Lucene search
K
NvdMost viewed

363815 matches found

NVD
NVD
added 2023/11/14 6:15 p.m.45 views

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

3.3CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2023/11/13 2:15 a.m.45 views

CVE-2023-34378

Cross-Site Request Forgery CSRF vulnerability in scriptburn.Com WP Hide Post plugin = 2.0.10 versions...

8.8CVSS0.00312EPSS
Exploits0References1
NVD
NVD
added 2023/11/10 6:15 p.m.45 views

CVE-2023-46733

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, SessionStrategyListener does not migrate the session after every successful login. It does so only in case the logged in...

6.5CVSS0.00689EPSS
Exploits0References3
NVD
NVD
added 2023/11/06 7:15 p.m.45 views

CVE-2023-46254

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

4.3CVSS4.7AI score0.00415EPSS
Exploits0References2
NVD
NVD
added 2023/11/04 12:15 a.m.45 views

CVE-2023-32741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2...

7.6CVSS7.3AI score0.00557EPSS
Exploits2References2
NVD
NVD
added 2023/10/19 9:15 p.m.45 views

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7.6AI score0.00631EPSS
Exploits0References2
NVD
NVD
added 2023/10/17 11:15 p.m.45 views

CVE-2023-45810

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even...

7.5CVSS5.9AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 7:15 p.m.45 views

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS4.5AI score0.00601EPSS
Exploits0References3
NVD
NVD
added 2023/10/06 8:15 p.m.45 views

CVE-2023-5452

Cross-site Scripting XSS - Stored in GitHub repository snipe/snipe-it prior to v6.2.2...

5.5CVSS5.3AI score0.00527EPSS
Exploits4References2
NVD
NVD
added 2023/09/27 3:19 p.m.45 views

CVE-2023-5192

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0...

6.5CVSS6.3AI score0.00783EPSS
Exploits1References2
NVD
NVD
added 2023/09/27 3:19 p.m.45 views

CVE-2023-4505

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...

4.9CVSS3.9AI score0.00721EPSS
Exploits2References4
NVD
NVD
added 2023/09/20 3:15 p.m.45 views

CVE-2023-43635

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a unique value for each PCR entry. These PCRs are then used in order to seal/unseal a key from the...

8.8CVSS8.7AI score0.0011EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 2:15 p.m.45 views

CVE-2022-28831

Adobe InDesign versions 17.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00402EPSS
Exploits0References1
NVD
NVD
added 2023/08/26 10:15 a.m.45 views

CVE-2023-4548

A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filterbrandid leads to sql injection. It is possible to initiate the attack remotely...

9.8CVSS7.4AI score0.20112EPSS
Exploits4References3
NVD
NVD
added 2023/08/23 9:15 p.m.45 views

CVE-2023-40035

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable...

7.2CVSS7.4AI score0.01909EPSS
Exploits1References4
NVD
NVD
added 2023/08/15 5:15 p.m.45 views

CVE-2023-39662

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

9.8CVSS9.7AI score0.01233EPSS
Exploits1References1
NVD
NVD
added 2023/08/08 6:15 p.m.45 views

CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM...

7.8CVSS7.8AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2023/08/08 3:15 p.m.45 views

CVE-2023-2423

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at...

8.6CVSS8.4AI score0.00637EPSS
Exploits0References1
NVD
NVD
added 2023/08/03 10:15 p.m.45 views

CVE-2023-20214

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is...

9.1CVSS9.4AI score0.00731EPSS
Exploits0References1
NVD
NVD
added 2023/07/17 11:15 a.m.45 views

CVE-2023-23646

Cross-Site Request Forgery CSRF vulnerability in A WP Life Album Gallery – WordPress Gallery plugin = 1.4.9 versions...

8.8CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2023/07/13 2:15 p.m.45 views

CVE-2023-37267

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1...

9.8CVSS0.00596EPSS
Exploits0References4
NVD
NVD
added 2023/07/12 1:15 p.m.45 views

CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon...

7.5CVSS7.4AI score0.01341EPSS
Exploits1References3
NVD
NVD
added 2023/07/11 6:15 p.m.45 views

CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

9.9CVSS9.1AI score0.00768EPSS
Exploits0References2
NVD
NVD
added 2023/07/11 6:15 p.m.45 views

CVE-2023-34089

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

8.1CVSS7.9AI score0.00579EPSS
Exploits0References3
NVD
NVD
added 2023/07/07 8:15 p.m.45 views

CVE-2022-4361

Keycloak, an open-source identity and access management solution, has a cross-site scripting XSS vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirecturi...

