Lucene search
K
NvdMost viewed

364447 matches found

NVD
NVD
•added 2023/02/16 3:15 p.m.•46 views

CVE-2023-22580

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...

7.5CVSS6AI score0.00582EPSS
Exploits2References2
NVD
NVD
•added 2023/02/14 8:15 p.m.•46 views

CVE-2023-23377

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.0065EPSS
Exploits0References1
NVD
NVD
•added 2023/02/13 3:15 p.m.•46 views

CVE-2023-0362

Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.4AI score0.00526EPSS
Exploits2References1
NVD
NVD
•added 2023/02/13 3:15 p.m.•46 views

CVE-2023-0099

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.01726EPSS
Exploits6References2
NVD
NVD
•added 2023/02/12 4:15 a.m.•46 views

CVE-2022-25735

Denial of service in modem due to missing null check while processing TCP or UDP packets from server...

7.5CVSS7.5AI score0.00406EPSS
Exploits0References1
NVD
NVD
•added 2023/02/09 5:15 p.m.•46 views

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

9.8CVSS7.5AI score0.00776EPSS
Exploits0References1
NVD
NVD
•added 2023/02/03 4:15 p.m.•46 views

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function...

9.8CVSS9.8AI score0.01946EPSS
Exploits1References1
NVD
NVD
•added 2023/02/01 2:15 p.m.•46 views

CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing CORS...

7.5CVSS7.5AI score0.00735EPSS
Exploits1References1
NVD
NVD
•added 2023/01/26 9:15 p.m.•46 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.8AI score0.00238EPSS
Exploits0References1
NVD
NVD
•added 2023/01/17 7:15 p.m.•46 views

CVE-2022-23739

An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app installed on an organization to gain access to and modify most organization-level resources that a...

9.8CVSS9.8AI score0.01244EPSS
Exploits0References5
NVD
NVD
•added 2023/01/14 1:15 a.m.•46 views

CVE-2023-22471

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is...

4.3CVSS4.2AI score0.00524EPSS
Exploits0References2
NVD
NVD
•added 2023/01/12 1:15 a.m.•46 views

CVE-2023-0227

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36...

8.3CVSS7AI score0.00655EPSS
Exploits1References2
NVD
NVD
•added 2023/01/05 7:15 p.m.•46 views

CVE-2022-23549

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta16 on the beta and tests-passed branches, users can create posts with raw body longer than the maxlength site setting by including html comments that are not counted toward the...

6.5CVSS5.7AI score0.00575EPSS
Exploits0References2
NVD
NVD
•added 2022/12/30 7:15 a.m.•46 views

CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service DoS by uploading a crafted firmware update because the signature check is inadequate...

8.8CVSS0.33482EPSS
Exploits5References2
NVD
NVD
•added 2022/11/25 5:15 p.m.•46 views

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

9CVSS0.00701EPSS
Exploits0References1
NVD
NVD
•added 2022/11/22 4:15 p.m.•46 views

CVE-2022-41952

Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after maxspidersize default: 10M bytes have been downloaded, which can in some cases lead to...

6.5CVSS0.00827EPSS
Exploits0References5
NVD
NVD
•added 2022/11/18 9:15 p.m.•46 views

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

7.5CVSS0.0035EPSS
Exploits1References4
NVD
NVD
•added 2022/11/08 10:15 p.m.•46 views

CVE-2022-41259

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor...

6.5CVSS0.00716EPSS
Exploits0References2
NVD
NVD
•added 2022/10/06 8:15 p.m.•46 views

CVE-2022-39284

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

4.3CVSS0.00825EPSS
Exploits1References6
NVD
NVD
•added 2022/10/03 3:15 p.m.•46 views

CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...

6.5CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2022/09/30 5:15 a.m.•46 views

CVE-2022-41846

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp...

5.5CVSS0.00288EPSS
Exploits1References2
NVD
NVD
•added 2022/09/28 6:15 p.m.•46 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

9.8CVSS0.01266EPSS
Exploits1References1
NVD
NVD
•added 2022/09/24 2:15 a.m.•46 views

CVE-2022-36025

Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations including DELEGATECALL results in...

9.1CVSS0.00868EPSS
Exploits0References1
NVD
NVD
•added 2022/09/22 10:15 p.m.•46 views

CVE-2022-23458

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds...

6.1CVSS0.00526EPSS
Exploits1References2
NVD
NVD
•added 2022/09/16 11:15 p.m.•46 views

CVE-2022-35992

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/13 10:15 p.m.•46 views

CVE-2021-36568

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting StoredXSS. This affects Moodle 3.11 and Moodle...

