Lucene search
K
NvdMost viewed

363954 matches found

NVD
NVD
•added 2023/02/21 8:15 p.m.•46 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.01213EPSS
Exploits3References5
NVD
NVD
•added 2023/02/21 7:15 p.m.•46 views

CVE-2022-48282

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

7.2CVSS6.7AI score0.01049EPSS
Exploits0References3
NVD
NVD
•added 2023/02/21 3:15 p.m.•46 views

CVE-2021-32854

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches...

6.1CVSS6AI score0.00498EPSS
Exploits1References1
NVD
NVD
•added 2023/02/20 5:15 p.m.•46 views

CVE-2022-46303

Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...

8CVSS8.1AI score0.01096EPSS
Exploits0References1
NVD
NVD
•added 2023/02/17 10:15 p.m.•46 views

CVE-2023-21619

FrameMaker 2020 Update 4 and earlier, 2022 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00302EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 8:15 p.m.•46 views

CVE-2022-30539

Use after free in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.5CVSS8AI score0.00211EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 3:15 p.m.•46 views

CVE-2023-22580

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...

7.5CVSS6AI score0.00582EPSS
Exploits2References2
NVD
NVD
•added 2023/02/14 8:15 p.m.•46 views

CVE-2023-23377

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.0065EPSS
Exploits0References1
NVD
NVD
•added 2023/02/13 3:15 p.m.•46 views

CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.00526EPSS
Exploits2References1
NVD
NVD
•added 2023/02/13 3:15 p.m.•46 views

CVE-2023-0099

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.01726EPSS
Exploits6References2
NVD
NVD
•added 2023/02/09 5:15 p.m.•46 views

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

9.8CVSS7.5AI score0.00776EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 4:15 p.m.•46 views

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function...

9.8CVSS9.8AI score0.01946EPSS
Exploits1References1
NVD
NVD
•added 2023/02/01 2:15 p.m.•46 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.5CVSS7.5AI score0.00735EPSS
Exploits1References1
NVD
NVD
•added 2023/01/26 9:15 p.m.•46 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.8AI score0.00238EPSS
Exploits0References1
NVD
NVD
•added 2023/01/17 7:15 p.m.•46 views

CVE-2022-23739

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...

9.8CVSS9.8AI score0.01244EPSS
Exploits0References5
NVD
NVD
•added 2023/01/14 1:15 a.m.•46 views

CVE-2023-22471

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

4.3CVSS4.2AI score0.00524EPSS
Exploits0References2
NVD
NVD
•added 2023/01/12 1:15 a.m.•46 views

CVE-2023-0227

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36...

8.3CVSS7AI score0.00655EPSS
Exploits1References2
NVD
NVD
•added 2023/01/05 7:15 p.m.•46 views

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

6.5CVSS5.7AI score0.00575EPSS
Exploits0References2
NVD
NVD
•added 2022/12/30 7:15 a.m.•46 views

CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service DoS by uploading a crafted firmware update because the signature check is inadequate...

8.8CVSS0.33482EPSS
Exploits5References2
NVD
NVD
•added 2022/11/25 5:15 p.m.•46 views

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

9CVSS0.00705EPSS
Exploits0References2
NVD
NVD
•added 2022/11/22 7:15 p.m.•46 views

CVE-2022-41943

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...

9CVSS0.00902EPSS
Exploits0References2
NVD
NVD
•added 2022/11/22 4:15 p.m.•46 views

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS0.00827EPSS
Exploits0References5
NVD
NVD
•added 2022/11/18 9:15 p.m.•46 views

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

7.5CVSS0.0035EPSS
Exploits1References4
NVD
NVD
•added 2022/11/08 10:15 p.m.•46 views

CVE-2022-41259

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...

