Lucene search
K
NvdMost viewed

364116 matches found

NVD
NVD
•added 2024/09/10 4:15 p.m.•46 views

CVE-2024-45595

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...

9.8CVSS0.00741EPSS
Exploits0References3
NVD
NVD
•added 2024/09/10 4:15 p.m.•46 views

CVE-2024-45591

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS0.03417EPSS
Exploits1References4
NVD
NVD
•added 2024/09/07 8:15 a.m.•46 views

CVE-2024-45498

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS0.01237EPSS
Exploits0References3
NVD
NVD
•added 2024/09/06 1:15 a.m.•46 views

CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS0.00545EPSS
Exploits0References3
NVD
NVD
•added 2024/09/03 8:15 p.m.•46 views

CVE-2024-41434

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component Column.GetDecimal. This allows attackers to cause a Denial of Service DoS via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the retu...

4.3CVSS0.00414EPSS
Exploits1References2
NVD
NVD
•added 2024/09/02 12:15 p.m.•46 views

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously...

8.4CVSS0.00165EPSS
Exploits0References1
NVD
NVD
•added 2024/08/27 6:15 p.m.•46 views

CVE-2024-43783

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...

7.5CVSS0.00857EPSS
Exploits1References6
NVD
NVD
•added 2024/08/23 9:15 a.m.•46 views

CVE-2024-38807

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

6.3CVSS0.00123EPSS
Exploits0References2
NVD
NVD
•added 2024/08/21 9:15 p.m.•46 views

CVE-2024-6386

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with...

9.9CVSS0.25533EPSS
Exploits3References3
NVD
NVD
•added 2024/08/21 7:15 a.m.•46 views

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

5.5CVSS0.00209EPSS
Exploits0References2
NVD
NVD
•added 2024/08/19 8:15 p.m.•46 views

CVE-2024-42815

In the TP-Link RE365 V1180213, there is a buffer overflow vulnerability due to the lack of length verification for the USERAGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

9.8CVSS0.00807EPSS
Exploits1References2
NVD
NVD
•added 2024/08/12 5:15 p.m.•46 views

CVE-2024-41651

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user who, by...

9.8CVSS0.01263EPSS
Exploits1References1
NVD
NVD
•added 2024/08/12 4:15 p.m.•46 views

CVE-2024-42480

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...

9.9CVSS0.00622EPSS
Exploits1References3
NVD
NVD
•added 2024/08/12 1:38 p.m.•46 views

CVE-2024-38218

Microsoft Edge HTML-based Memory Corruption Vulnerability...

8.4CVSS0.00607EPSS
Exploits0References1
NVD
NVD
•added 2024/08/08 3:15 p.m.•46 views

CVE-2024-42356

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...

8.3CVSS0.00648EPSS
Exploits0References5
NVD
NVD
•added 2024/08/07 11:15 a.m.•46 views

CVE-2024-6522

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mecfesform' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitra...

9.6CVSS0.00405EPSS
Exploits0References4
NVD
NVD
•added 2024/07/18 4:15 p.m.•46 views

CVE-2024-39911

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

10CVSS0.04566EPSS
Exploits2References2
NVD
NVD
•added 2024/07/16 6:15 p.m.•46 views

CVE-2024-39700

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS0.01024EPSS
Exploits3References2
NVD
NVD
•added 2024/07/11 5:15 p.m.•46 views

CVE-2024-39546

A Missing Authorization vulnerability in the Socket Intercept SI command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privile...

7.3CVSS0.00183EPSS
Exploits0References1
NVD
NVD
•added 2024/07/10 5:15 p.m.•46 views

CVE-2024-5217

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS0.99628EPSS
Exploits4References4
NVD
NVD
•added 2024/07/10 7:15 a.m.•46 views

CVE-2024-36451

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered,...

8.8CVSS0.00569EPSS
Exploits0References2
NVD
NVD
•added 2024/07/10 7:15 a.m.•46 views

CVE-2024-36450

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may b...

5.4CVSS0.00303EPSS
Exploits0References2
NVD
NVD
•added 2024/07/05 8:15 p.m.•46 views

CVE-2024-5753

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as pgreadfile. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like /etc/passwd, by exploiting the exposed SQL...

7.5CVSS0.00604EPSS
Exploits0References1
NVD
NVD
•added 2024/07/05 7:15 p.m.•46 views

CVE-2024-39696

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user can create a vesting account with a 3rd party account EOA or contract as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization...

8.8CVSS0.00523EPSS
Exploits0References2
NVD
NVD
•added 2024/07/03 8:15 p.m.•46 views

CVE-2024-37157

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on...

