Lucene search
K
NvdMost viewed

363875 matches found

NVD
NVD
•added 2022/10/19 1:15 p.m.•45 views

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...

8.8CVSS0.00727EPSS
Exploits0References2
NVD
NVD
•added 2022/09/28 6:15 p.m.•45 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

9.8CVSS0.01214EPSS
Exploits1References1
NVD
NVD
•added 2022/09/16 10:15 p.m.•45 views

CVE-2022-35982

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
NVD
NVD
•added 2022/09/15 12:15 p.m.•45 views

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.4CVSS0.00586EPSS
Exploits1References2
NVD
NVD
•added 2022/09/13 4:15 p.m.•45 views

CVE-2022-35295

In SAP Host Agent SAPOSCOL - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves...

4.9CVSS0.01225EPSS
Exploits3References4
NVD
NVD
•added 2022/09/09 8:15 p.m.•45 views

CVE-2022-36110

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...

8.8CVSS0.00702EPSS
Exploits0References2
NVD
NVD
•added 2022/08/31 11:15 p.m.•45 views

CVE-2022-36051

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...

8.8CVSS0.00788EPSS
Exploits0References3
NVD
NVD
•added 2022/08/02 11:15 p.m.•45 views

CVE-2022-33917

An issue was discovered in the Arm Mali GPU Kernel Driver Valhall r29p0 through r38p0. A non-privileged user can make improper GPU processing operations to gain access to already freed memory...

5.5CVSS0.00395EPSS
Exploits0References2
NVD
NVD
•added 2022/08/01 8:15 p.m.•45 views

CVE-2022-31188

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery SSRF vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to...

9.8CVSS0.47846EPSS
Exploits4References3
NVD
NVD
•added 2022/08/01 7:15 p.m.•45 views

CVE-2022-31154

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

6.4CVSS0.00417EPSS
Exploits0References2
NVD
NVD
•added 2022/07/18 5:15 p.m.•45 views

CVE-2022-1565

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wpallimportgetgz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary...

7.2CVSS0.11344EPSS
Exploits4References3
NVD
NVD
•added 2022/07/15 6:15 p.m.•45 views

CVE-2022-31159

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

7.9CVSS0.01193EPSS
Exploits1References1
NVD
NVD
•added 2022/07/12 10:15 a.m.•45 views

CVE-2022-31257

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.31, Mendix Applications using Mendix 8 All versions V8.18.18, Mendix Applications using Mendix 9 All versions V9.14.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.2, Mendix Applications...

7.5CVSS0.00674EPSS
Exploits0References1
NVD
NVD
•added 2022/06/27 10:15 p.m.•45 views

CVE-2022-31098

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

9CVSS0.01143EPSS
Exploits0References2
NVD
NVD
•added 2022/06/17 8:15 p.m.•45 views

CVE-2022-25856

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the g GitArtifactReader.Read API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory...

7.5CVSS0.01815EPSS
Exploits1References3
NVD
NVD
•added 2022/06/14 9:15 p.m.•45 views

CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

9CVSS0.00846EPSS
Exploits0References1
NVD
NVD
•added 2022/06/14 10:15 a.m.•45 views

CVE-2022-30937

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant All versions, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO varia...

7.8CVSS0.01182EPSS
Exploits0References1
NVD
NVD
•added 2022/06/10 8:15 p.m.•45 views

CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

7.5CVSS0.00966EPSS
Exploits1References1
NVD
NVD
•added 2022/05/24 3:15 p.m.•45 views

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS0.01228EPSS
Exploits0References3
NVD
NVD
•added 2022/05/20 3:15 p.m.•45 views

CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

10CVSS0.01857EPSS
Exploits0References4
NVD
NVD
•added 2022/04/11 8:15 p.m.•45 views

CVE-2022-25790

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution...

7.8CVSS0.01463EPSS
Exploits0References1
NVD
NVD
•added 2022/04/04 8:15 p.m.•45 views

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

7.5CVSS0.00971EPSS
Exploits0References1
NVD
NVD
•added 2022/03/30 1:15 p.m.•45 views

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...

7.4CVSS0.00977EPSS
Exploits1References2
NVD
NVD
•added 2022/03/18 6:15 p.m.•45 views

CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could...

