Lucene search
K
NvdMost viewed

364228 matches found

NVD
NVD
•added 2023/04/06 8:15 p.m.•46 views

CVE-2023-29015

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

6.1CVSS6.1AI score0.00443EPSS
Exploits0References2
NVD
NVD
•added 2023/04/02 9:15 p.m.•46 views

CVE-2023-28683

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.2CVSS8.8AI score0.00569EPSS
Exploits0References1
NVD
NVD
•added 2023/03/30 10:15 a.m.•46 views

CVE-2023-1712

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...

9.8CVSS9.4AI score0.00843EPSS
Exploits1References2
NVD
NVD
•added 2023/03/29 7:15 p.m.•46 views

CVE-2022-43617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00873EPSS
Exploits0References1
NVD
NVD
•added 2023/03/28 9:15 a.m.•46 views

CVE-2022-47170

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin = 1.5.48 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
•added 2023/03/22 9:15 p.m.•46 views

CVE-2023-28433

Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...

8.8CVSS8.6AI score0.00981EPSS
Exploits0References4
NVD
NVD
•added 2023/03/21 8:15 p.m.•46 views

CVE-2023-0391

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

8.1CVSS8AI score0.00599EPSS
Exploits1References2
NVD
NVD
•added 2023/03/18 9:15 p.m.•46 views

CVE-2023-1488

A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is...

5.5CVSS4.4AI score0.0053EPSS
Exploits1References4
NVD
NVD
•added 2023/03/17 10:15 p.m.•46 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

8.8CVSS9AI score0.90655EPSS
Exploits4References3
NVD
NVD
•added 2023/03/17 4:15 a.m.•46 views

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS9.3AI score0.02216EPSS
Exploits0References7
NVD
NVD
•added 2023/03/15 9:15 p.m.•46 views

CVE-2023-27598

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

7.5CVSS7.5AI score0.00971EPSS
Exploits0References3
NVD
NVD
•added 2023/03/12 5:15 a.m.•46 views

CVE-2022-48365

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges...

7.2CVSS7AI score0.00862EPSS
Exploits0References4
NVD
NVD
•added 2023/03/06 9:15 p.m.•46 views

CVE-2021-36396

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk...

7.5CVSS7.4AI score0.01427EPSS
Exploits2References1
NVD
NVD
•added 2023/03/02 7:15 p.m.•46 views

CVE-2023-26471

XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled, but the async macro does not take into account the restricted mode. This means that any user with...

9.9CVSS9.5AI score0.0092EPSS
Exploits1References3
NVD
NVD
•added 2023/02/21 8:15 p.m.•46 views

CVE-2023-0942

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.01213EPSS
Exploits3References5
NVD
NVD
•added 2023/02/21 3:15 p.m.•46 views

CVE-2021-32854

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches...

6.1CVSS6AI score0.00498EPSS
Exploits1References1
NVD
NVD
•added 2023/02/21 9:15 a.m.•46 views

CVE-2022-4385

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

4.3CVSS4.6AI score0.00486EPSS
Exploits2References1
NVD
NVD
•added 2023/02/20 5:15 p.m.•46 views

CVE-2022-46303

Command injection in SMS notifications in Tribe29 Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local...

8CVSS8.1AI score0.01096EPSS
Exploits0References1
NVD
NVD
•added 2023/02/17 10:15 p.m.•46 views

CVE-2023-21619

FrameMaker 2020 Update 4 and earlier, 2022 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00302EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 8:15 p.m.•46 views

CVE-2022-30539

Use after free in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.5CVSS8AI score0.00211EPSS
Exploits0References1
NVD
NVD
•added 2023/02/16 3:15 p.m.•46 views

CVE-2023-22580

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...

7.5CVSS6AI score0.00582EPSS
Exploits2References2
NVD
NVD
•added 2023/02/14 8:15 p.m.•46 views

CVE-2023-23377

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.0065EPSS
Exploits0References1
NVD
NVD
•added 2023/02/13 3:15 p.m.•46 views

CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.00526EPSS
Exploits2References1
NVD
NVD
•added 2023/02/13 3:15 p.m.•46 views

CVE-2023-0099

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.01726EPSS
Exploits6References2
NVD
NVD
•added 2023/02/12 4:15 a.m.•46 views

CVE-2022-25735

Denial of service in modem due to missing null check while processing TCP or UDP packets from server...

