Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2025/04/27 5:15 p.m.46 views

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

5.3CVSS0.00307EPSS
Exploits0References4
NVD
NVD
added 2025/04/24 2:15 p.m.46 views

CVE-2025-43855

tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...

8.7CVSS0.00349EPSS
Exploits0References2
NVD
NVD
added 2025/04/22 4:15 p.m.46 views

CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

9.8CVSS0.00625EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 8:15 p.m.46 views

CVE-2025-32438

make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled the default a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 a...

8.8CVSS0.00162EPSS
Exploits0References3
NVD
NVD
added 2025/04/14 4:15 p.m.46 views

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...

9.1CVSS0.00499EPSS
Exploits0References3
NVD
NVD
added 2025/04/09 8:15 p.m.46 views

CVE-2025-21594

An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe packet forwarding engine of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service DoS. In a DS-Lite Dual-Stack Lite and NAT Network Address Translation scenario...

8.7CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/03/10 2:15 p.m.46 views

CVE-2025-1497

A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...

9.8CVSS0.00952EPSS
Exploits0References4
NVD
NVD
added 2025/02/28 9:15 p.m.46 views

CVE-2025-27414

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

8.2CVSS0.00512EPSS
Exploits0References3
NVD
NVD
added 2025/02/25 10:15 a.m.46 views

CVE-2024-13695

The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachmentid' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 2025/02/21 12:15 p.m.46 views

CVE-2024-13900

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments...

7.2CVSS0.00383EPSS
Exploits0References2
NVD
NVD
added 2025/02/18 11:15 a.m.46 views

CVE-2024-13797

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS0.00502EPSS
Exploits0References2
NVD
NVD
added 2025/02/07 4:15 p.m.46 views

CVE-2024-52881

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...

7.5CVSS0.00345EPSS
Exploits0References2
NVD
NVD
added 2025/02/06 7:15 p.m.46 views

CVE-2024-57668

In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability...

8.8CVSS0.00672EPSS
Exploits1References2
NVD
NVD
added 2025/02/03 4:15 a.m.46 views

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

4.4CVSS0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/01/31 12:15 a.m.46 views

CVE-2025-24336

SXF Common Library handles input data improperly. If a product using the library reads a crafted file, the product may be crashed...

3.3CVSS0.00153EPSS
Exploits0References2
NVD
NVD
added 2025/01/23 10:15 a.m.46 views

CVE-2024-13593

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

8.8CVSS0.00705EPSS
Exploits0References3
NVD
NVD
added 2025/01/11 1:15 p.m.46 views

CVE-2024-53689

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 2025/01/03 5:15 p.m.46 views

CVE-2024-56514

Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resourc...

5.3CVSS0.00708EPSS
Exploits0References5
NVD
NVD
added 2025/01/02 12:15 p.m.46 views

CVE-2024-56249

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through = 1.13.1...

9.1CVSS0.01239EPSS
Exploits1References1
NVD
NVD
added 2024/12/17 6:15 p.m.46 views

CVE-2024-49816

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user...

4.9CVSS0.00346EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 2:4 a.m.46 views

CVE-2024-49112

Windows Lightweight Directory Access Protocol LDAP Remote Code Execution Vulnerability...

9.8CVSS0.70906EPSS
Exploits3References1
NVD
NVD
added 2024/12/09 1:15 p.m.46 views

CVE-2023-47826

Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3...

9.8CVSS0.00475EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 3:15 p.m.46 views

CVE-2024-53127

In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" increased the maxreqsize, even for 4K pages, causing various issues: - Panic...

5.5CVSS0.00223EPSS
Exploits0References10
NVD
NVD
added 2024/12/03 4:15 p.m.46 views

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

8.1CVSS0.00508EPSS
Exploits1References2
NVD
NVD
added 2024/11/21 11:15 a.m.46 views

CVE-2024-30896

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...

9.1CVSS0.05165EPSS
Exploits3References3
NVD
NVD
added 2024/11/13 2:15 a.m.46 views

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.00491EPSS
Exploits0References5
NVD
NVD
added 2024/10/30 2:15 p.m.46 views

CVE-2024-23309

The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token...

9CVSS0.00914EPSS
Exploits1References2
NVD
NVD
added 2024/10/29 12:15 p.m.46 views

CVE-2024-49665

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks Addons for Elementor: from n/a through 1.1.1...

6.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2024/10/16 1:15 p.m.46 views

CVE-2024-48042

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through = 1.7.28...

9.1CVSS0.01126EPSS
Exploits0References1
NVD
NVD
added 2024/10/08 6:15 p.m.46 views

CVE-2024-43609

Microsoft Office Spoofing Vulnerability...

6.5CVSS0.02035EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 6:15 p.m.46 views

CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

9.8CVSS0.54143EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 8:15 p.m.46 views

CVE-2024-8504

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective...

8.8CVSS0.75384EPSS
Exploits7References3
NVD
NVD
added 2024/09/10 5:15 p.m.46 views

CVE-2024-38226

Microsoft Publisher Security Feature Bypass Vulnerability...

7.3CVSS0.02667EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 5:15 p.m.46 views

CVE-2024-37335

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability...

8.8CVSS0.01623EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 4:15 p.m.46 views

CVE-2024-45595

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...

9.8CVSS0.00741EPSS
Exploits0References3
NVD
NVD
added 2024/09/10 4:15 p.m.46 views

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS0.03417EPSS
Exploits1References4
NVD
NVD
added 2024/09/10 3:15 p.m.46 views

CVE-2024-31489

AAn improper certificate validation vulnerability CWE-295 in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a...

8.1CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2024/09/06 1:15 a.m.46 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS0.00545EPSS
Exploits0References3
NVD
NVD
added 2024/09/03 8:15 p.m.46 views

CVE-2024-41434

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component Column.GetDecimal. This allows attackers to cause a Denial of Service DoS via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the retu...

4.3CVSS0.00414EPSS
Exploits1References2
NVD
NVD
added 2024/09/02 12:15 p.m.46 views

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously...

8.4CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2024/08/27 6:15 p.m.46 views

CVE-2024-43783

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS0.00857EPSS
Exploits1References6
NVD
NVD
added 2024/08/23 9:15 p.m.46 views

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS0.00769EPSS
Exploits2References2
NVD
NVD
added 2024/08/23 9:15 a.m.46 views

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

6.3CVSS0.00123EPSS
Exploits0References2
NVD
NVD
added 2024/08/21 9:15 p.m.46 views

CVE-2024-6386

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with...

9.9CVSS0.25533EPSS
Exploits3References3
NVD
NVD
added 2024/08/21 7:15 a.m.46 views

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

5.5CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 2024/08/19 8:15 p.m.46 views

CVE-2024-42815

In the TP-Link RE365 V1180213, there is a buffer overflow vulnerability due to the lack of length verification for the USERAGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

9.8CVSS0.00807EPSS
Exploits1References2
NVD
NVD
added 2024/08/15 7:15 p.m.46 views

CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

10CVSS0.01283EPSS
Exploits1References11
NVD
NVD
added 2024/08/15 3:15 p.m.46 views

CVE-2024-7263

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 exclusive on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough...

9.3CVSS0.0039EPSS
Exploits0References1
NVD
NVD
added 2024/08/14 3:15 p.m.46 views

CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...

5.7CVSS0.0032EPSS
Exploits0References3
NVD
NVD
added 2024/08/13 6:15 p.m.46 views

CVE-2024-38131

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability...

8.8CVSS0.01237EPSS
Exploits0References1
Total number of security vulnerabilities5000