Lucene search
K
NvdMost viewed

363954 matches found

NVD
NVD
added 2023/09/25 4:15 p.m.46 views

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

7.2CVSS7.1AI score0.00628EPSS
Exploits1References1
NVD
NVD
added 2023/09/20 1:15 a.m.46 views

CVE-2023-25529

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information...

8.1CVSS8AI score0.00516EPSS
Exploits0References2
NVD
NVD
added 2023/09/12 5:15 p.m.46 views

CVE-2023-36736

Microsoft Identity Linux Broker Remote Code Execution Vulnerability...

4.4CVSS5AI score0.01693EPSS
Exploits0References1
NVD
NVD
added 2023/09/12 5:15 p.m.46 views

CVE-2023-29463

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...

8.8CVSS8.7AI score0.00777EPSS
Exploits0References1
NVD
NVD
added 2023/09/07 8:15 p.m.46 views

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

5.5CVSS5.6AI score0.00416EPSS
Exploits1References2
NVD
NVD
added 2023/09/06 9:15 a.m.46 views

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

9.8CVSS9.9AI score0.82585EPSS
Exploits6References5
NVD
NVD
added 2023/08/29 9:15 a.m.46 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS7.7AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2023/08/23 8:15 p.m.46 views

CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

7.1CVSS5.2AI score0.00484EPSS
Exploits1References2
NVD
NVD
added 2023/08/07 8:15 p.m.46 views

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

7.8CVSS6.2AI score0.00312EPSS
Exploits1References4
NVD
NVD
added 2023/08/01 5:15 a.m.46 views

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

7.5CVSS7.5AI score0.00741EPSS
Exploits0References2
NVD
NVD
added 2023/07/27 2:15 p.m.46 views

CVE-2023-38512

Cross-Site Request Forgery CSRF vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through = 4.5.4...

8.8CVSS6.5AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2023/07/26 8:15 p.m.46 views

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

9.8CVSS9.4AI score0.44455EPSS
Exploits1References2
NVD
NVD
added 2023/07/26 11:15 a.m.46 views

CVE-2023-28130

Local user may lead to privilege escalation using Gaia Portal hostnames page...

7.2CVSS7.2AI score0.21381EPSS
Exploits3References5
NVD
NVD
added 2023/07/21 3:15 p.m.46 views

CVE-2023-3822

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4...

6.1CVSS5.9AI score0.00478EPSS
Exploits1References2
NVD
NVD
added 2023/07/18 9:15 a.m.46 views

CVE-2023-2433

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...

6.4CVSS0.00423EPSS
Exploits0References3
NVD
NVD
added 2023/06/29 8:15 p.m.46 views

CVE-2023-36471

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

9CVSS9.2AI score0.01021EPSS
Exploits1References3
NVD
NVD
added 2023/06/28 11:15 p.m.46 views

CVE-2023-36475

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

9.8CVSS9.8AI score0.03203EPSS
Exploits0References7
NVD
NVD
added 2023/06/27 5:15 p.m.46 views

CVE-2023-34098

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

5.3CVSS5.2AI score0.00611EPSS
Exploits0References4
NVD
NVD
added 2023/06/22 1:15 p.m.46 views

CVE-2023-32960

Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...

7.1CVSS6.7AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/06/14 6:15 p.m.46 views

CVE-2022-31645

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

7.8CVSS8.2AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2023/06/06 7:15 p.m.46 views

CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.4CVSS5.4AI score0.00752EPSS
Exploits0References7
NVD
NVD
added 2023/06/06 6:15 p.m.46 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.8CVSS7.7AI score0.00469EPSS
Exploits3References6
NVD
NVD
added 2023/06/03 5:15 a.m.46 views

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.5CVSS6AI score0.00419EPSS
Exploits2References5
NVD
NVD
added 2023/05/22 4:15 p.m.46 views

CVE-2023-31064

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

7.5CVSS7.5AI score0.01247EPSS
Exploits0References1
NVD
NVD
added 2023/05/22 10:15 a.m.46 views

CVE-2022-45376

Cross-Site Request Forgery CSRF vulnerability in XootiX Side Cart Woocommerce Ajax 2.1 versions...