6.5CVSS0.00716EPSS
Exploits0References2
NVD
NVD
•added 2022/10/31 9:15 p.m.•46 views

CVE-2022-3783

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

6.1CVSS0.00598EPSS
Exploits1References3
NVD
NVD
•added 2022/10/07 7:15 a.m.•46 views

CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

8.1CVSS0.01197EPSS
Exploits0References2
NVD
NVD
•added 2022/10/06 8:15 p.m.•46 views

CVE-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

4.3CVSS0.00825EPSS
Exploits1References6
NVD
NVD
•added 2022/10/03 3:15 p.m.•46 views

CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...

6.5CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2022/09/28 6:15 p.m.•46 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

9.8CVSS0.01214EPSS
Exploits1References1
NVD
NVD
•added 2022/09/24 2:15 a.m.•46 views

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

9.1CVSS0.00868EPSS
Exploits0References1
NVD
NVD
•added 2022/09/22 10:15 p.m.•46 views

CVE-2022-23458

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds...

6.1CVSS0.00526EPSS
Exploits1References2
NVD
NVD
•added 2022/09/16 11:15 p.m.•46 views

CVE-2022-35992

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 8:15 p.m.•46 views

CVE-2022-35952

TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...

7.5CVSS0.00558EPSS
Exploits0References3
NVD
NVD
•added 2022/09/13 10:15 p.m.•46 views

CVE-2021-36568

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting StoredXSS. This affects Moodle 3.11 and Moodle...

5.4CVSS0.0079EPSS
Exploits1References4
NVD
NVD
•added 2022/09/08 9:15 p.m.•46 views

CVE-2022-36099

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...

9.9CVSS0.7589EPSS
Exploits1References3
NVD
NVD
•added 2022/09/08 6:15 p.m.•46 views

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS0.00662EPSS
Exploits0References3
NVD
NVD
•added 2022/09/06 6:15 p.m.•46 views

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

7.8CVSS0.00203EPSS
Exploits0References1
NVD
NVD
•added 2022/09/06 6:15 p.m.•46 views

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

5.5CVSS0.05291EPSS
Exploits6References5
NVD
NVD
•added 2022/08/26 4:15 p.m.•46 views

CVE-2021-3856

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

4.3CVSS0.00897EPSS
Exploits0References5
NVD
NVD
•added 2022/08/22 3:15 p.m.•46 views

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

7.5CVSS0.12485EPSS
Exploits5References2
NVD
NVD
•added 2022/08/18 8:15 p.m.•46 views

CVE-2022-26373

Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

5.5CVSS0.0035EPSS
Exploits0References4
NVD
NVD
•added 2022/08/16 1:15 p.m.•46 views

CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...

9.8CVSS0.0042EPSS
Exploits0References2
NVD
NVD
•added 2022/07/12 11:15 p.m.•46 views

CVE-2022-33633

Skype for Business and Lync Remote Code Execution Vulnerability...

7.2CVSS0.01806EPSS
Exploits0References1
NVD
NVD
•added 2022/07/07 1:15 p.m.•46 views

CVE-2022-31854

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel...

7.2CVSS0.32233EPSS
Exploits4References4
NVD
NVD
•added 2022/06/20 10:15 p.m.•46 views

CVE-2022-31062

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

5.3CVSS0.05627EPSS
Exploits3References2
NVD
NVD
•added 2022/06/13 6:15 p.m.•46 views

CVE-2021-41663

A cross-site scripting XSS vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page...

6.1CVSS0.00987EPSS
Exploits1References3
NVD
NVD
•added 2022/05/31 8:15 p.m.•46 views

CVE-2022-31005

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a...

7.5CVSS0.0189EPSS
Exploits1References3
NVD
NVD
•added 2022/05/06 12:15 a.m.•46 views

CVE-2022-29161

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collision...

9.8CVSS0.00385EPSS
Exploits0References3
NVD
NVD
•added 2022/03/28 6:15 p.m.•46 views

CVE-2022-0388

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00588EPSS
Exploits2References1
NVD
NVD
•added 2022/03/21 8:15 p.m.•46 views

CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

9.8CVSS0.53439EPSS
Exploits1References2
Total number of security vulnerabilities5000