Lucene search
K
NvdMost viewed

364447 matches found

NVD
NVD
added 2022/03/01 11:15 p.m.47 views

CVE-2022-24720

imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...

10CVSS0.02595EPSS
Exploits1References3
NVD
NVD
added 2022/02/24 3:15 p.m.47 views

CVE-2022-25080

TOTOLink A830R V5.9c.4729B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS0.0322EPSS
Exploits1References1
NVD
NVD
added 2022/02/20 7:15 p.m.47 views

CVE-2022-23054

Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Summary Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...

6.1CVSS0.00606EPSS
Exploits0References1
NVD
NVD
added 2022/02/08 11:15 p.m.47 views

CVE-2021-45329

Cross Site Scripting XSS vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field...

6.1CVSS0.00777EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 11:15 p.m.47 views

CVE-2022-23589

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS0.01097EPSS
Exploits1References5
NVD
NVD
added 2022/01/19 11:15 a.m.47 views

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

9.3CVSS0.01016EPSS
Exploits0References1
NVD
NVD
added 2022/01/03 10:15 p.m.47 views

CVE-2021-39975

Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks...

7.5CVSS0.00655EPSS
Exploits0References1
NVD
NVD
added 2021/12/06 4:15 p.m.47 views

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...

6.1CVSS0.00795EPSS
Exploits2References1
NVD
NVD
added 2021/11/30 7:15 p.m.47 views

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS0.01019EPSS
Exploits0References1
NVD
NVD
added 2021/11/23 12:15 a.m.47 views

CVE-2021-40828

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS0.00398EPSS
Exploits0References5
NVD
NVD
added 2021/11/19 7:15 p.m.47 views

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS0.00831EPSS
Exploits0References2
NVD
NVD
added 2021/11/08 4:15 a.m.47 views

CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

7.5CVSS0.51653EPSS
Exploits5References2
NVD
NVD
added 2021/11/05 11:15 p.m.47 views

CVE-2021-41216

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

7.8CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2021/11/05 1:15 p.m.47 views

CVE-2021-42664

A Stored Cross Site Scripting XSS Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the 1 Quiz title and 2 quiz description parameters to addquiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which c...

5.4CVSS0.01647EPSS
Exploits6References4
NVD
NVD
added 2021/11/04 8:15 p.m.47 views

CVE-2021-41249

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

7.1CVSS0.01182EPSS
Exploits0References3
NVD
NVD
added 2021/08/12 6:15 p.m.47 views

CVE-2021-36949

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability...

7.1CVSS0.01204EPSS
Exploits1References1
NVD
NVD
added 2021/08/02 5:15 p.m.47 views

CVE-2021-22388

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed...

9.8CVSS0.00787EPSS
Exploits0References1
NVD
NVD
added 2021/07/21 3:15 p.m.47 views

CVE-2021-22707

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS0.64612EPSS
Exploits2References1
NVD
NVD
added 2021/07/02 7:15 p.m.47 views

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS0.00514EPSS
Exploits0References2
NVD
NVD
added 2021/06/29 3:15 p.m.47 views

CVE-2021-31513

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS0.01811EPSS
Exploits0References3
NVD
NVD
added 2021/06/28 3:15 p.m.47 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS0.01437EPSS
Exploits1References3
NVD
NVD
added 2021/06/12 4:15 a.m.47 views

CVE-2021-32551

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2021/06/09 12:15 p.m.47 views

CVE-2021-34369

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application,...

6.5CVSS0.08236EPSS
Exploits4References2
NVD
NVD
added 2021/06/09 12:15 p.m.47 views

CVE-2021-34370

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

6.1CVSS0.09996EPSS
Exploits4References2
NVD
NVD
added 2021/06/08 6:15 p.m.47 views

CVE-2020-26138

In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...

5.3CVSS0.01341EPSS
Exploits1References4
NVD
NVD
added 2021/05/28 9:15 p.m.47 views

CVE-2021-29492

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...

