Lucene search
K
NvdMost viewed

363779 matches found

NVD
NVD
•added 2022/12/27 3:15 p.m.•45 views

CVE-2022-4719

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...

9.8CVSS0.00967EPSS
Exploits1References2
NVD
NVD
•added 2022/12/22 10:15 a.m.•45 views

CVE-2020-36625

A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is...

8.8CVSS0.00343EPSS
Exploits0References3
NVD
NVD
•added 2022/12/21 11:15 p.m.•45 views

CVE-2022-3184

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...

9.8CVSS0.11626EPSS
Exploits0References1
NVD
NVD
•added 2022/12/12 9:15 a.m.•45 views

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...

8.8CVSS0.06099EPSS
Exploits0References1
NVD
NVD
•added 2022/12/07 6:15 p.m.•45 views

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

8.8CVSS0.00685EPSS
Exploits0References2
NVD
NVD
•added 2022/12/06 6:15 p.m.•45 views

CVE-2022-23472

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

7.5CVSS0.00791EPSS
Exploits0References3
NVD
NVD
•added 2022/12/06 4:15 p.m.•45 views

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

8.8CVSS0.02906EPSS
Exploits1References1
NVD
NVD
•added 2022/12/01 12:15 a.m.•45 views

CVE-2022-40204

A cross-site scripting XSS vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login...

5.4CVSS0.00341EPSS
Exploits0References1
NVD
NVD
•added 2022/11/28 1:15 p.m.•45 views

CVE-2022-36193

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

9.8CVSS0.01392EPSS
Exploits1References2
NVD
NVD
•added 2022/11/23 9:15 p.m.•45 views

CVE-2022-41933

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.5CVSS0.0045EPSS
Exploits0References5
NVD
NVD
•added 2022/11/23 8:15 p.m.•45 views

CVE-2022-41934

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

9.9CVSS0.01261EPSS
Exploits1References5
NVD
NVD
•added 2022/11/17 10:15 p.m.•45 views

CVE-2022-44725

OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...

7.8CVSS0.0017EPSS
Exploits0References2
NVD
NVD
•added 2022/11/07 4:15 a.m.•45 views

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking...

9.8CVSS0.01195EPSS
Exploits1References4
NVD
NVD
•added 2022/11/02 12:15 p.m.•45 views

CVE-2022-38374

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews...

8.8CVSS0.01716EPSS
Exploits1References1
NVD
NVD
•added 2022/10/26 7:15 p.m.•45 views

CVE-2022-39359

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...

6.5CVSS0.00556EPSS
Exploits0References2
NVD
NVD
•added 2022/10/20 2:15 p.m.•45 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS0.00634EPSS
Exploits1References2
NVD
NVD
•added 2022/10/19 6:15 p.m.•45 views

CVE-2022-43018

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the email parameter in the Check Email function...

6.1CVSS0.01333EPSS
Exploits1References2
NVD
NVD
•added 2022/10/19 1:15 p.m.•45 views

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...

8.8CVSS0.00727EPSS
Exploits0References2
NVD
NVD
•added 2022/09/28 6:15 p.m.•45 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

9.8CVSS0.01214EPSS
Exploits1References1
NVD
NVD
•added 2022/09/16 10:15 p.m.•45 views

CVE-2022-35982

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
NVD
NVD
•added 2022/09/15 12:15 p.m.•45 views

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.4CVSS0.00586EPSS
Exploits1References2
NVD
NVD
•added 2022/09/13 4:15 p.m.•45 views

CVE-2022-35295

In SAP Host Agent SAPOSCOL - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves...

4.9CVSS0.01225EPSS
Exploits3References4
NVD
NVD
•added 2022/09/09 8:15 p.m.•45 views

CVE-2022-36110

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...

8.8CVSS0.00702EPSS
Exploits0References2
NVD
NVD
•added 2022/09/08 9:15 p.m.•45 views

CVE-2022-36099

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...

