Lucene search
K
NvdMost viewed

363815 matches found

NVD
NVD
•added 2021/05/14 8:15 p.m.•45 views

CVE-2021-29530

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...

7.8CVSS0.00232EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 12:15 p.m.•45 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS0.4214EPSS
Exploits3References3
NVD
NVD
•added 2021/05/11 8:15 p.m.•45 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of 802.11...

3.5CVSS0.03537EPSS
Exploits2References12
NVD
NVD
•added 2021/05/10 1:15 p.m.•45 views

CVE-2021-22672

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution. The vulnerability may allow an attacker to remotely execute arbitrary code...

7.8CVSS0.09728EPSS
Exploits0References2
NVD
NVD
•added 2021/04/29 9:15 p.m.•45 views

CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...

8.8CVSS0.0124EPSS
Exploits0References4
NVD
NVD
•added 2021/04/29 5:15 p.m.•45 views

CVE-2021-31429

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

8.2CVSS0.00442EPSS
Exploits0References2
NVD
NVD
•added 2021/04/29 5:15 p.m.•45 views

CVE-2021-31418

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

6.5CVSS0.0043EPSS
Exploits0References2
NVD
NVD
•added 2021/04/27 8:15 p.m.•45 views

CVE-2021-30128

Apache OFBiz has unsafe deserialization prior to 17.12.07 version...

10CVSS0.81079EPSS
Exploits2References10
NVD
NVD
•added 2021/04/27 3:15 p.m.•45 views

CVE-2021-28269

Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions...

8.8CVSS0.01866EPSS
Exploits2References3
NVD
NVD
•added 2021/04/14 2:15 p.m.•45 views

CVE-2021-31152

Multilaser Router AC1200 V02.03.01.45pt contains a cross-site request forgery CSRF vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers...

8.8CVSS0.03753EPSS
Exploits5References3
NVD
NVD
•added 2021/04/05 10:15 p.m.•45 views

CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter...

6.1CVSS0.26118EPSS
Exploits2References3
NVD
NVD
•added 2021/03/31 9:15 p.m.•45 views

CVE-2021-22538

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server versions prior to 0.23.1, allows an attacker who 1 has UserWrite permissions and 2 is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their...

8.8CVSS0.00718EPSS
Exploits0References4
NVD
NVD
•added 2021/03/31 6:15 p.m.•45 views

CVE-2021-23007

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel TMM process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

5.3CVSS0.0158EPSS
Exploits1References1
NVD
NVD
•added 2021/03/30 2:15 a.m.•45 views

CVE-2021-25157

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba...

4.9CVSS0.10259EPSS
Exploits3References3
NVD
NVD
•added 2021/03/22 7:15 p.m.•45 views

CVE-2021-22320

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers can exploit this vulnerability by sending malicious messages to an affected module. This can lead to denial of service. Affected product include some versions of IPS...

7.5CVSS0.00727EPSS
Exploits0References1
NVD
NVD
•added 2021/03/11 9:15 p.m.•45 views

CVE-2021-22710

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF Configuration Group File file is imported to IGS...

9.3CVSS0.02EPSS
Exploits0References2
NVD
NVD
•added 2021/03/01 12:15 p.m.•45 views

CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

7CVSS0.56636EPSS
Exploits15References17
NVD
NVD
•added 2021/02/09 9:15 p.m.•45 views

CVE-2020-14343

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

10CVSS0.05984EPSS
Exploits0References5
NVD
NVD
•added 2021/01/01 4:15 a.m.•45 views

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

9.9CVSS9.7AI score0.24937EPSS
Exploits5References4
NVD
NVD
•added 2020/12/12 7:15 p.m.•45 views

CVE-2020-35207

An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate wi...

5.7CVSS5.8AI score0.0047EPSS
Exploits1References2
NVD
NVD
•added 2020/11/24 8:15 p.m.•45 views

CVE-2020-28329

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Versions: 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19...

9.8CVSS7.9AI score0.01543EPSS
Exploits7References1
NVD
NVD
•added 2020/11/23 9:15 p.m.•45 views

CVE-2020-26227

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid typo3/cms-fluid of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions...

6.1CVSS6.5AI score0.00715EPSS
Exploits1References2
NVD
NVD
•added 2020/09/30 6:15 p.m.•45 views

CVE-2020-26043

An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php...

6.1CVSS0.007EPSS
Exploits1References1
NVD
NVD
•added 2020/09/30 6:15 p.m.•45 views

CVE-2020-13794

Harbor 1.9. 1.10. and 2.0. allows Exposure of Sensitive Information to an Unauthorized Actor...

4.3CVSS0.01266EPSS
Exploits1References3
NVD
NVD
•added 2020/09/14 7:15 p.m.•45 views

CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite loop...

