Lucene search
K
NvdMost viewed

364844 matches found

NVD
NVD
added 2024/04/25 4:15 p.m.46 views

CVE-2023-6787

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter...

8.8CVSS6.4AI score0.00744EPSS
Exploits0References5
NVD
NVD
added 2024/04/17 10:15 a.m.46 views

CVE-2024-32508

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.0.2...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2024/04/16 7:15 p.m.46 views

CVE-2024-3878

A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20408. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be...

9CVSS8.8AI score0.01683EPSS
Exploits1References4
NVD
NVD
added 2024/04/15 8:15 a.m.46 views

CVE-2024-32438

Cross-Site Request Forgery CSRF vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9...

8.8CVSS4.6AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2024/04/10 9:15 p.m.46 views

CVE-2024-31988

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, b...

9.6CVSS9.3AI score0.00696EPSS
Exploits1References6
NVD
NVD
added 2024/04/09 4:15 p.m.46 views

CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

9.8CVSS6.8AI score0.01439EPSS
Exploits0References3
NVD
NVD
added 2024/04/04 8:15 p.m.46 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS5.7AI score0.03914EPSS
Exploits0References11
NVD
NVD
added 2024/03/31 7:15 p.m.46 views

CVE-2024-31116

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74...

7.6CVSS7.9AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 9:15 a.m.46 views

CVE-2024-25995

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation...

9.8CVSS10AI score0.01404EPSS
Exploits0References2
NVD
NVD
added 2024/03/07 11:15 a.m.46 views

CVE-2024-1169

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyformsuploadhandledroppedmedia function in all versions up to, and...

7.5CVSS7.4AI score0.0058EPSS
Exploits0References3
NVD
NVD
added 2024/03/06 5:15 p.m.46 views

CVE-2024-2215

A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...

6.1CVSS5.7AI score0.00408EPSS
Exploits0References2
NVD
NVD
added 2024/03/06 5:15 p.m.46 views

CVE-2024-28161

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections is disabled by default...

5.3CVSS5.7AI score0.00417EPSS
Exploits0References2
NVD
NVD
added 2024/02/26 5:15 p.m.46 views

CVE-2024-27087

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...

5.4CVSS5.2AI score0.00348EPSS
Exploits0References2
NVD
NVD
added 2024/02/14 5:15 p.m.46 views

CVE-2024-23805

Undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables...

7.5CVSS7.4AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2024/02/12 4:15 p.m.46 views

CVE-2024-0566

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS6.9AI score0.03301EPSS
Exploits5References1
NVD
NVD
added 2024/02/02 4:15 p.m.46 views

CVE-2024-23824

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the...

4.7CVSS4.7AI score0.00597EPSS
Exploits1References3
NVD
NVD
added 2024/02/02 2:15 a.m.46 views

CVE-2024-22903

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...

8.8CVSS9.1AI score0.01861EPSS
Exploits4References4
NVD
NVD
added 2024/01/30 4:15 p.m.46 views

CVE-2024-21649

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is...

8.8CVSS8.9AI score0.01266EPSS
Exploits0References2
NVD
NVD
added 2024/01/23 6:15 p.m.46 views

CVE-2024-23636

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

9.8CVSS9.7AI score0.00799EPSS
Exploits0References2
NVD
NVD
added 2024/01/19 6:15 p.m.46 views

CVE-2024-22911

A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602...

7.8CVSS7.6AI score0.0033EPSS
Exploits1References1
NVD
NVD
added 2024/01/19 11:15 a.m.46 views

CVE-2024-21733

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Other, EOL versions may also be affected. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44...

5.3CVSS6.2AI score0.14286EPSS
Exploits3References5
NVD
NVD
added 2024/01/03 5:15 p.m.46 views

CVE-2024-21631

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

6.5CVSS6.5AI score0.00601EPSS
Exploits0References2
NVD
NVD
added 2024/01/03 4:15 p.m.46 views

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

6.1CVSS6AI score0.01165EPSS
Exploits1References5
NVD
NVD
added 2023/12/25 8:15 a.m.46 views

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

9.8CVSS0.42162EPSS
Exploits1References2
NVD
NVD
added 2023/12/04 5:15 a.m.46 views

CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0...

