Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2023/05/19 5:15 a.m.45 views

CVE-2023-1618

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 and prior allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and i...

8.6CVSS8.3AI score0.01132EPSS
Exploits0References3
NVD
NVD
added 2023/05/15 9:15 a.m.45 views

CVE-2023-22318

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5...

7.5CVSS7.5AI score0.00532EPSS
Exploits0References1
NVD
NVD
added 2023/05/12 8:15 a.m.45 views

CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

8.1CVSS7.9AI score0.01093EPSS
Exploits0References1
NVD
NVD
added 2023/05/10 4:15 p.m.45 views

CVE-2022-46378

An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs wh...

7.5CVSS6.7AI score0.01419EPSS
Exploits1References3
NVD
NVD
added 2023/05/10 2:15 p.m.45 views

CVE-2022-38087

Exposure of resource to wrong sphere in BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access...

5.5CVSS4.7AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2023/05/09 10:15 a.m.45 views

CVE-2023-23793

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Eightweb Interactive Read More Without Refresh plugin = 3.1 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/05/08 3:15 p.m.45 views

CVE-2023-22788

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

8.8CVSS8.4AI score0.01704EPSS
Exploits0References1
NVD
NVD
added 2023/05/04 10:15 p.m.45 views

CVE-2023-30093

A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...

6.1CVSS5.9AI score0.00486EPSS
Exploits1References2
NVD
NVD
added 2023/05/03 12:16 p.m.45 views

CVE-2023-25796

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Include WP BaiDu Submit plugin = 1.2.1 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/12 9:15 p.m.45 views

CVE-2023-24545

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine Sfe can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually st...

7.5CVSS7.4AI score0.00775EPSS
Exploits1References1
NVD
NVD
added 2023/04/11 7:15 p.m.45 views

CVE-2023-1986

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function deleteorder of the file /classes/master.php?f=deleteorder. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

7.2CVSS6.9AI score0.00767EPSS
Exploits1References3
NVD
NVD
added 2023/04/05 10:15 p.m.45 views

CVE-2022-31890

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function...

9.8CVSS9.9AI score0.01503EPSS
Exploits1References2
NVD
NVD
added 2023/03/28 7:15 p.m.45 views

CVE-2022-24674

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of...

8.8CVSS8.9AI score0.0112EPSS
Exploits0References2
NVD
NVD
added 2023/03/27 10:15 p.m.45 views

CVE-2023-0326

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence...

5CVSS4.9AI score0.00802EPSS
Exploits1References3
NVD
NVD
added 2023/03/21 5:15 a.m.45 views

CVE-2023-1542

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

8.1CVSS5.9AI score0.0075EPSS
Exploits1References2
NVD
NVD
added 2023/03/20 9:15 p.m.45 views

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS9AI score0.14039EPSS
Exploits1References2
NVD
NVD
added 2023/03/18 10:15 p.m.45 views

CVE-2023-1489

A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The...

7.8CVSS7.7AI score0.00527EPSS
Exploits1References4
NVD
NVD
added 2023/03/18 9:15 p.m.45 views

CVE-2023-1487

A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects the function 0x9C40208C/0x9C402000/0x9C402084/0x9C402088/0x9C402004/0x9C4060C4/0x9C4060CC/0x9C4060D0/0x9C4060D4/0x9C40A0DC/0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 ...

5.5CVSS5.4AI score0.00348EPSS
Exploits1References4
NVD
NVD
added 2023/03/07 4:15 p.m.45 views

CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

7.5CVSS8.5AI score0.02134EPSS
Exploits0References3
NVD
NVD
added 2023/03/05 10:15 p.m.45 views

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

7.8CVSS7.8AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2023/02/21 9:15 a.m.45 views

CVE-2022-4385

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

4.3CVSS4.6AI score0.00486EPSS
Exploits2References1
NVD
NVD
added 2023/02/09 7:15 p.m.45 views

CVE-2023-21451

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S12 allows attacker to cause memory corruptions...

7.8CVSS6.7AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2023/02/07 1:15 p.m.45 views

CVE-2022-43758

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...

7.6CVSS7.7AI score0.00981EPSS
Exploits0References1
NVD
NVD
added 2023/02/03 6:15 p.m.45 views

CVE-2021-36538

Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...

5.4CVSS5.2AI score0.00551EPSS
Exploits1References1
NVD
NVD
added 2023/01/28 12:15 a.m.45 views

CVE-2023-23617

OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds...

