Lucene search
K
NvdMost viewed

364067 matches found

NVD
NVD
added 2023/12/04 5:15 a.m.46 views

CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

9.8CVSS0.02378EPSS
Exploits1References2
NVD
NVD
added 2023/11/20 7:15 p.m.46 views

CVE-2021-22636

Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...

7.8CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 2023/11/17 1:15 p.m.46 views

CVE-2023-22274

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

7.5CVSS0.01458EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 7:15 p.m.46 views

CVE-2021-46748

Insufficient bounds checking in the ASP AMD Secure Processor may allow an attacker to access memory outside the bounds of what is permissible to a TA Trusted Application resulting in a potential denial of service...

5.5CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2023/11/09 1:15 a.m.46 views

CVE-2023-20902

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...

6.5CVSS0.00373EPSS
Exploits1References1
NVD
NVD
added 2023/11/07 6:15 a.m.46 views

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from ADSP...

7.8CVSS7.7AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2023/11/03 5:15 a.m.46 views

CVE-2023-46817

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

9.8CVSS9.6AI score0.01806EPSS
Exploits3References5
NVD
NVD
added 2023/11/02 2:15 p.m.46 views

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...

5.4CVSS5.7AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2023/10/20 5:15 a.m.46 views

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

7.8CVSS7.7AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 5:15 a.m.46 views

CVE-2023-36947

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule...

9.8CVSS9.7AI score0.00817EPSS
Exploits1References1
NVD
NVD
added 2023/10/09 4:15 p.m.46 views

CVE-2023-44400

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

7.8CVSS7AI score0.00267EPSS
Exploits1References3
NVD
NVD
added 2023/10/04 12:15 p.m.46 views

CVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components...

7.5CVSS7.2AI score0.60176EPSS
Exploits5References7
NVD
NVD
added 2023/09/27 3:18 p.m.46 views

CVE-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

9CVSS7.8AI score0.0046EPSS
Exploits1References2
NVD
NVD
added 2023/09/25 4:15 p.m.46 views

CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server...

7.2CVSS7.1AI score0.00628EPSS
Exploits1References1
NVD
NVD
added 2023/09/20 1:15 a.m.46 views

CVE-2023-25529

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information...

8.1CVSS8AI score0.00516EPSS
Exploits0References2
NVD
NVD
added 2023/09/12 5:15 p.m.46 views

CVE-2023-29463

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...

8.8CVSS8.7AI score0.00777EPSS
Exploits0References1
NVD
NVD
added 2023/09/07 8:15 p.m.46 views

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

5.5CVSS5.6AI score0.00416EPSS
Exploits1References2
NVD
NVD
added 2023/09/06 9:15 a.m.46 views

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

9.8CVSS9.9AI score0.82585EPSS
Exploits6References5
NVD
NVD
added 2023/08/29 9:15 a.m.46 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS7.7AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2023/08/23 8:15 p.m.46 views

CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

7.1CVSS5.2AI score0.00484EPSS
Exploits1References2
NVD
NVD
added 2023/08/07 8:15 p.m.46 views

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

7.8CVSS6.2AI score0.00312EPSS
Exploits1References4
NVD
NVD
added 2023/08/01 5:15 a.m.46 views

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

7.5CVSS7.5AI score0.00741EPSS
Exploits0References2
NVD
NVD
added 2023/07/27 2:15 p.m.46 views

CVE-2023-38512

Cross-Site Request Forgery CSRF vulnerability in wpstream WpStream wpstream allows Cross Site Request Forgery.This issue affects WpStream: from n/a through = 4.5.4...

8.8CVSS6.5AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 2023/07/26 8:15 p.m.46 views

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

9.8CVSS9.4AI score0.44455EPSS
Exploits1References2
NVD
NVD
added 2023/07/26 11:15 a.m.46 views

CVE-2023-28130

Local user may lead to privilege escalation using Gaia Portal hostnames page...

7.2CVSS7.2AI score0.21381EPSS
Exploits3References5
NVD
NVD
added 2023/07/21 3:15 p.m.46 views

CVE-2023-3822

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4...

6.1CVSS5.9AI score0.00478EPSS
Exploits1References2
NVD
NVD
added 2023/07/18 9:15 a.m.46 views

CVE-2023-2433

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...

