Lucene search
K
NvdMost viewed

363816 matches found

NVD
NVD
added 2024/10/22 4:15 p.m.45 views

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

4.6CVSS0.00428EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 6:15 a.m.45 views

CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...

5.3CVSS0.01175EPSS
Exploits0References3
NVD
NVD
added 2024/10/12 7:15 a.m.45 views

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS0.92319EPSS
Exploits4References2
NVD
NVD
added 2024/10/12 3:15 a.m.45 views

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

5.4CVSS0.00303EPSS
Exploits0References2
NVD
NVD
added 2024/10/11 1:15 p.m.45 views

CVE-2024-9234

The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to,...

9.8CVSS0.10429EPSS
Exploits3References4
NVD
NVD
added 2024/10/10 6:15 p.m.45 views

CVE-2024-47964

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

8.4CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 4:15 p.m.45 views

CVE-2024-28709

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields...

6.1CVSS0.00521EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.45 views

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

8.6CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 3:15 p.m.45 views

CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

7.1CVSS0.00394EPSS
Exploits0References2
NVD
NVD
added 2024/09/26 3:15 a.m.45 views

CVE-2024-8803

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.0037EPSS
Exploits0References3
NVD
NVD
added 2024/09/23 4:15 p.m.45 views

CVE-2024-47066

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to...

9CVSS0.10996EPSS
Exploits4References4
NVD
NVD
added 2024/09/19 4:15 p.m.45 views

CVE-2024-8698

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS0.0203EPSS
Exploits0References14
NVD
NVD
added 2024/09/10 5:15 p.m.45 views

CVE-2024-38226

Microsoft Publisher Security Feature Bypass Vulnerability...

7.3CVSS0.02667EPSS
Exploits0References2
NVD
NVD
added 2024/09/07 8:15 a.m.45 views

CVE-2024-45498

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS0.01237EPSS
Exploits0References3
NVD
NVD
added 2024/09/05 5:15 p.m.45 views

CVE-2024-44728

Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact in /clientdetails/admin/regester.php...

7.6CVSS0.00337EPSS
Exploits1References1
NVD
NVD
added 2024/09/02 12:15 p.m.45 views

CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

7.5CVSS0.00569EPSS
Exploits0References3
NVD
NVD
added 2024/09/02 12:15 p.m.45 views

CVE-2024-33060

Memory corruption when two threads try to map and unmap a single node simultaneously...

8.4CVSS0.00165EPSS
Exploits0References1
NVD
NVD
added 2024/09/02 12:15 p.m.45 views

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255...

7.8CVSS0.00127EPSS
Exploits0References1
NVD
NVD
added 2024/09/01 11:15 a.m.45 views

CVE-2024-5053

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

4.3CVSS0.00402EPSS
Exploits0References4
NVD
NVD
added 2024/08/29 8:15 p.m.45 views

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

6.1CVSS0.01502EPSS
Exploits3References4
NVD
NVD
added 2024/08/28 9:15 p.m.45 views

CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

8.8CVSS0.00665EPSS
Exploits1References4
NVD
NVD
added 2024/08/28 7:15 a.m.45 views

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

7.2CVSS0.00518EPSS
Exploits0References1
NVD
NVD
added 2024/08/23 3:15 p.m.45 views

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

6.3CVSS0.01202EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 10:15 a.m.45 views

CVE-2023-22576

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges...

7.8CVSS0.00132EPSS
Exploits0References1
NVD
NVD
added 2024/08/17 9:15 a.m.45 views

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAXPAGECACHEORDER by commit 099d90642a71 "mm/filemap: make MAXPAGECACHEORD...

5.5CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2024/08/13 6:15 p.m.45 views

CVE-2024-38177

Windows App Installer Spoofing Vulnerability...

7.8CVSS0.00856EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 9:16 p.m.45 views

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

9.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2024/08/02 6:16 p.m.45 views

CVE-2024-38885

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application...

7.5CVSS0.00525EPSS
Exploits0References1
NVD
NVD
added 2024/08/01 3:15 p.m.45 views

CVE-2024-41926

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

4.3CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 2:15 p.m.45 views

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

8.3CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 6:15 a.m.45 views

CVE-2024-42381

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which...

8.3CVSS0.0061EPSS
Exploits0References7
NVD
NVD
added 2024/07/29 6:15 a.m.45 views

CVE-2024-5883

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS0.00382EPSS
Exploits1References1
NVD
NVD
added 2024/07/26 9:15 p.m.45 views

CVE-2024-41120

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 63 of pages/9🔲VectorDataVisualization.py takes user input, which is later passed to the gpd.readfile method. gpd.readfile method create...

9.8CVSS0.00786EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 9:15 p.m.45 views

CVE-2024-41116

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

9.8CVSS0.01322EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 9:15 p.m.45 views

CVE-2024-41115

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

9.8CVSS0.01475EPSS
Exploits1References4
NVD
NVD
added 2024/07/24 6:15 p.m.45 views

CVE-2024-41667

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

8.8CVSS0.03536EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 5:15 p.m.45 views

CVE-2024-41662

VNote is a note-taking platform. A Cross-Site Scripting XSS vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which...

9.6CVSS0.01661EPSS
Exploits1References2
NVD
NVD
added 2024/07/22 3:15 p.m.45 views

CVE-2024-41132

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

7.5CVSS0.00774EPSS
Exploits0References9
NVD
NVD
added 2024/07/15 6:15 a.m.45 views

CVE-2024-6289

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

6.1CVSS0.00904EPSS
Exploits1References1
NVD
NVD
added 2024/07/10 4:15 p.m.45 views

CVE-2024-20456

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system...

6.7CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2024/07/10 7:15 a.m.45 views

CVE-2024-36450

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may b...

5.4CVSS0.00303EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 6:15 p.m.45 views

CVE-2024-38972

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/...

6.1CVSS0.00353EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 5:15 p.m.45 views

CVE-2024-37336

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01675EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 4:15 a.m.45 views

CVE-2024-39592

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application...

7.7CVSS0.0042EPSS
Exploits0References2
NVD
NVD
added 2024/07/03 7:15 p.m.45 views

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

6.1CVSS0.00333EPSS
Exploits0References3
NVD
NVD
added 2024/07/02 10:15 a.m.45 views

CVE-2024-34596

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner...

7.5CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 5:15 p.m.45 views

CVE-2024-36983

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code...

8.8CVSS0.00996EPSS
Exploits0References2
NVD
NVD
added 2024/06/28 6:15 a.m.45 views

CVE-2024-5730

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00395EPSS
Exploits4References1
NVD
NVD
added 2024/06/27 4:15 p.m.45 views

CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext...

5.9CVSS0.00147EPSS
Exploits0References3
NVD
NVD
added 2024/06/26 12:15 a.m.45 views

CVE-2024-38364

DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...

2.6CVSS0.00393EPSS
Exploits0References4
Total number of security vulnerabilities5000