Lucene search
K
NvdMost viewed

363365 matches found

NVD
NVD
added 2023/07/10 4:15 p.m.69 views

CVE-2023-2029

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.0061EPSS
Exploits3References2
NVD
NVD
added 2023/06/13 4:15 p.m.69 views

CVE-2023-33695

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile function at /core/io/FileUtil.java...

7.1CVSS6.8AI score0.00244EPSS
Exploits1References1
NVD
NVD
added 2023/05/12 2:15 p.m.69 views

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

9.8CVSS9.7AI score0.08079EPSS
Exploits3References2
NVD
NVD
added 2023/04/21 6:15 p.m.69 views

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

7.5CVSS7.5AI score0.00864EPSS
Exploits0References4
NVD
NVD
added 2021/12/06 4:15 p.m.69 views

CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

7.5CVSS0.71532EPSS
Exploits5References2
NVD
NVD
added 2021/01/08 6:15 p.m.69 views

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

7.2CVSS7.5AI score0.02848EPSS
Exploits0References3
NVD
NVD
added 2019/08/20 8:15 p.m.69 views

CVE-2019-13520

Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application...

7.8CVSS8AI score0.02947EPSS
Exploits0References3
NVD
NVD
added 2025/04/28 8:15 p.m.68 views

CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS0.0418EPSS
Exploits1References3
NVD
NVD
added 2024/11/04 11:15 p.m.68 views

CVE-2024-51501

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...

10CVSS0.00535EPSS
Exploits0References2
NVD
NVD
added 2024/08/25 2:15 a.m.68 views

CVE-2024-8140

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

5.4CVSS0.00371EPSS
Exploits1References5
NVD
NVD
added 2024/08/13 3:15 a.m.68 views

CVE-2024-7094

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...

9.8CVSS0.37899EPSS
Exploits0References6
NVD
NVD
added 2024/08/12 1:38 p.m.68 views

CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

9.9CVSS0.01603EPSS
Exploits0References2
NVD
NVD
added 2024/06/27 9:15 p.m.68 views

CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...

10CVSS0.01088EPSS
Exploits0References2
NVD
NVD
added 2024/06/18 9:15 p.m.68 views

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

6.3CVSS0.00605EPSS
Exploits1References4
NVD
NVD
added 2024/06/18 7:15 p.m.68 views

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode SMM ROM protections...

8.2CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 8:15 p.m.68 views

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

8.9CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/03/15 1:15 p.m.68 views

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

5.5CVSS6.2AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2024/01/31 2:15 p.m.68 views

CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS8.4AI score0.04794EPSS
Exploits7References13
NVD
NVD
added 2024/01/25 9:15 p.m.68 views

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

7.2CVSS7.3AI score0.15597EPSS
Exploits1References4
NVD
NVD
added 2024/01/19 6:15 p.m.68 views

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

7.8CVSS7.7AI score0.0033EPSS
Exploits1References1
NVD
NVD
added 2023/09/06 9:15 p.m.68 views

CVE-2023-29198

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

8.5CVSS6.5AI score0.0049EPSS
Exploits0References2
NVD
NVD
added 2023/06/12 6:15 p.m.68 views

CVE-2023-2362

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

6.1CVSS6AI score0.00458EPSS
Exploits2References1
NVD
NVD
added 2023/05/05 10:15 p.m.68 views

CVE-2023-30065

MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...

8.8CVSS9.1AI score0.01328EPSS
Exploits1References1
NVD
NVD
added 2023/04/14 12:15 a.m.68 views

CVE-2023-26918

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...

9.8CVSS9.5AI score0.06051EPSS
Exploits4References2
NVD
NVD
added 2023/04/13 11:15 p.m.68 views

CVE-2023-1326

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate...

7.8CVSS7.8AI score0.00874EPSS
Exploits0References2
NVD
NVD
added 2023/03/30 7:15 p.m.68 views

CVE-2023-28647

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain...

6.8CVSS4.8AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2023/03/02 7:15 p.m.68 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.2AI score0.28565EPSS
Exploits5References5
NVD
NVD
added 2023/02/23 8:15 p.m.68 views

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

7.5CVSS7.5AI score0.00596EPSS
Exploits0References3
NVD
NVD
added 2022/06/14 5:15 p.m.68 views

CVE-2022-29612

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol...

4.3CVSS0.00626EPSS
Exploits0References2
NVD
NVD
added 2022/03/03 9:15 p.m.68 views

CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS0.01995EPSS
Exploits1References4
NVD
NVD
added 2021/09/15 1:15 p.m.68 views

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

8.8CVSS0.04609EPSS
Exploits7References4
NVD
NVD
added 2021/09/01 6:15 p.m.68 views

CVE-2021-40380

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials...

7.5CVSS0.22724EPSS
Exploits3References2
NVD
NVD
added 2021/03/15 5:15 p.m.68 views

CVE-2021-25667

A vulnerability has been identified in RUGGEDCOM RM1224 All versions = V4.3 and = V4.3 and = V4.3 and = V2.0 and V2.1.3, SCALANCE XB-200 All versions V4.1, SCALANCE XC-200 All versions V4.1, SCALANCE XF-200BA All versions V4.1, SCALANCE XM400 All versions V6.2, SCALANCE XP-200 All versions V4.1,...

8.8CVSS0.00852EPSS
Exploits0References2
NVD
NVD
added 2020/05/18 10:15 p.m.68 views

CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet...

6.5CVSS6.3AI score0.03118EPSS
Exploits1References2
NVD
NVD
added 2019/07/19 7:15 a.m.68 views

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=...

5.4CVSS5.3AI score0.01505EPSS
Exploits5References2
NVD
NVD
added 2019/07/18 1:15 p.m.68 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2019/02/10 10:29 p.m.68 views

CVE-2019-7702

A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as...

6.5CVSS6.3AI score0.0115EPSS
Exploits1References1
NVD
NVD
added 2013/04/17 6:55 p.m.68 views

CVE-2013-2426

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from t...

9.3CVSS7.9AI score0.05712EPSS
Exploits0References19
NVD
NVD
added 2026/05/12 3:16 a.m.67 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 9:16 p.m.67 views

CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS0.4525EPSS
Exploits2References4
NVD
NVD
added 2025/12/19 9:15 p.m.67 views

CVE-2023-53950

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS0.00559EPSS
Exploits0References3
NVD
NVD
added 2025/12/11 7:15 p.m.67 views

CVE-2025-56129

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...

8.8CVSS0.02308EPSS
Exploits1References3
NVD
NVD
added 2025/07/09 4:15 p.m.67 views

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS0.00196EPSS
Exploits0References2
NVD
NVD
added 2025/05/26 7:15 a.m.67 views

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

6.3CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 7:15 p.m.67 views

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS0.01151EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 10:15 p.m.67 views

CVE-2025-23210

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS0.00403EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 6:15 p.m.67 views

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability...

8.8CVSS0.13719EPSS
Exploits1References2
NVD
NVD
added 2024/08/24 6:15 p.m.67 views

CVE-2024-8131

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by thi...

9.8CVSS0.08208EPSS
Exploits1References6
NVD
NVD
added 2024/08/13 6:15 p.m.67 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7.8CVSS0.27561EPSS
Exploits4References3
NVD
NVD
added 2024/07/09 5:15 p.m.67 views

CVE-2024-20701

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01611EPSS
Exploits0References1
Total number of security vulnerabilities5000