6.4CVSS0.00348EPSS
Exploits0References3
NVD
NVD
•added 2024/07/03 6:15 a.m.•46 views

CVE-2024-2375

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

5.9CVSS0.00329EPSS
Exploits2References1
NVD
NVD
•added 2024/07/01 7:15 p.m.•46 views

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

10CVSS0.00686EPSS
Exploits0References2
NVD
NVD
•added 2024/06/27 4:15 p.m.•46 views

CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext...

5.9CVSS0.00147EPSS
Exploits0References3
NVD
NVD
•added 2024/06/26 4:15 p.m.•46 views

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

5.4CVSS0.00263EPSS
Exploits0References1
NVD
NVD
•added 2024/06/24 5:15 p.m.•46 views

CVE-2024-38369

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to...

9.9CVSS0.00342EPSS
Exploits0References1
NVD
NVD
•added 2024/06/24 1:15 p.m.•46 views

CVE-2024-37109

Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...

9.9CVSS0.00532EPSS
Exploits0References1
NVD
NVD
•added 2024/06/21 8:15 p.m.•46 views

CVE-2023-38506

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

8.2CVSS0.00422EPSS
Exploits1References1
NVD
NVD
•added 2024/06/21 1:15 p.m.•46 views

CVE-2024-35771

Cross-Site Request Forgery CSRF vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21...

8.8CVSS0.0022EPSS
Exploits0References1
NVD
NVD
•added 2024/06/19 8:15 p.m.•46 views

CVE-2024-38355

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit 15af22fc22 which has been included in...

7.3CVSS0.0069EPSS
Exploits0References4
NVD
NVD
•added 2024/06/19 6:15 a.m.•46 views

CVE-2024-5208

An uncontrolled resource consumption vulnerability exists in the upload-link endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service DOS by shutting down the server through sending invalid upload requests. Specifically, the server can be made to sh...

6.5CVSS0.00618EPSS
Exploits1References2
NVD
NVD
•added 2024/06/18 12:15 p.m.•46 views

CVE-2024-6109

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely...

8.8CVSS0.00597EPSS
Exploits1References4
NVD
NVD
•added 2024/06/12 9:15 a.m.•46 views

CVE-2023-51537

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5...

7.3CVSS0.00301EPSS
Exploits0References1
NVD
NVD
•added 2024/06/11 9:15 p.m.•46 views

CVE-2024-28877

MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability...

8.8CVSS0.00686EPSS
Exploits0References1
NVD
NVD
•added 2024/06/11 5:16 p.m.•46 views

CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability...

7.8CVSS0.25222EPSS
Exploits7References2
NVD
NVD
•added 2024/06/11 5:15 p.m.•46 views

CVE-2024-30088

Windows Kernel Elevation of Privilege Vulnerability...

7CVSS0.68202EPSS
Exploits7References2
NVD
NVD
•added 2024/06/11 5:15 p.m.•46 views

CVE-2024-29060

Visual Studio Elevation of Privilege Vulnerability...

6.7CVSS0.00892EPSS
Exploits0References1
NVD
NVD
•added 2024/06/11 4:15 p.m.•46 views

CVE-2024-34819

Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through = 1.7.2...

5.3CVSS0.00408EPSS
Exploits0References2
NVD
NVD
•added 2024/06/11 3:15 a.m.•46 views

CVE-2024-2473

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...

5.3CVSS0.01235EPSS
Exploits1References3
NVD
NVD
•added 2024/06/10 9:15 a.m.•46 views

CVE-2024-36971

In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...

7.8CVSS0.02701EPSS
Exploits1References10
NVD
NVD
•added 2024/06/06 10:15 p.m.•46 views

CVE-2024-36823

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

7.5CVSS0.0078EPSS
Exploits0References1
NVD
NVD
•added 2024/06/06 7:16 p.m.•46 views

CVE-2024-4888

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

8.1CVSS0.00614EPSS
Exploits1References1
NVD
NVD
•added 2024/06/06 7:15 p.m.•46 views

CVE-2024-37153

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...

7.5CVSS0.00618EPSS
Exploits1References2
NVD
NVD
•added 2024/06/04 2:15 p.m.•46 views

CVE-2024-35668

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/...

7.1CVSS7AI score0.00288EPSS
Exploits0References1
NVD
NVD
•added 2024/05/21 4:15 p.m.•46 views

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...

5.5CVSS5.3AI score0.00257EPSS
Exploits0References9
NVD
NVD
•added 2024/04/25 6:15 p.m.•46 views

CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

5.3CVSS5.3AI score0.00451EPSS
Exploits0References1
Total number of security vulnerabilities5000