8.3CVSS0.68383EPSS
Exploits0References1
NVD
NVD
added 2021/05/24 6:15 p.m.47 views

CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device participating in the provisioning protocol to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could...

8.8CVSS0.00852EPSS
Exploits0References3
NVD
NVD
added 2021/05/12 11:15 a.m.47 views

CVE-2020-35198

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption...

9.8CVSS0.0244EPSS
Exploits0References3
NVD
NVD
added 2021/05/07 9:15 p.m.47 views

CVE-2021-31457

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.02778EPSS
Exploits0References2
NVD
NVD
added 2021/05/05 7:15 p.m.47 views

CVE-2021-24274

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.17638EPSS
Exploits5References2
NVD
NVD
added 2021/04/19 7:15 p.m.47 views

CVE-2021-29434

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

6.1CVSS0.00626EPSS
Exploits0References2
NVD
NVD
added 2021/04/12 2:15 p.m.47 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS0.0082EPSS
Exploits1References2
NVD
NVD
added 2021/03/23 2:15 a.m.47 views

CVE-2021-21355

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

8.6CVSS0.01631EPSS
Exploits0References3
NVD
NVD
added 2021/02/09 6:15 p.m.47 views

CVE-2020-35572

Adminer through 4.7.8 allows XSS via the history parameter to the default URI...

6.1CVSS0.02003EPSS
Exploits1References2
NVD
NVD
added 2021/02/08 10:15 p.m.47 views

CVE-2021-26913

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet...

9.3CVSS0.13276EPSS
Exploits2References3
NVD
NVD
added 2021/02/04 7:15 a.m.47 views

CVE-2020-6088

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS0.03454EPSS
Exploits1References1
NVD
NVD
added 2020/12/31 9:15 a.m.47 views

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

5.5CVSS5.5AI score0.00374EPSS
Exploits1References1
NVD
NVD
added 2020/12/24 9:15 p.m.47 views

CVE-2020-26282

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was...

10CVSS9.9AI score0.04629EPSS
Exploits1References4
NVD
NVD
added 2020/12/16 8:15 a.m.47 views

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.8CVSS9.9AI score0.8533EPSS
Exploits5References2
NVD
NVD
added 2020/12/11 7:15 p.m.47 views

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.2AI score0.01028EPSS
Exploits0References1
NVD
NVD
added 2020/12/09 5:15 p.m.47 views

CVE-2020-26261

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...

7.9CVSS7.7AI score0.00471EPSS
Exploits0References4
NVD
NVD
added 2020/11/17 2:15 a.m.47 views

CVE-2020-14389

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have...

8.1CVSS7.9AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2020/11/12 6:15 p.m.47 views

CVE-2020-0588

Improper conditions check in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS6.7AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2020/11/06 7:15 p.m.47 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root...

9CVSS9AI score0.63267EPSS
Exploits10References5
NVD
NVD
added 2020/09/02 5:15 p.m.47 views

CVE-2020-14209

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control e.g., to let .noexe files be executed as PHP co...

8.8CVSS9AI score0.27482EPSS
Exploits4References3
NVD
NVD
added 2020/07/01 4:15 p.m.47 views

CVE-2020-12497

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

7.8CVSS0.14668EPSS
Exploits0References3
NVD
NVD
added 2020/06/23 8:15 p.m.47 views

CVE-2020-14974

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...

7.1CVSS0.00897EPSS
Exploits1References2
NVD
NVD
added 2020/06/04 8:15 p.m.47 views

CVE-2020-12847

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is...

7.2CVSS6.9AI score0.01684EPSS
Exploits1References3
NVD
NVD
added 2020/04/15 2:15 p.m.47 views

CVE-2019-19500

Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software...

5.4CVSS5.3AI score0.00772EPSS
Exploits3References2
NVD
NVD
added 2020/03/19 11:15 p.m.47 views

CVE-2019-16068

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

8.8CVSS8.3AI score0.00947EPSS
Exploits5References1
Total number of security vulnerabilities5000