9.8CVSS0.02378EPSS
Exploits1References2
NVD
NVD
added 2023/11/21 10:15 p.m.46 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS0.78428EPSS
Exploits5References3
NVD
NVD
added 2023/11/20 7:15 p.m.46 views

CVE-2021-22636

Texas Instruments TI-RTOS, when configured to use HeapMem heapdefault, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMemallocUnprotected' and result in code execution...

7.8CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 2023/11/17 1:15 p.m.46 views

CVE-2023-22274

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...

7.5CVSS0.01458EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 7:15 p.m.46 views

CVE-2021-46748

Insufficient bounds checking in the ASP AMD Secure Processor may allow an attacker to access memory outside the bounds of what is permissible to a TA Trusted Application resulting in a potential denial of service...

5.5CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2023/11/03 5:15 a.m.46 views

CVE-2023-46817

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

9.8CVSS9.6AI score0.01806EPSS
Exploits3References5
NVD
NVD
added 2023/11/02 2:15 p.m.46 views

CVE-2023-29045

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborati...

5.4CVSS5.7AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2023/10/20 5:15 a.m.46 views

CVE-2023-34052

VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass...

7.8CVSS7.7AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 7:15 p.m.46 views

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS4.5AI score0.00601EPSS
Exploits0References3
NVD
NVD
added 2023/10/09 4:15 p.m.46 views

CVE-2023-44400

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the...

7.8CVSS7AI score0.00267EPSS
Exploits1References3
NVD
NVD
added 2023/10/04 12:15 p.m.46 views

CVE-2023-43261

An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components...

7.5CVSS7.2AI score0.59342EPSS
Exploits5References5
NVD
NVD
added 2023/09/27 3:19 p.m.46 views

CVE-2023-5192

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0...

6.5CVSS6.3AI score0.00783EPSS
Exploits1References2
NVD
NVD
added 2023/09/27 3:18 p.m.46 views

CVE-2023-39347

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

9CVSS7.8AI score0.0046EPSS
Exploits1References2
NVD
NVD
added 2023/09/20 1:15 a.m.46 views

CVE-2023-25529

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information...

8.1CVSS8AI score0.00516EPSS
Exploits0References2
NVD
NVD
added 2023/09/07 8:15 p.m.46 views

CVE-2023-41316

Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...

5.5CVSS5.6AI score0.00416EPSS
Exploits1References2
NVD
NVD
added 2023/09/06 6:15 p.m.46 views

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

8.8CVSS8.8AI score0.00837EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 9:15 a.m.46 views

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

9.8CVSS9.9AI score0.82585EPSS
Exploits6References5
NVD
NVD
added 2023/08/29 9:15 a.m.46 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS7.7AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2023/08/23 8:15 p.m.46 views

CVE-2023-40025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...

7.1CVSS5.2AI score0.00484EPSS
Exploits1References2
NVD
NVD
added 2023/08/08 10:15 p.m.46 views

CVE-2023-39951

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.3AI score0.00672EPSS
Exploits1References3
NVD
NVD
added 2023/08/07 8:15 p.m.46 views

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

7.8CVSS6.2AI score0.00312EPSS
Exploits1References4
NVD
NVD
added 2023/08/01 5:15 a.m.46 views

CVE-2023-26139

Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “proto”...

7.5CVSS7.5AI score0.00741EPSS
Exploits0References2
NVD
NVD
added 2023/07/26 8:15 p.m.46 views

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named argx, with x an integer starting from 1; it is possible t...

9.8CVSS9.4AI score0.44455EPSS
Exploits1References2
NVD
NVD
added 2023/07/26 11:15 a.m.46 views

CVE-2023-28130

Local user may lead to privilege escalation using Gaia Portal hostnames page...

7.2CVSS7.2AI score0.21381EPSS
Exploits3References5
NVD
NVD
added 2023/07/21 3:15 p.m.46 views

CVE-2023-3822

Cross-site Scripting XSS - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4...

6.1CVSS5.9AI score0.00478EPSS
Exploits1References2
NVD
NVD
added 2023/07/11 6:15 p.m.46 views

CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

9.9CVSS9.1AI score0.0084EPSS
Exploits0References2
Total number of security vulnerabilities5000