7.5CVSS7.5AI score0.00406EPSS
Exploits0References1
NVD
NVD
•added 2023/02/09 5:15 p.m.•46 views

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

9.8CVSS7.5AI score0.00776EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 4:15 p.m.•46 views

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function...

9.8CVSS9.8AI score0.01946EPSS
Exploits1References1
NVD
NVD
•added 2023/02/01 2:15 p.m.•46 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.5CVSS7.5AI score0.00735EPSS
Exploits1References1
NVD
NVD
•added 2023/01/26 9:15 p.m.•46 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.8AI score0.00238EPSS
Exploits0References1
NVD
NVD
•added 2023/01/17 7:15 p.m.•46 views

CVE-2022-23739

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...

9.8CVSS9.8AI score0.01244EPSS
Exploits0References5
NVD
NVD
•added 2023/01/14 1:15 a.m.•46 views

CVE-2023-22471

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

4.3CVSS4.2AI score0.00524EPSS
Exploits0References2
NVD
NVD
•added 2023/01/12 1:15 a.m.•46 views

CVE-2023-0227

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36...

8.3CVSS7AI score0.00655EPSS
Exploits1References2
NVD
NVD
•added 2023/01/05 7:15 p.m.•46 views

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

6.5CVSS5.7AI score0.00575EPSS
Exploits0References2
NVD
NVD
•added 2022/12/30 7:15 a.m.•46 views

CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service DoS by uploading a crafted firmware update because the signature check is inadequate...

8.8CVSS0.33482EPSS
Exploits5References2
NVD
NVD
•added 2022/11/25 5:15 p.m.•46 views

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

9CVSS0.00705EPSS
Exploits0References1
NVD
NVD
•added 2022/11/22 4:15 p.m.•46 views

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS0.00827EPSS
Exploits0References5
NVD
NVD
•added 2022/11/18 9:15 p.m.•46 views

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

7.5CVSS0.0035EPSS
Exploits1References4
NVD
NVD
•added 2022/11/08 10:15 p.m.•46 views

CVE-2022-41259

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...

6.5CVSS0.00716EPSS
Exploits0References2
NVD
NVD
•added 2022/10/07 7:15 a.m.•46 views

CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

8.1CVSS0.01197EPSS
Exploits0References2
NVD
NVD
•added 2022/10/06 8:15 p.m.•46 views

CVE-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

4.3CVSS0.00825EPSS
Exploits1References6
NVD
NVD
•added 2022/10/03 3:15 p.m.•46 views

CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...

6.5CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2022/09/30 5:15 a.m.•46 views

CVE-2022-41846

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp...

5.5CVSS0.00288EPSS
Exploits1References2
NVD
NVD
•added 2022/09/28 6:15 p.m.•46 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

9.8CVSS0.01214EPSS
Exploits1References1
NVD
NVD
•added 2022/09/24 2:15 a.m.•46 views

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

9.1CVSS0.00868EPSS
Exploits0References1
NVD
NVD
•added 2022/09/22 10:15 p.m.•46 views

CVE-2022-23458

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds...

6.1CVSS0.00526EPSS
Exploits1References2
NVD
NVD
•added 2022/09/16 11:15 p.m.•46 views

CVE-2022-35992

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/13 10:15 p.m.•46 views

CVE-2021-36568

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting StoredXSS. This affects Moodle 3.11 and Moodle...

5.4CVSS0.0079EPSS
Exploits1References4
NVD
NVD
•added 2022/09/08 9:15 p.m.•46 views

CVE-2022-36099

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...

9.9CVSS0.7589EPSS
Exploits1References3
NVD
NVD
•added 2022/09/08 6:15 p.m.•46 views

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS0.00662EPSS
Exploits0References3
NVD
NVD
•added 2022/09/06 6:15 p.m.•46 views

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

7.8CVSS0.00203EPSS
Exploits0References1
Total number of security vulnerabilities5000