Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2024/11/15 5:15 p.m.45 views

CVE-2021-1466

A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service DoS condition. The vulnerability is due to incomplete bounds checks for data that is provided to...

5.4CVSS0.00601EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 9:15 p.m.45 views

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login...

8.8CVSS0.00613EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 7:15 p.m.45 views

CVE-2024-35274

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability CWE-22 in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read...

2.3CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 2024/11/09 2:15 p.m.45 views

CVE-2024-51613

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bidbud TradeMe widgets trademe-widget allows Stored XSS.This issue affects TradeMe widgets: from n/a through = 1.2...

6.5CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 1:15 a.m.45 views

CVE-2024-10749

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity...

8.1CVSS0.00506EPSS
Exploits0References4
NVD
NVD
added 2024/10/22 4:15 p.m.45 views

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...

4.6CVSS0.00428EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 6:15 a.m.45 views

CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...

5.3CVSS0.01175EPSS
Exploits0References3
NVD
NVD
added 2024/10/12 7:15 a.m.45 views

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS0.92319EPSS
Exploits4References2
NVD
NVD
added 2024/10/12 3:15 a.m.45 views

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

5.4CVSS0.00303EPSS
Exploits0References2
NVD
NVD
added 2024/10/11 1:15 p.m.45 views

CVE-2024-9234

The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the installandactivatepluginfromexternal function install-active-plugin REST API endpoint in all versions up to,...

9.8CVSS0.10429EPSS
Exploits3References4
NVD
NVD
added 2024/10/10 6:15 p.m.45 views

CVE-2024-47964

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process...

8.4CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 4:15 p.m.45 views

CVE-2024-28709

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields...

6.1CVSS0.00521EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.45 views

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

8.6CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 3:15 p.m.45 views

CVE-2024-41673

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

7.1CVSS0.004EPSS
Exploits0References2
NVD
NVD
added 2024/09/26 3:15 a.m.45 views

CVE-2024-8803

The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS0.0037EPSS
Exploits0References3
NVD
NVD
added 2024/09/23 4:15 p.m.45 views

CVE-2024-47066

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to...

9CVSS0.10996EPSS
Exploits4References4
NVD
NVD
added 2024/09/19 4:15 p.m.45 views

CVE-2024-8698

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS0.0203EPSS
Exploits0References14
NVD
NVD
added 2024/09/07 8:15 a.m.45 views

CVE-2024-45498

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS0.01237EPSS
Exploits0References3
NVD
NVD
added 2024/09/05 5:15 p.m.45 views

CVE-2024-44728

Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact in /clientdetails/admin/regester.php...

7.6CVSS0.00337EPSS
Exploits1References1
NVD
NVD
added 2024/09/02 12:15 p.m.45 views

CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

7.5CVSS0.00569EPSS
Exploits0References3
NVD
NVD
added 2024/09/02 12:15 p.m.45 views

CVE-2024-33042

Memory corruption when Alternative Frequency offset value is set to 255...

7.8CVSS0.00127EPSS
Exploits0References1
NVD
NVD
added 2024/09/01 11:15 a.m.45 views

CVE-2024-5053

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it...

4.3CVSS0.00402EPSS
Exploits0References4
NVD
NVD
added 2024/08/29 8:15 p.m.45 views

CVE-2024-41358

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via app\admin\import-export\import-load-data.php...

6.1CVSS0.01502EPSS
Exploits3References4
NVD
NVD
added 2024/08/28 9:15 p.m.45 views

CVE-2024-45059

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

8.8CVSS0.00665EPSS
Exploits1References4
NVD
NVD
added 2024/08/28 7:15 a.m.45 views

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

7.2CVSS0.00518EPSS
Exploits0References1
NVD
NVD
added 2024/08/23 3:15 p.m.45 views

CVE-2024-41150

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800...

6.3CVSS0.01202EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 10:15 a.m.45 views

CVE-2023-22576

Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges...

7.8CVSS0.00132EPSS
Exploits0References1
NVD
NVD
added 2024/08/17 9:15 a.m.45 views

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAXPAGECACHEORDER by commit 099d90642a71 "mm/filemap: make MAXPAGECACHEORD...

5.5CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2024/08/13 6:15 p.m.45 views

CVE-2024-38177

Windows App Installer Spoofing Vulnerability...

7.8CVSS0.00856EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 9:16 p.m.45 views

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

9.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2024/08/02 6:16 p.m.45 views

CVE-2024-38885

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application...

7.5CVSS0.00525EPSS
Exploits0References1
NVD
NVD
added 2024/08/01 3:15 p.m.45 views

CVE-2024-41926

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

4.3CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 2:15 p.m.45 views

CVE-2024-3083

A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...

8.3CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 6:15 a.m.45 views

CVE-2024-42381

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp section. NOTE: this code execution would occur during an un-sandboxed binary relocation phase, which...

8.3CVSS0.0061EPSS
Exploits0References7
NVD
NVD
added 2024/07/29 6:15 a.m.45 views

CVE-2024-5883

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS0.00382EPSS
Exploits1References1
NVD
NVD
added 2024/07/26 9:15 p.m.45 views

CVE-2024-41120

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 63 of pages/9🔲VectorDataVisualization.py takes user input, which is later passed to the gpd.readfile method. gpd.readfile method create...

9.8CVSS0.00786EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 9:15 p.m.45 views

CVE-2024-41116

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...

9.8CVSS0.01322EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 9:15 p.m.45 views

CVE-2024-41115

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable on line 488 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 493, leading to remote code executio...

9.8CVSS0.01475EPSS
Exploits1References4
NVD
NVD
added 2024/07/24 6:15 p.m.45 views

CVE-2024-41667

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...

8.8CVSS0.03536EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 5:15 p.m.45 views

CVE-2024-41662

VNote is a note-taking platform. A Cross-Site Scripting XSS vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking application. This vulnerability allows the injection and execution of arbitrary JavaScript code through which...

9.6CVSS0.01661EPSS
Exploits1References2
NVD
NVD
added 2024/07/22 3:15 p.m.45 views

CVE-2024-41132

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit...

7.5CVSS0.00774EPSS
Exploits0References9
NVD
NVD
added 2024/07/18 4:15 p.m.45 views

CVE-2024-39911

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

10CVSS0.04566EPSS
Exploits2References2
NVD
NVD
added 2024/07/15 6:15 a.m.45 views

CVE-2024-6289

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page...

6.1CVSS0.00904EPSS
Exploits1References1
NVD
NVD
added 2024/07/10 4:15 p.m.45 views

CVE-2024-20456

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system...

6.7CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 6:15 p.m.45 views

CVE-2024-38972

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/...

6.1CVSS0.00353EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 5:15 p.m.45 views

CVE-2024-38060

Windows Imaging Component Remote Code Execution Vulnerability...

8.8CVSS0.16034EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.45 views

CVE-2024-37336

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01675EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 4:15 a.m.45 views

CVE-2024-39592

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application...

7.7CVSS0.0042EPSS
Exploits0References2
NVD
NVD
added 2024/07/03 7:15 p.m.45 views

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

6.1CVSS0.00333EPSS
Exploits0References3
NVD
NVD
added 2024/07/02 10:15 a.m.45 views

CVE-2024-34596

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner...

7.5CVSS0.00483EPSS
Exploits0References1
Total number of security vulnerabilities5000