Lucene search
K
NvdMost viewed

363949 matches found

NVD
NVD
added 2022/02/09 10:15 p.m.46 views

CVE-2022-23631

superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...

9.8CVSS0.02351EPSS
Exploits1References3
NVD
NVD
added 2022/02/09 4:15 p.m.46 views

CVE-2021-37204

A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...

7.5CVSS0.02181EPSS
Exploits0References1
NVD
NVD
added 2022/02/01 1:15 p.m.46 views

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

6.5CVSS0.00531EPSS
Exploits2References1
NVD
NVD
added 2022/01/28 8:15 p.m.46 views

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

6.1CVSS0.00745EPSS
Exploits0References1
NVD
NVD
added 2022/01/25 4:15 p.m.46 views

CVE-2021-34868

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

8.8CVSS0.00423EPSS
Exploits0References2
NVD
NVD
added 2022/01/24 8:15 a.m.46 views

CVE-2021-25008

The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS0.02268EPSS
Exploits2References1
NVD
NVD
added 2022/01/21 12:15 a.m.46 views

CVE-2022-23315

MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do...

9.8CVSS0.01819EPSS
Exploits1References1
NVD
NVD
added 2022/01/21 12:15 a.m.46 views

CVE-2022-22894

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecmalcachelookup in /jerry-core/ecma/base/ecma-lcache.c...

7.8CVSS0.00748EPSS
Exploits1References1
NVD
NVD
added 2022/01/18 10:15 p.m.46 views

CVE-2022-21693

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

6.5CVSS0.01129EPSS
Exploits0References2
NVD
NVD
added 2022/01/13 10:15 p.m.46 views

CVE-2021-34984

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

5.5CVSS0.01699EPSS
Exploits0References2
NVD
NVD
added 2022/01/10 4:15 p.m.46 views

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...

7.2CVSS0.73293EPSS
Exploits6References3
NVD
NVD
added 2021/12/20 12:15 p.m.46 views

CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS0.82295EPSS
Exploits0References19
NVD
NVD
added 2021/12/06 4:15 p.m.46 views

CVE-2021-24938

The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocsupdateprofilesdata AJAX action available to any authenticated user before outputting it back in the response, leading to a Reflected cross-Site Scripting issue...

6.1CVSS0.00795EPSS
Exploits2References1
NVD
NVD
added 2021/12/01 3:15 p.m.46 views

CVE-2021-40154

NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming ISP mode. This discloses protected flash memory...

6.1CVSS0.0073EPSS
Exploits1References2
NVD
NVD
added 2021/11/19 7:15 p.m.46 views

CVE-2021-40391

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of Gerbv commit 71493260. A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger thi...

10CVSS0.02916EPSS
Exploits1References3
NVD
NVD
added 2021/11/15 9:15 p.m.46 views

CVE-2021-41266

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affect...

9.8CVSS0.46706EPSS
Exploits1References2
NVD
NVD
added 2021/11/09 12:15 p.m.46 views

CVE-2021-40359

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

7.7CVSS0.01137EPSS
Exploits0References1
NVD
NVD
added 2021/10/04 5:15 p.m.46 views

CVE-2021-39900

Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...

4CVSS0.00606EPSS
Exploits0References2
NVD
NVD
added 2021/08/17 3:15 p.m.46 views

CVE-2021-25957

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

8.8CVSS0.01058EPSS
Exploits0References2
NVD
NVD
added 2021/07/30 2:15 p.m.46 views

CVE-2021-20787

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...

4.8CVSS0.0064EPSS
Exploits0References2
NVD
NVD
added 2021/06/28 3:15 p.m.46 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution in the...

5.4CVSS0.01437EPSS
Exploits1References3
NVD
NVD
added 2021/06/16 10:15 p.m.46 views

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

9.8CVSS0.01458EPSS
Exploits0References3
NVD
NVD
added 2021/06/07 10:15 p.m.46 views

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS0.0096EPSS
Exploits0References5
NVD
NVD
added 2021/06/07 9:15 p.m.46 views

CVE-2021-20259

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...