7.5CVSS5.9AI score0.00986EPSS
Exploits0References4
NVD
NVD
added 2023/01/26 9:15 p.m.45 views

CVE-2022-25894

All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...

9.8CVSS9.8AI score0.02575EPSS
Exploits1References3
NVD
NVD
added 2023/01/17 10:15 p.m.45 views

CVE-2023-22731

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...

9.9CVSS9.3AI score0.01333EPSS
Exploits0References3
NVD
NVD
added 2023/01/13 6:15 a.m.45 views

CVE-2022-3782

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

9.1CVSS9.2AI score0.05796EPSS
Exploits0References1
NVD
NVD
added 2023/01/09 2:15 p.m.45 views

CVE-2023-22472

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

8.8CVSS6.2AI score0.00204EPSS
Exploits0References2
NVD
NVD
added 2022/12/27 3:15 p.m.45 views

CVE-2022-4719

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...

9.8CVSS0.00967EPSS
Exploits1References2
NVD
NVD
added 2022/12/22 10:15 a.m.45 views

CVE-2020-36625

A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is...

8.8CVSS0.00343EPSS
Exploits0References3
NVD
NVD
added 2022/12/21 11:15 p.m.45 views

CVE-2022-3184

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory...

9.8CVSS0.11626EPSS
Exploits0References1
NVD
NVD
added 2022/12/12 9:15 a.m.45 views

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...

8.8CVSS0.06099EPSS
Exploits0References1
NVD
NVD
added 2022/12/07 6:15 p.m.45 views

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

8.8CVSS0.00685EPSS
Exploits0References2
NVD
NVD
added 2022/12/06 6:15 p.m.45 views

CVE-2022-23472

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

7.5CVSS0.00791EPSS
Exploits0References3
NVD
NVD
added 2022/12/06 4:15 p.m.45 views

CVE-2022-44289

Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell...

8.8CVSS0.02906EPSS
Exploits1References1
NVD
NVD
added 2022/12/01 12:15 a.m.45 views

CVE-2022-40204

A cross-site scripting XSS vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login...

5.4CVSS0.00341EPSS
Exploits0References1
NVD
NVD
added 2022/11/28 1:15 p.m.45 views

CVE-2022-36193

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

9.8CVSS0.01392EPSS
Exploits1References2
NVD
NVD
added 2022/11/23 9:15 p.m.45 views

CVE-2022-41933

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.5CVSS0.0045EPSS
Exploits0References5
NVD
NVD
added 2022/11/23 8:15 p.m.45 views

CVE-2022-41934

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

9.9CVSS0.01261EPSS
Exploits1References5
NVD
NVD
added 2022/11/17 10:15 p.m.45 views

CVE-2022-44725

OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...

7.8CVSS0.0017EPSS
Exploits0References2
NVD
NVD
added 2022/11/07 4:15 a.m.45 views

CVE-2022-44797

btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking...

9.8CVSS0.01195EPSS
Exploits1References4
NVD
NVD
added 2022/11/02 12:15 p.m.45 views

CVE-2022-38374

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews...

8.8CVSS0.01716EPSS
Exploits1References1
NVD
NVD
added 2022/10/26 7:15 p.m.45 views

CVE-2022-39359

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...

6.5CVSS0.00556EPSS
Exploits0References2
NVD
NVD
added 2022/10/20 2:15 p.m.45 views

CVE-2022-40084

OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid...

5.3CVSS0.00634EPSS
Exploits1References2
NVD
NVD
added 2022/10/19 10:15 p.m.45 views

CVE-2022-41694

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate...

4.9CVSS0.00595EPSS
Exploits0References1
NVD
NVD
added 2022/10/19 6:15 p.m.45 views

CVE-2022-43018

OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the email parameter in the Check Email function...

6.1CVSS0.01333EPSS
Exploits1References2
NVD
NVD
added 2022/10/19 1:15 p.m.45 views

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...

8.8CVSS0.00727EPSS
Exploits0References2
NVD
NVD
added 2022/10/15 2:15 a.m.45 views

CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on t...

9.8CVSS0.02554EPSS
Exploits2References2
NVD
NVD
added 2022/09/16 10:15 p.m.45 views

CVE-2022-35982

TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS0.00423EPSS
Exploits0References2
Total number of security vulnerabilities5000