10CVSS8.4AI score0.00626EPSS
Exploits0References2
NVD
NVD
added 2023/07/06 3:15 p.m.45 views

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS8.8AI score0.0148EPSS
Exploits1References2
NVD
NVD
added 2023/06/28 11:15 p.m.45 views

CVE-2023-36475

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...

9.8CVSS9.8AI score0.03203EPSS
Exploits0References7
NVD
NVD
added 2023/06/27 2:15 p.m.45 views

CVE-2023-2744

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the type parameter in the erp/v1/accounting/v1/people REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.2AI score0.02632EPSS
Exploits5References2
NVD
NVD
added 2023/06/26 8:15 p.m.45 views

CVE-2023-35930

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...

5.3CVSS4.4AI score0.00448EPSS
Exploits0References2
NVD
NVD
added 2023/06/23 7:15 p.m.45 views

CVE-2023-35158

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.3AI score0.02048EPSS
Exploits0References4
NVD
NVD
added 2023/06/22 2:15 p.m.45 views

CVE-2023-35926

Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been vm2, but in light of several past vulnerabilities and...

9.9CVSS9AI score0.01888EPSS
Exploits0References3
NVD
NVD
added 2023/06/19 1:15 a.m.45 views

CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

6.5CVSS6.5AI score0.01936EPSS
Exploits2References4
NVD
NVD
added 2023/06/01 5:15 p.m.45 views

CVE-2023-34092

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

7.5CVSS7.2AI score0.03152EPSS
Exploits1References3
NVD
NVD
added 2023/05/24 3:15 p.m.45 views

CVE-2023-33941

Multiple cross-site scripting XSS vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the 1 code, or 2...

6.1CVSS6.6AI score0.00462EPSS
Exploits0References1
NVD
NVD
added 2023/05/23 1:15 a.m.45 views

CVE-2023-31741

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wlssid, wlant, wlrate, WLattenctl, ttcpnum, ttcpsize in the httpd s StartEPI function,...

7.2CVSS7.3AI score0.02688EPSS
Exploits1References2
NVD
NVD
added 2023/05/22 10:15 a.m.45 views

CVE-2022-45376

Cross-Site Request Forgery CSRF vulnerability in XootiX Side Cart Woocommerce Ajax 2.1 versions...

8.8CVSS5.8AI score0.00273EPSS
Exploits1References1
NVD
NVD
added 2023/05/19 5:15 a.m.45 views

CVE-2023-1618

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and i...

8.6CVSS8.3AI score0.01132EPSS
Exploits0References3
NVD
NVD
added 2023/05/15 9:15 a.m.45 views

CVE-2023-22318

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5...

7.5CVSS7.5AI score0.00532EPSS
Exploits0References1
NVD
NVD
added 2023/05/12 8:15 a.m.45 views

CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

8.1CVSS7.9AI score0.01093EPSS
Exploits0References1
NVD
NVD
added 2023/05/10 4:15 p.m.45 views

CVE-2022-46378

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

7.5CVSS6.7AI score0.01419EPSS
Exploits1References3
NVD
NVD
added 2023/05/10 2:15 p.m.45 views

CVE-2022-38087

Exposure of resource to wrong sphere in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access...

5.5CVSS4.7AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 10:15 a.m.45 views

CVE-2023-23793

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eightweb Interactive Read More Without Refresh plugin = 3.1 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/05/08 3:15 p.m.45 views

CVE-2023-22788

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

8.8CVSS8.4AI score0.01704EPSS
Exploits0References1
NVD
NVD
added 2023/05/04 10:15 p.m.45 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6.1CVSS5.9AI score0.00486EPSS
Exploits1References2
NVD
NVD
added 2023/05/03 12:16 p.m.45 views

CVE-2023-25796

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Include WP BaiDu Submit plugin = 1.2.1 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/27 5:15 a.m.45 views

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

5.9CVSS5.7AI score0.00983EPSS
Exploits2References5
NVD
NVD
added 2023/04/12 9:15 p.m.45 views

CVE-2023-24545

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine Sfe can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually st...

7.5CVSS7.4AI score0.00775EPSS
Exploits1References1
NVD
NVD
added 2023/04/11 7:15 p.m.45 views

CVE-2023-1986

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function deleteorder of the file /classes/master.php?f=deleteorder. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

7.2CVSS6.9AI score0.00767EPSS
Exploits1References3
NVD
NVD
added 2023/04/07 2:15 p.m.45 views

CVE-2023-27808

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted payload...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References1
NVD
NVD
added 2023/04/06 8:15 p.m.45 views

CVE-2023-29015

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

6.1CVSS6.1AI score0.00443EPSS
Exploits0References2
Total number of security vulnerabilities5000