Lucene search
K
NvdMost viewed

364799 matches found

NVD
NVD
added 2022/02/04 11:15 p.m.47 views

CVE-2022-23589

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS0.01097EPSS
Exploits1References5
NVD
NVD
added 2022/01/19 11:15 a.m.47 views

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

9.3CVSS0.01016EPSS
Exploits0References1
NVD
NVD
added 2022/01/10 4:15 p.m.47 views

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...

7.2CVSS0.73293EPSS
Exploits6References3
NVD
NVD
added 2022/01/03 10:15 p.m.47 views

CVE-2021-39975

Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause denial of service attacks...

7.5CVSS0.00655EPSS
Exploits0References1
NVD
NVD
added 2021/12/06 4:15 p.m.47 views

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...

6.1CVSS0.00795EPSS
Exploits2References1
NVD
NVD
added 2021/11/30 7:15 p.m.47 views

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS0.01019EPSS
Exploits0References1
NVD
NVD
added 2021/11/23 12:15 a.m.47 views

CVE-2021-40828

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS0.00398EPSS
Exploits0References5
NVD
NVD
added 2021/11/19 7:15 p.m.47 views

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS0.00831EPSS
Exploits0References2
NVD
NVD
added 2021/11/08 4:15 a.m.47 views

CVE-2021-31602

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml...

7.5CVSS0.51653EPSS
Exploits5References2
NVD
NVD
added 2021/11/05 11:15 p.m.47 views

CVE-2021-41216

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

7.8CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2021/11/05 1:15 p.m.47 views

CVE-2021-42664

A Stored Cross Site Scripting XSS Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the 1 Quiz title and 2 quiz description parameters to addquiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which c...

5.4CVSS0.01647EPSS
Exploits6References4
NVD
NVD
added 2021/11/04 8:15 p.m.47 views

CVE-2021-41249

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

7.1CVSS0.01182EPSS
Exploits0References3
NVD
NVD
added 2021/08/12 6:15 p.m.47 views

CVE-2021-36949

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability...

7.1CVSS0.01204EPSS
Exploits1References1
NVD
NVD
added 2021/08/02 5:15 p.m.47 views

CVE-2021-22388

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed...

9.8CVSS0.00787EPSS
Exploits0References1
NVD
NVD
added 2021/07/21 3:15 p.m.47 views

CVE-2021-22707

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS0.64612EPSS
Exploits2References1
NVD
NVD
added 2021/07/02 7:15 p.m.47 views

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS0.00514EPSS
Exploits0References2
NVD
NVD
added 2021/06/29 3:15 p.m.47 views

CVE-2021-31513

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS0.01811EPSS
Exploits0References3
NVD
NVD
added 2021/06/28 3:15 p.m.47 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS0.01437EPSS
Exploits1References3
NVD
NVD
added 2021/06/12 4:15 a.m.47 views

CVE-2021-32551

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2021/06/09 12:15 p.m.47 views

CVE-2021-34369

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application,...

6.5CVSS0.08236EPSS
Exploits4References2
NVD
NVD
added 2021/06/09 12:15 p.m.47 views

CVE-2021-34370

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

6.1CVSS0.09996EPSS
Exploits4References2
NVD
NVD
added 2021/06/08 6:15 p.m.47 views

CVE-2020-26138

In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation...

5.3CVSS0.01341EPSS
Exploits1References4
NVD
NVD
added 2021/06/07 9:15 p.m.47 views

CVE-2021-20259

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...

7.8CVSS0.00273EPSS
Exploits0References1
NVD
NVD
added 2021/05/28 9:15 p.m.47 views

CVE-2021-29492

Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...

8.3CVSS0.68383EPSS
Exploits0References1
NVD
NVD
added 2021/05/24 6:15 p.m.47 views

CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device participating in the provisioning protocol to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could...

8.8CVSS0.00852EPSS
Exploits0References3
NVD
NVD
added 2021/05/12 11:15 a.m.47 views

CVE-2020-35198

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption...