7.8CVSS0.00273EPSS
Exploits0References1
NVD
NVD
added 2021/06/07 7:15 p.m.46 views

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS0.03404EPSS
Exploits0References6
NVD
NVD
added 2021/05/16 4:15 p.m.46 views

CVE-2021-29040

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused...

5.3CVSS0.01082EPSS
Exploits0References2
NVD
NVD
added 2021/05/14 8:15 p.m.46 views

CVE-2021-29558

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

7.8CVSS0.00211EPSS
Exploits1References2
NVD
NVD
added 2021/05/14 8:15 p.m.46 views

CVE-2021-29565

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

5.5CVSS0.00189EPSS
Exploits1References2
NVD
NVD
added 2021/05/14 8:15 p.m.46 views

CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS0.00189EPSS
Exploits1References2
NVD
NVD
added 2021/05/13 4:15 p.m.46 views

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to...

6CVSS0.00323EPSS
Exploits0References5
NVD
NVD
added 2021/05/11 8:15 p.m.46 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of 802.11...

3.5CVSS0.03537EPSS
Exploits2References12
NVD
NVD
added 2021/05/11 3:15 p.m.46 views

CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4.3CVSS0.00733EPSS
Exploits0References1
NVD
NVD
added 2021/05/03 12:15 p.m.46 views

CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...

9.3CVSS0.0417EPSS
Exploits1References2
NVD
NVD
added 2021/04/27 8:15 p.m.46 views

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

4CVSS0.00296EPSS
Exploits0References2
NVD
NVD
added 2021/04/27 6:15 a.m.46 views

CVE-2021-20714

Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors...

6.5CVSS0.02625EPSS
Exploits0References3
NVD
NVD
added 2021/04/18 7:15 p.m.46 views

CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01336EPSS
Exploits1References2
NVD
NVD
added 2021/04/18 7:15 p.m.46 views

CVE-2021-23374

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01336EPSS
Exploits1References2
NVD
NVD
added 2021/04/13 8:15 p.m.46 views

CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

8CVSS0.01307EPSS
Exploits1References2
NVD
NVD
added 2021/04/13 8:15 p.m.46 views

CVE-2021-28457

Visual Studio Code Remote Code Execution Vulnerability...

7.8CVSS0.02705EPSS
Exploits0References1
NVD
NVD
added 2021/03/10 3:15 p.m.46 views

CVE-2021-21491

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS0.00666EPSS
Exploits0References2
NVD
NVD
added 2021/03/09 7:15 p.m.46 views

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

9.8CVSS0.02057EPSS
Exploits1References3
NVD
NVD
added 2021/02/02 7:15 a.m.46 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8CVSS0.02418EPSS
Exploits0References2
NVD
NVD
added 2021/01/22 7:15 p.m.46 views

CVE-2020-12513

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection...

9CVSS7.8AI score0.3111EPSS
Exploits1References1
NVD
NVD
added 2021/01/01 4:15 a.m.46 views

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

9.9CVSS9.7AI score0.24937EPSS
Exploits5References4
NVD
NVD
added 2020/12/24 4:15 p.m.46 views

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

7.8CVSS7.5AI score0.0105EPSS
Exploits0References1
NVD
NVD
added 2020/12/12 7:15 p.m.46 views

CVE-2020-35208

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authentica...

5.7CVSS5.9AI score0.00474EPSS
Exploits1References2
NVD
NVD
added 2020/12/11 8:15 p.m.46 views

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

9.8CVSS9.5AI score0.01693EPSS
Exploits0References2
NVD
NVD
added 2020/11/24 1:15 a.m.46 views

CVE-2020-28991

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...

9.8CVSS9.4AI score0.01715EPSS
Exploits0References2
NVD
NVD
added 2020/11/23 10:15 p.m.46 views

CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

3.7CVSS4.2AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2020/08/10 8:15 p.m.46 views

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

6.1CVSS5.9AI score0.01248EPSS
Exploits1References2
Total number of security vulnerabilities5000