7.5CVSS0.0244EPSS
Exploits1References2
NVD
NVD
•added 2020/07/28 6:15 p.m.•45 views

CVE-2020-10924

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

8.8CVSS8.9AI score0.87343EPSS
Exploits2References1
NVD
NVD
•added 2020/07/20 4:15 p.m.•45 views

CVE-2020-12027

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

4.3CVSS4.7AI score0.53024EPSS
Exploits3References3
NVD
NVD
•added 2020/07/14 11:15 p.m.•45 views

CVE-2020-1469

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'...

7.5CVSS0.04844EPSS
Exploits0References1
NVD
NVD
•added 2020/06/16 8:15 p.m.•45 views

CVE-2020-7505

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system...

9CVSS0.00913EPSS
Exploits0References1
NVD
NVD
•added 2020/05/01 4:15 p.m.•45 views

CVE-2020-7351

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

9CVSS8AI score0.65208EPSS
Exploits4References2
NVD
NVD
•added 2020/04/29 2:15 a.m.•45 views

CVE-2020-8481

For ABB products ABB Abilityâ„¢ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody...

10CVSS9.4AI score0.0181EPSS
Exploits0References2
NVD
NVD
•added 2020/04/15 2:15 p.m.•45 views

CVE-2020-2791

Vulnerability in the Oracle Knowledge product of Oracle Knowledge component: Information Manager Console. Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful...

9.8CVSS9.2AI score0.02129EPSS
Exploits0References1
NVD
NVD
•added 2020/04/07 6:15 p.m.•45 views

CVE-2019-13559

GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...

7.8CVSS7.9AI score0.00297EPSS
Exploits0References1
NVD
NVD
•added 2020/03/19 6:15 p.m.•45 views

CVE-2019-16065

A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user...

9CVSS9.2AI score0.0281EPSS
Exploits5References1
NVD
NVD
•added 2020/03/09 4:15 p.m.•45 views

CVE-2020-2134

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies...

8.8CVSS8.6AI score0.01006EPSS
Exploits0References2
NVD
NVD
•added 2020/02/25 4:15 p.m.•45 views

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

7.1CVSS6.7AI score0.00337EPSS
Exploits1References1
NVD
NVD
•added 2020/02/25 2:15 a.m.•45 views

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

8.1CVSS8.2AI score0.04541EPSS
Exploits6References5
NVD
NVD
•added 2020/02/03 3:15 p.m.•45 views

CVE-2013-2621

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL...

6.1CVSS6.2AI score0.10692EPSS
Exploits4References3
NVD
NVD
•added 2020/01/31 4:15 a.m.•45 views

CVE-2019-18913

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP...

7.2CVSS6.8AI score0.00605EPSS
Exploits0References1
NVD
NVD
•added 2020/01/07 5:15 p.m.•45 views

CVE-2019-14854

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged...

6.5CVSS5.3AI score0.00799EPSS
Exploits1References1
NVD
NVD
•added 2019/12/12 2:15 p.m.•45 views

CVE-2019-13927

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...

5.3CVSS5.3AI score0.01675EPSS
Exploits5References1
NVD
NVD
•added 2019/11/15 2:15 p.m.•45 views

CVE-2019-14345

TemaTres 3.0 allows remote unprivileged users to create an administrator account...

9.8CVSS9.4AI score0.02022EPSS
Exploits4References4
NVD
NVD
•added 2019/10/29 7:15 p.m.•45 views

CVE-2019-3979

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's...

7.5CVSS7.7AI score0.00917EPSS
Exploits0References1
NVD
NVD
•added 2019/10/23 1:15 p.m.•45 views

CVE-2019-10462

A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

8.1CVSS8AI score0.007EPSS
Exploits0References2
NVD
NVD
•added 2019/10/17 7:15 p.m.•45 views

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

9.8CVSS9.9AI score0.01462EPSS
Exploits1References4
NVD
NVD
•added 2019/09/16 6:15 p.m.•45 views

CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

5.9CVSS5.9AI score0.01025EPSS
Exploits1References2
NVD
NVD
•added 2019/09/08 11:15 p.m.•45 views

CVE-2019-16117

Cross site scripting XSS in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php...

6.1CVSS5.2AI score0.04609EPSS
Exploits5References4
NVD
NVD
•added 2019/08/27 6:15 p.m.•45 views

CVE-2019-13267

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After i...

8.8CVSS8.7AI score0.00973EPSS
Exploits1References2
NVD
NVD
•added 2019/08/23 1:15 p.m.•45 views

CVE-2019-15485

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...

6.1CVSS6.3AI score0.00861EPSS
Exploits0References2
NVD
NVD
•added 2019/08/13 7:15 p.m.•45 views

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...

7.5CVSS7.3AI score0.00952EPSS
Exploits0References1
Total number of security vulnerabilities5000