7.8CVSS0.00424EPSS
Exploits0References4
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2021-46378

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download...

7.5CVSS0.31863EPSS
Exploits4References3
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2020-18326

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

8.8CVSS0.02226EPSS
Exploits1References3
NVD
NVD
•added 2022/03/02 8:15 p.m.•45 views

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

9.8CVSS0.01446EPSS
Exploits0References2
NVD
NVD
•added 2022/02/24 3:15 p.m.•45 views

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS0.0322EPSS
Exploits1References1
NVD
NVD
•added 2022/02/23 11:15 p.m.•45 views

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS0.00214EPSS
Exploits0References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
•added 2022/01/26 11:15 a.m.•45 views

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

8.1CVSS0.02033EPSS
Exploits0References1
NVD
NVD
•added 2022/01/21 12:15 a.m.•45 views

CVE-2022-22894

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecmalcachelookup in /jerry-core/ecma/base/ecma-lcache.c...

7.8CVSS0.00748EPSS
Exploits1References1
NVD
NVD
•added 2022/01/13 10:15 p.m.•45 views

CVE-2021-34997

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS0.04248EPSS
Exploits0References1
NVD
NVD
•added 2022/01/10 9:15 p.m.•45 views

CVE-2022-21670

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...

5.3CVSS0.02152EPSS
Exploits1References2
NVD
NVD
•added 2022/01/06 9:15 a.m.•45 views

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...

6.1CVSS0.02327EPSS
Exploits0References1
NVD
NVD
•added 2022/01/04 8:15 p.m.•45 views

CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...

10CVSS0.01197EPSS
Exploits0References2
NVD
NVD
•added 2022/01/03 10:15 p.m.•45 views

CVE-2021-37098

Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash...

7.5CVSS0.00655EPSS
Exploits0References1
NVD
NVD
•added 2021/12/23 9:15 a.m.•45 views

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

9.8CVSS0.05087EPSS
Exploits0References2
NVD
NVD
•added 2021/12/15 7:15 p.m.•45 views

CVE-2021-0971

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

6.5CVSS0.00649EPSS
Exploits0References1
NVD
NVD
•added 2021/11/29 8:15 a.m.•45 views

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS0.53008EPSS
Exploits3References2
NVD
NVD
•added 2021/11/24 7:15 p.m.•45 views

CVE-2021-43778

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the front/send.php file...

9.1CVSS0.52658EPSS
Exploits2References5
NVD
NVD
•added 2021/11/22 9:15 a.m.•45 views

CVE-2021-43582

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the...

7.8CVSS0.01339EPSS
Exploits0References2
NVD
NVD
•added 2021/11/10 1:19 a.m.•45 views

CVE-2021-42300

Azure Sphere Tampering Vulnerability...

6.7CVSS0.00547EPSS
Exploits0References1
NVD
NVD
•added 2021/10/04 12:15 p.m.•45 views

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

6.1CVSS0.09912EPSS
Exploits4References3
NVD
NVD
•added 2021/10/04 10:15 a.m.•45 views

CVE-2021-22557

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

7.8CVSS0.0158EPSS
Exploits4References2
NVD
NVD
•added 2021/09/22 3:15 p.m.•45 views

CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.5CVSS0.48417EPSS
Exploits4References4
NVD
NVD
•added 2021/09/14 12:15 p.m.•45 views

CVE-2021-33685

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data...

6.5CVSS0.00996EPSS
Exploits0References2
NVD
NVD
•added 2021/09/14 11:15 a.m.•45 views

CVE-2021-27391

A vulnerability has been identified in APOGEE MBC PPC P2 Ethernet All versions = V2.6.3, APOGEE MEC PPC P2 Ethernet All versions = V2.6.3, APOGEE PXC Compact BACnet All versions = V2.8, APOGEE PXC Modular BACnet All versions = V2.8, TALON TC Compact BACnet All versions V3.5.3, TALON TC Modular...

10CVSS0.03262EPSS
Exploits0References1
NVD
NVD
•added 2021/09/01 8:15 p.m.•45 views

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

9.1CVSS0.00594EPSS
Exploits0References2
Total number of security vulnerabilities5000