD
added 2018/01/03 6:29 p.m.47 views

CVE-2017-1000483

Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5...

6.5CVSS6.3AI score0.00923EPSS
Exploits0References1
NVD
NVD
added 2014/12/19 3:59 p.m.47 views

CVE-2014-8793

Cross-site scripting XSS vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refreshpage parameter to www/admin/report-generate.php...

4.3CVSS5.6AI score0.02309EPSS
Exploits3References8
NVD
NVD
added 2014/06/02 3:55 p.m.47 views

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

7.6CVSS6.5AI score0.03324EPSS
Exploits0References4
NVD
NVD
added 2014/04/15 11:13 p.m.47 views

CVE-2014-0514

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636...

9.3CVSS8.9AI score0.72189EPSS
Exploits6References9
NVD
NVD
added 2014/04/01 3:24 a.m.47 views

CVE-2013-5640

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...

7.5CVSS8.3AI score0.02387EPSS
Exploits6References4
NVD
NVD
added 2013/11/26 5:25 a.m.47 views

CVE-2013-4522

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...

5CVSS6.1AI score0.01538EPSS
Exploits1References3
NVD
NVD
added 2013/11/18 2:55 a.m.47 views

CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...

7.5CVSS6.5AI score0.02134EPSS
Exploits0References5
NVD
NVD
added 2013/11/05 8:55 p.m.47 views

CVE-2013-4497

The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...

6.4CVSS6.5AI score0.01808EPSS
Exploits0References4
NVD
NVD
added 2013/09/28 3:40 a.m.47 views

CVE-2013-5160

Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference...

3.3CVSS6AI score0.00342EPSS
Exploits1References2
NVD
NVD
added 2013/08/28 11:55 p.m.47 views

CVE-2013-2035

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

4.4CVSS6.9AI score0.00594EPSS
Exploits1References18
Total number of security vulnerabilities5000