Lucene search
K
NvdMost viewed

364394 matches found

NVD
NVD
added 2021/11/15 9:15 p.m.46 views

CVE-2021-41266

Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affect...

9.8CVSS0.46706EPSS
Exploits1References2
NVD
NVD
added 2021/11/09 12:15 p.m.46 views

CVE-2021-40359

A vulnerability has been identified in OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd4, OpenPCS 7 V9.1 All versions, SIMATIC BATCH V8.2 All versions, SIMATIC BATCH V9.0 All versions, SIMATIC BATCH V9.1 All versions, SIMATIC NET PC Software V14 All versions, SIMATIC NET PC...

7.7CVSS0.01137EPSS
Exploits0References1
NVD
NVD
added 2021/10/04 5:15 p.m.46 views

CVE-2021-39900

Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs...

4CVSS0.00606EPSS
Exploits0References2
NVD
NVD
added 2021/08/17 10:15 p.m.46 views

CVE-2021-28372

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek TUTK device given a valid 20-byte uniquely assigned identifier UID. This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the...

8.3CVSS0.02575EPSS
Exploits1References3
NVD
NVD
added 2021/08/17 3:15 p.m.46 views

CVE-2021-25957

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

8.8CVSS0.01058EPSS
Exploits0References2
NVD
NVD
added 2021/07/30 2:15 p.m.46 views

CVE-2021-20787

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...

4.8CVSS0.0064EPSS
Exploits0References2
NVD
NVD
added 2021/06/21 7:15 p.m.46 views

CVE-2020-19511

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...

6.1CVSS0.00819EPSS
Exploits1References2
NVD
NVD
added 2021/06/16 10:15 p.m.46 views

CVE-2021-32691

Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information name, birthday, gender, etc. This includes all app functionality within t...

9.8CVSS0.01458EPSS
Exploits0References3
NVD
NVD
added 2021/06/07 10:15 p.m.46 views

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS0.0096EPSS
Exploits0References5
NVD
NVD
added 2021/06/07 9:15 p.m.46 views

CVE-2021-20259

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...

7.8CVSS0.00273EPSS
Exploits0References1
NVD
NVD
added 2021/06/07 7:15 p.m.46 views

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS0.03404EPSS
Exploits0References6
NVD
NVD
added 2021/05/16 4:15 p.m.46 views

CVE-2021-29040

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused...

5.3CVSS0.01072EPSS
Exploits0References1
NVD
NVD
added 2021/05/14 8:15 p.m.46 views

CVE-2021-29558

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

7.8CVSS0.00211EPSS
Exploits1References2
NVD
NVD
added 2021/05/14 8:15 p.m.46 views

CVE-2021-29565

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

5.5CVSS0.00189EPSS
Exploits1References2
NVD
NVD
added 2021/05/13 4:15 p.m.46 views

CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to...

6CVSS0.00323EPSS
Exploits0References5
NVD
NVD
added 2021/05/11 8:15 p.m.46 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of 802.11...

3.5CVSS0.03537EPSS
Exploits2References12
NVD
NVD
added 2021/05/11 3:15 p.m.46 views

CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4.3CVSS0.00733EPSS
Exploits0References1
NVD
NVD
added 2021/05/03 12:15 p.m.46 views

CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...

9.3CVSS0.0417EPSS
Exploits1References2
NVD
NVD
added 2021/04/27 8:15 p.m.46 views

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...

4CVSS0.00296EPSS
Exploits0References2
NVD
NVD
added 2021/04/27 6:15 a.m.46 views

CVE-2021-20714

Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote attacker with administrator privileges to delete arbitrary files on the server via unspecified vectors...

6.5CVSS0.02625EPSS
Exploits0References3
NVD
NVD
added 2021/04/18 7:15 p.m.46 views

CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01336EPSS
Exploits1References2
NVD
NVD
added 2021/04/18 7:15 p.m.46 views

CVE-2021-23374

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01336EPSS
Exploits1References2
NVD
NVD
added 2021/04/13 8:15 p.m.46 views

CVE-2021-29427

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies...

8CVSS0.01307EPSS
Exploits1References2
NVD
NVD
added 2021/04/13 8:15 p.m.46 views

CVE-2021-28457

Visual Studio Code Remote Code Execution Vulnerability...

7.8CVSS0.02705EPSS
Exploits0References1
NVD
NVD
added 2021/03/10 3:15 p.m.46 views

CVE-2021-21491

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS0.00666EPSS
Exploits0References2
NVD
NVD
added 2021/03/09 7:15 p.m.46 views

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

9.8CVSS0.02057EPSS
Exploits1References3
NVD
NVD
added 2021/02/02 7:15 a.m.46 views

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that th...