5.4CVSS0.0079EPSS
Exploits1References4
NVD
NVD
•added 2022/09/08 9:15 p.m.•46 views

CVE-2022-36099

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...

9.9CVSS0.7589EPSS
Exploits1References3
NVD
NVD
•added 2022/09/08 6:15 p.m.•46 views

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

8.5CVSS0.00687EPSS
Exploits0References3
NVD
NVD
•added 2022/09/06 6:15 p.m.•46 views

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

7.8CVSS0.00203EPSS
Exploits0References1
NVD
NVD
•added 2022/08/26 4:15 p.m.•46 views

CVE-2021-3856

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...

4.3CVSS0.00897EPSS
Exploits0References5
NVD
NVD
•added 2022/08/22 3:15 p.m.•46 views

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

7.5CVSS0.12485EPSS
Exploits5References2
NVD
NVD
•added 2022/08/18 8:15 p.m.•46 views

CVE-2022-26373

Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

5.5CVSS0.0035EPSS
Exploits0References4
NVD
NVD
•added 2022/08/16 1:15 p.m.•46 views

CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...

9.8CVSS0.0042EPSS
Exploits0References2
NVD
NVD
•added 2022/07/12 11:15 p.m.•46 views

CVE-2022-33633

Skype for Business and Lync Remote Code Execution Vulnerability...

7.2CVSS0.02204EPSS
Exploits0References1
NVD
NVD
•added 2022/07/07 1:15 p.m.•46 views

CVE-2022-31854

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel...

7.2CVSS0.32233EPSS
Exploits4References4
NVD
NVD
•added 2022/06/20 10:15 p.m.•46 views

CVE-2022-31062

Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...

5.3CVSS0.05627EPSS
Exploits3References2
NVD
NVD
•added 2022/05/31 8:15 p.m.•46 views

CVE-2022-31005

Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a...

7.5CVSS0.0189EPSS
Exploits1References3
NVD
NVD
•added 2022/05/06 12:15 a.m.•46 views

CVE-2022-29161

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collision...

9.8CVSS0.00385EPSS
Exploits0References3
NVD
NVD
•added 2022/03/28 6:15 p.m.•46 views

CVE-2022-0388

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00588EPSS
Exploits2References1
NVD
NVD
•added 2022/03/21 8:15 p.m.•46 views

CVE-2022-26148

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...

9.8CVSS0.53439EPSS
Exploits1References2
NVD
NVD
•added 2022/03/14 11:15 p.m.•46 views

CVE-2022-24740

Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user's account and...

7.5CVSS0.00566EPSS
Exploits0References2
NVD
NVD
•added 2022/03/10 5:43 p.m.•46 views

CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

7.8CVSS0.00394EPSS
Exploits1References3
NVD
NVD
•added 2022/03/09 11:15 p.m.•46 views

CVE-2022-24744

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3...

3.5CVSS0.00477EPSS
Exploits0References1
NVD
NVD
•added 2022/03/03 7:15 a.m.•46 views

CVE-2022-0528

Server-Side Request Forgery SSRF in GitHub repository transloadit/uppy prior to 3.3.1...

7.5CVSS0.00963EPSS
Exploits1References2
NVD
NVD
•added 2022/02/23 11:15 p.m.•46 views

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS0.00214EPSS
Exploits0References3
NVD
NVD
•added 2022/02/09 11:15 p.m.•46 views

CVE-2022-22532

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the...

9.8CVSS0.02372EPSS
Exploits0References2
NVD
NVD
•added 2022/02/09 10:15 p.m.•46 views

CVE-2022-23631

superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...

9.8CVSS0.02351EPSS
Exploits1References3
NVD
NVD
•added 2022/02/09 4:15 p.m.•46 views

CVE-2021-37204

A vulnerability has been identified in SIMATIC Drive Controller family All versions = V2.9.2 = V21.9 = V4.5.0 = V2.9.2 = V21.9 = V4.0 V4.0 SP1, SIPLUS TIM 1531 IRC All versions V2.3.6, TIM 1531 IRC All versions V2.3.6. An unauthenticated attacker could cause a denial-of-service condition in a PLC...

7.5CVSS0.02181EPSS
Exploits0References1
NVD
NVD
•added 2022/02/01 1:15 p.m.•46 views

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

6.5CVSS0.00531EPSS
Exploits2References1
NVD
NVD
•added 2022/01/28 8:15 p.m.•46 views

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

6.1CVSS0.00745EPSS
Exploits0References1
Total number of security vulnerabilities5000