9.9CVSS0.7589EPSS
Exploits1References3
NVD
NVD
•added 2022/09/06 6:15 p.m.•45 views

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

5.5CVSS0.05291EPSS
Exploits6References5
NVD
NVD
•added 2022/08/31 11:15 p.m.•45 views

CVE-2022-36051

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...

8.8CVSS0.00788EPSS
Exploits0References3
NVD
NVD
•added 2022/08/18 8:15 p.m.•45 views

CVE-2022-26373

Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

5.5CVSS0.0035EPSS
Exploits0References4
NVD
NVD
•added 2022/08/02 11:15 p.m.•45 views

CVE-2022-33917

An issue was discovered in the Arm Mali GPU Kernel Driver Valhall r29p0 through r38p0. A non-privileged user can make improper GPU processing operations to gain access to already freed memory...

5.5CVSS0.00395EPSS
Exploits0References2
NVD
NVD
•added 2022/08/01 8:15 p.m.•45 views

CVE-2022-31188

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery SSRF vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to...

9.8CVSS0.47846EPSS
Exploits4References3
NVD
NVD
•added 2022/08/01 7:15 p.m.•45 views

CVE-2022-31154

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

6.4CVSS0.00417EPSS
Exploits0References2
NVD
NVD
•added 2022/07/18 5:15 p.m.•45 views

CVE-2022-1565

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...

7.2CVSS0.11344EPSS
Exploits4References3
NVD
NVD
•added 2022/07/15 6:15 p.m.•45 views

CVE-2022-31159

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

7.9CVSS0.01193EPSS
Exploits1References1
NVD
NVD
•added 2022/07/12 10:15 a.m.•45 views

CVE-2022-31257

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.31, Mendix Applications using Mendix 8 All versions V8.18.18, Mendix Applications using Mendix 9 All versions V9.14.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.2, Mendix Applications...

7.5CVSS0.00674EPSS
Exploits0References1
NVD
NVD
•added 2022/06/27 10:15 p.m.•45 views

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

9CVSS0.01143EPSS
Exploits0References2
NVD
NVD
•added 2022/06/17 8:15 p.m.•45 views

CVE-2022-25856

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the g GitArtifactReader.Read API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory...

7.5CVSS0.01815EPSS
Exploits1References3
NVD
NVD
•added 2022/06/14 9:15 p.m.•45 views

CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

9CVSS0.00846EPSS
Exploits0References1
NVD
NVD
•added 2022/06/14 10:15 a.m.•45 views

CVE-2022-30937

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...

7.8CVSS0.01182EPSS
Exploits0References1
NVD
NVD
•added 2022/06/10 8:15 p.m.•45 views

CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

7.5CVSS0.00966EPSS
Exploits1References1
NVD
NVD
•added 2022/05/24 3:15 p.m.•45 views

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS0.01228EPSS
Exploits0References3
NVD
NVD
•added 2022/05/20 3:15 p.m.•45 views

CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

10CVSS0.01857EPSS
Exploits0References4
NVD
NVD
•added 2022/04/11 8:15 p.m.•45 views

CVE-2022-25790

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution...

7.8CVSS0.01463EPSS
Exploits0References1
NVD
NVD
•added 2022/04/04 8:15 p.m.•45 views

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

7.5CVSS0.00971EPSS
Exploits0References1
NVD
NVD
•added 2022/03/30 1:15 p.m.•45 views

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...

7.4CVSS0.00977EPSS
Exploits1References2
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2021-46378

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download...

7.5CVSS0.31863EPSS
Exploits4References3
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2020-18326

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

8.8CVSS0.02226EPSS
Exploits1References3
NVD
NVD
•added 2022/03/02 8:15 p.m.•45 views

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

9.8CVSS0.01446EPSS
Exploits0References2
NVD
NVD
•added 2022/02/24 3:15 p.m.•45 views

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS0.0322EPSS
Exploits1References1
NVD
NVD
•added 2022/02/23 11:15 p.m.•45 views

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS0.00214EPSS
Exploits0References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
•added 2022/01/26 11:15 a.m.•45 views

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

8.1CVSS0.02033EPSS
Exploits0References1
Total number of security vulnerabilities5000