9.8CVSS0.02418EPSS
Exploits0References2
NVD
NVD
added 2021/01/22 7:15 p.m.46 views

CVE-2020-12513

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection...

9CVSS7.8AI score0.3111EPSS
Exploits1References1
NVD
NVD
added 2021/01/01 4:15 a.m.46 views

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

9.9CVSS9.7AI score0.24937EPSS
Exploits5References4
NVD
NVD
added 2020/12/24 4:15 p.m.46 views

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

7.8CVSS7.5AI score0.0105EPSS
Exploits0References1
NVD
NVD
added 2020/12/12 7:15 p.m.46 views

CVE-2020-35208

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authentica...

5.7CVSS5.9AI score0.00474EPSS
Exploits1References2
NVD
NVD
added 2020/12/11 8:15 p.m.46 views

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

9.8CVSS9.5AI score0.01693EPSS
Exploits0References2
NVD
NVD
added 2020/11/24 1:15 a.m.46 views

CVE-2020-28991

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines with URL encoding in ParseRemoteAddr in modules/auth/repoform.go...

9.8CVSS9.4AI score0.01715EPSS
Exploits0References2
NVD
NVD
added 2020/11/23 10:15 p.m.46 views

CVE-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

3.7CVSS4.2AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2020/11/12 2:15 p.m.46 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS9.9AI score0.1064EPSS
Exploits2References1
NVD
NVD
added 2020/08/10 8:15 p.m.46 views

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor...

6.1CVSS5.9AI score0.01248EPSS
Exploits1References2
NVD
NVD
added 2020/05/14 12:15 a.m.46 views

CVE-2020-11067

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings in $BEUSER-uc are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user...

8.8CVSS9.5AI score0.0199EPSS
Exploits0References1
NVD
NVD
added 2020/05/04 9:15 p.m.46 views

CVE-2020-10686

A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users...

6.5CVSS4.5AI score0.00654EPSS
Exploits0References1
NVD
NVD
added 2020/04/21 5:15 p.m.46 views

CVE-2020-5268

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...

7.3CVSS6.5AI score0.01086EPSS
Exploits0References4
NVD
NVD
added 2020/03/12 2:15 p.m.46 views

CVE-2020-10487

CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request...

4.3CVSS4.5AI score0.00535EPSS
Exploits3References2
NVD
NVD
added 2020/03/06 9:15 p.m.46 views

CVE-2020-10112

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached...

5.8CVSS5.5AI score0.01433EPSS
Exploits3References3
NVD
NVD
added 2020/01/29 4:15 p.m.46 views

CVE-2020-2100

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...

5.8CVSS5.5AI score0.03443EPSS
Exploits0References6
NVD
NVD
added 2019/12/17 5:15 p.m.46 views

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

7.2CVSS6.6AI score0.00868EPSS
Exploits0References2
NVD
NVD
added 2019/11/26 12:15 a.m.46 views

CVE-2019-18250

In all versions of ABB Power Generation Information Manager PGIM and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device...

9.8CVSS9.7AI score0.01678EPSS
Exploits0References2
NVD
NVD
added 2019/10/29 7:15 p.m.46 views

CVE-2019-3976

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled...

8.8CVSS8.7AI score0.01675EPSS
Exploits0References1
NVD
NVD
added 2019/09/08 11:15 p.m.46 views

CVE-2019-16118

Cross site scripting XSS in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php...

6.1CVSS6.2AI score0.05303EPSS
Exploits4References5
NVD
NVD
added 2019/08/27 3:15 p.m.46 views

CVE-2019-11457

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/...

8.8CVSS8.8AI score0.01149EPSS
Exploits2References3
NVD
NVD
added 2019/05/30 10:29 p.m.46 views

CVE-2019-12480

BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service bacserv daemon cras...

7.5CVSS7.4AI score0.33653EPSS
Exploits5References7
NVD
NVD
added 2019/05/07 7:29 p.m.46 views

CVE-2019-10742

Axios up to and including 0.18.0 allows attackers to cause a denial of service application crash by continuing to accepting content after maxContentLength is exceeded...

7.5CVSS7.3AI score0.0598EPSS
Exploits1References3
NVD
NVD
added 2019/03/28 6:29 p.m.46 views

CVE-2019-1003040

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts...

9.8CVSS9.6AI score0.03366EPSS
Exploits0References4
Total number of security vulnerabilities5000