6.4CVSS0.00423EPSS
Exploits0References3
NVD
NVD
added 2023/06/29 8:15 p.m.46 views

CVE-2023-36471

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

9CVSS9.2AI score0.01021EPSS
Exploits1References3
NVD
NVD
added 2023/06/28 11:15 p.m.46 views

CVE-2023-36475

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

9.8CVSS9.8AI score0.03203EPSS
Exploits0References7
NVD
NVD
added 2023/06/27 5:15 p.m.46 views

CVE-2023-34098

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

5.3CVSS5.2AI score0.00611EPSS
Exploits0References4
NVD
NVD
added 2023/06/22 1:15 p.m.46 views

CVE-2023-32960

Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...

7.1CVSS6.7AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/06/14 6:15 p.m.46 views

CVE-2022-31645

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

7.8CVSS8.2AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2023/06/06 7:15 p.m.46 views

CVE-2023-32682

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the...

5.4CVSS5.4AI score0.00752EPSS
Exploits0References7
NVD
NVD
added 2023/06/06 6:15 p.m.46 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.8CVSS7.7AI score0.00469EPSS
Exploits3References6
NVD
NVD
added 2023/06/03 5:15 a.m.46 views

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.5CVSS6AI score0.00419EPSS
Exploits2References5
NVD
NVD
added 2023/05/22 4:15 p.m.46 views

CVE-2023-31064

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

7.5CVSS7.5AI score0.01247EPSS
Exploits0References1
NVD
NVD
added 2023/05/22 10:15 a.m.46 views

CVE-2022-45376

Cross-Site Request Forgery CSRF vulnerability in XootiX Side Cart Woocommerce Ajax 2.1 versions...

8.8CVSS5.8AI score0.00273EPSS
Exploits1References1
NVD
NVD
added 2023/05/18 10:15 p.m.46 views

CVE-2023-1195

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

5.5CVSS6.4AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/05/17 1:15 p.m.46 views

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

7.2CVSS7.8AI score0.04312EPSS
Exploits5References2
NVD
NVD
added 2023/05/16 3:15 p.m.46 views

CVE-2023-2738

A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may ...

9.8CVSS7.2AI score0.00866EPSS
Exploits1References3
NVD
NVD
added 2023/05/12 2:15 p.m.46 views

CVE-2023-31916

Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the jmemheapfinalize at jerry-core/jmem/jmem-heap.c...

5.5CVSS5.5AI score0.00332EPSS
Exploits1References1
NVD
NVD
added 2023/05/11 8:15 p.m.46 views

CVE-2023-29195

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing / characters from VTAdmin such that from that point on, anyone who tries to create a new shard fr...

4.3CVSS4.2AI score0.00983EPSS
Exploits1References6
NVD
NVD
added 2023/05/11 5:15 p.m.46 views

CVE-2023-32075

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

4.3CVSS4.5AI score0.00763EPSS
Exploits1References4
NVD
NVD
added 2023/05/03 7:15 p.m.46 views

CVE-2023-25826

Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was...

9.8CVSS9.7AI score0.35604EPSS
Exploits4References3
NVD
NVD
added 2023/04/24 9:15 p.m.46 views

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

6.7CVSS6.6AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/04/18 8:15 p.m.46 views

CVE-2023-21969

Vulnerability in Oracle SQL Developer component: Installation. Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer...

6.7CVSS6.5AI score0.00221EPSS
Exploits1References1
NVD
NVD
added 2023/04/06 8:15 p.m.46 views

CVE-2023-29015

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

6.1CVSS6.1AI score0.00443EPSS
Exploits0References2
NVD
NVD
added 2023/04/02 9:15 p.m.46 views

CVE-2023-28683

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2CVSS8.8AI score0.00569EPSS
Exploits0References1
NVD
NVD
added 2023/03/30 10:15 a.m.46 views

CVE-2023-1712

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...

9.8CVSS9.4AI score0.00843EPSS
Exploits1References2
NVD
NVD
added 2023/03/29 7:15 p.m.46 views

CVE-2022-43617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00873EPSS
Exploits0References1
Total number of security vulnerabilities5000