8.8CVSS5.8AI score0.00273EPSS
Exploits1References1
NVD
NVD
added 2023/05/18 10:15 p.m.46 views

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

5.5CVSS6.4AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/05/17 1:15 p.m.46 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.2CVSS7.8AI score0.04312EPSS
Exploits5References2
NVD
NVD
added 2023/05/16 3:15 p.m.46 views

CVE-2023-2738

A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may ...

9.8CVSS7.2AI score0.00866EPSS
Exploits1References3
NVD
NVD
added 2023/05/12 2:15 p.m.46 views

CVE-2023-31916

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the jmemheapfinalize at jerry-core/jmem/jmem-heap.c...

5.5CVSS5.5AI score0.00332EPSS
Exploits1References1
NVD
NVD
added 2023/05/11 8:15 p.m.46 views

CVE-2023-29195

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...

4.3CVSS4.2AI score0.00983EPSS
Exploits1References6
NVD
NVD
added 2023/05/11 5:15 p.m.46 views

CVE-2023-32075

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

4.3CVSS4.5AI score0.00763EPSS
Exploits1References4
NVD
NVD
added 2023/05/03 7:15 p.m.46 views

CVE-2023-25826

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.7AI score0.35604EPSS
Exploits4References3
NVD
NVD
added 2023/04/24 9:15 p.m.46 views

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

6.7CVSS6.6AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/04/18 8:15 p.m.46 views

CVE-2023-21969

Vulnerability in Oracle SQL Developer component: Installation. Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer...

6.7CVSS6.5AI score0.00221EPSS
Exploits1References1
NVD
NVD
added 2023/04/06 8:15 p.m.46 views

CVE-2023-29015

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

6.1CVSS6.1AI score0.00443EPSS
Exploits0References2
NVD
NVD
added 2023/04/02 9:15 p.m.46 views

CVE-2023-28683

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2CVSS8.8AI score0.00569EPSS
Exploits0References1
NVD
NVD
added 2023/03/30 10:15 a.m.46 views

CVE-2023-1712

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...

9.8CVSS9.4AI score0.00843EPSS
Exploits1References2
NVD
NVD
added 2023/03/29 7:15 p.m.46 views

CVE-2022-43617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00873EPSS
Exploits0References1
NVD
NVD
added 2023/03/29 7:15 p.m.46 views

CVE-2022-36970

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

7.8CVSS7.8AI score0.00647EPSS
Exploits0References2
NVD
NVD
added 2023/03/28 9:15 a.m.46 views

CVE-2022-47170

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin = 1.5.48 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/03/22 9:15 p.m.46 views

CVE-2023-28433

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...

8.8CVSS8.6AI score0.00981EPSS
Exploits0References4
NVD
NVD
added 2023/03/21 8:15 p.m.46 views

CVE-2023-0391

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

8.1CVSS8AI score0.00599EPSS
Exploits1References2
NVD
NVD
added 2023/03/18 9:15 p.m.46 views

CVE-2023-1488

A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is...

5.5CVSS4.4AI score0.0053EPSS
Exploits1References4
NVD
NVD
added 2023/03/17 10:15 p.m.46 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

8.8CVSS9AI score0.90655EPSS
Exploits4References3
NVD
NVD
added 2023/03/17 8:15 p.m.46 views

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

7.3CVSS5.2AI score0.00552EPSS
Exploits0References4
NVD
NVD
added 2023/03/17 4:15 a.m.46 views

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS9.3AI score0.02216EPSS
Exploits0References7
NVD
NVD
added 2023/03/15 9:15 p.m.46 views

CVE-2023-27598

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

7.5CVSS7.5AI score0.00971EPSS
Exploits0References3
NVD
NVD
added 2023/03/12 5:15 a.m.46 views

CVE-2022-48365

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges...

7.2CVSS7AI score0.00862EPSS
Exploits0References4
NVD
NVD
added 2023/03/06 9:15 p.m.46 views

CVE-2021-36396

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...

7.5CVSS7.4AI score0.01427EPSS
Exploits2References1
NVD
NVD
added 2023/03/02 7:15 p.m.46 views

CVE-2023-26471

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

9.9CVSS9.5AI score0.0092EPSS
Exploits1References3
Total number of security vulnerabilities5000