9.8CVSS0.0244EPSS
Exploits0References3
NVD
NVD
added 2021/05/11 3:15 p.m.47 views

CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4.3CVSS0.00733EPSS
Exploits0References1
NVD
NVD
added 2021/05/07 9:15 p.m.47 views

CVE-2021-31457

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.02778EPSS
Exploits0References2
NVD
NVD
added 2021/05/05 7:15 p.m.47 views

CVE-2021-24274

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue...

6.1CVSS0.17638EPSS
Exploits5References2
NVD
NVD
added 2021/04/19 7:15 p.m.47 views

CVE-2021-29434

Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could...

6.1CVSS0.00626EPSS
Exploits0References2
NVD
NVD
added 2021/04/12 2:15 p.m.47 views

CVE-2021-25926

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...

6.1CVSS0.0082EPSS
Exploits1References2
NVD
NVD
added 2021/03/23 2:15 a.m.47 views

CVE-2021-21355

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

8.6CVSS0.01631EPSS
Exploits0References3
NVD
NVD
added 2021/03/09 7:15 p.m.47 views

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

9.8CVSS0.02057EPSS
Exploits1References3
NVD
NVD
added 2021/02/04 7:15 a.m.47 views

CVE-2020-6088

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS0.03454EPSS
Exploits1References1
NVD
NVD
added 2020/12/31 9:15 a.m.47 views

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

5.5CVSS5.5AI score0.00374EPSS
Exploits1References1
NVD
NVD
added 2020/12/24 9:15 p.m.47 views

CVE-2020-26282

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was...

10CVSS9.9AI score0.04629EPSS
Exploits1References4
NVD
NVD
added 2020/12/16 8:15 a.m.47 views

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

9.8CVSS9.9AI score0.8533EPSS
Exploits5References2
NVD
NVD
added 2020/12/11 7:15 p.m.47 views

CVE-2020-35149

lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property e.g., proto can be copied during a merge or clone operation...

5.3CVSS5.2AI score0.01028EPSS
Exploits0References1
NVD
NVD
added 2020/12/09 5:15 p.m.47 views

CVE-2020-26261

jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users...

7.9CVSS7.7AI score0.00471EPSS
Exploits0References4
NVD
NVD
added 2020/11/23 10:15 p.m.47 views

CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

3.7CVSS4.2AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2020/11/17 2:15 a.m.47 views

CVE-2020-14389

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have...

8.1CVSS7.9AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2020/11/12 6:15 p.m.47 views

CVE-2020-0588

Improper conditions check in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS6.7AI score0.00347EPSS
Exploits0References2
NVD
NVD
added 2020/11/06 7:15 p.m.47 views

CVE-2020-28328

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, loggerfilename can refer to an attacker-controlled .php file under the web root...

9CVSS9AI score0.63267EPSS
Exploits10References5
NVD
NVD
added 2020/07/01 4:15 p.m.47 views

CVE-2020-12497

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

7.8CVSS0.14668EPSS
Exploits0References3
NVD
NVD
added 2020/06/23 8:15 p.m.47 views

CVE-2020-14974

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...

7.1CVSS0.00897EPSS
Exploits1References2
NVD
NVD
added 2020/06/04 8:15 p.m.47 views

CVE-2020-12847

Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is...

7.2CVSS6.9AI score0.01684EPSS
Exploits1References3
NVD
NVD
added 2020/03/19 11:15 p.m.47 views

CVE-2019-16068

A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious managefiles.cgi request. This can be triggered via XSS or an IFRAME tag included within the site...

8.8CVSS8.3AI score0.00947EPSS
Exploits5References1
NVD
NVD
added 2020/01/30 8:15 p.m.47 views

CVE-2020-5229

Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore, the hashes are salted using the username instead of a random salt, causing hashes for users with the same username and password to collide which is problematic especially...

8.1CVSS7.8AI score0.00626EPSS
Exploits0References2
NVD
NVD
added 2020/01/27 9:15 p.m.47 views

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

5.3CVSS4.7AI score0.00737EPSS
Exploits0References2
NVD
NVD
added 2020/01/23 5:15 p.m.47 views

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

7.5CVSS7.4AI score0.0212EPSS
Exploits0References3
Total number of security vulnerabilities5000