Lucene search
K
NvdMost viewed

363836 matches found

NVD
NVD
•added 2026/05/06 12:16 p.m.•44 views

CVE-2026-43198

In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcpv6synrecvsock Code in tcpv6synrecvsock after the call to tcpv4synrecvsock is done too late. After tcpv4synrecvsock, the child socket is already visible from TCP ehash table and other cpus might use i...

9.8CVSS0.00287EPSS
Exploits0References19
NVD
NVD
•added 2026/05/05 1:16 p.m.•44 views

CVE-2026-7832

A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that...

7.3CVSS0.00131EPSS
Exploits0References4
NVD
NVD
•added 2026/05/04 7:16 a.m.•44 views

CVE-2026-43860

mutt before 2.3.2 sometimes truncates the hashpasswd by one byte for IMAP authcram MD5 digest...

3.7CVSS0.00162EPSS
Exploits0References1
NVD
NVD
•added 2026/05/02 12:16 p.m.•44 views

CVE-2026-4790

The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customsvg' parameter in versions up to, and including, 4.11.70 due to insufficient input sanitization and output escaping. This makes it possible fo...

5.4CVSS0.00194EPSS
Exploits0References2
NVD
NVD
•added 2026/04/17 7:16 a.m.•44 views

CVE-2026-6441

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

4.3CVSS0.00282EPSS
Exploits0References7
NVD
NVD
•added 2026/04/08 9:16 a.m.•44 views

CVE-2026-1396

The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magic-conversation' shortcode in all versions up to, and including, 3.0.97 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00236EPSS
Exploits0References4
NVD
NVD
•added 2025/11/13 7:15 p.m.•44 views

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

5.4CVSS0.01321EPSS
Exploits1References3
NVD
NVD
•added 2025/10/17 6:15 p.m.•44 views

CVE-2025-62419

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

8.2CVSS0.00393EPSS
Exploits0References2
NVD
NVD
•added 2025/09/22 8:15 a.m.•44 views

CVE-2025-5962

A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can view, delete, or...

7.7CVSS0.00215EPSS
Exploits0References4
NVD
NVD
•added 2025/09/10 7:15 a.m.•44 views

CVE-2025-9979

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...

4.3CVSS0.0023EPSS
Exploits0References4
NVD
NVD
•added 2025/08/20 2:15 p.m.•44 views

CVE-2025-54923

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization...

8.7CVSS0.00618EPSS
Exploits0References1
NVD
NVD
•added 2025/08/11 7:15 p.m.•44 views

CVE-2025-53910

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS0.00183EPSS
Exploits0References1
NVD
NVD
•added 2025/08/08 4:15 p.m.•44 views

CVE-2025-8731

A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

10CVSS0.00585EPSS
Exploits0References4
NVD
NVD
•added 2025/07/23 3:15 a.m.•44 views

CVE-2025-6215

The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public permissioncallback always returns true and invokes wpcreateuser unconditionally, ignoring the site’s...

5.3CVSS0.00264EPSS
Exploits0References2
NVD
NVD
•added 2025/06/03 10:15 a.m.•44 views

CVE-2024-54189

A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 build 55740. When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary fil...

7.8CVSS0.00277EPSS
Exploits1References2
NVD
NVD
•added 2025/06/02 4:15 p.m.•44 views

CVE-2024-40112

A Local File Inclusion LFI vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information...

5.9CVSS0.00439EPSS
Exploits1References2
NVD
NVD
•added 2025/05/13 4:15 p.m.•44 views

CVE-2025-30207

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

7.5CVSS0.00475EPSS
Exploits0References4
NVD
NVD
•added 2025/05/07 8:15 a.m.•44 views

CVE-2025-0669

Cross-Site Request Forgery CSRF vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3...

8.8CVSS0.00204EPSS
Exploits1References1
NVD
NVD
•added 2025/05/04 12:15 a.m.•44 views

CVE-2025-47245

In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...

8.1CVSS0.0042EPSS
Exploits0References3
NVD
NVD
•added 2025/05/02 6:15 a.m.•44 views

CVE-2025-3488

The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmllanguageswitcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00247EPSS
Exploits0References3
NVD
NVD
•added 2025/05/01 2:15 p.m.•44 views

CVE-2025-23254

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering...

8.8CVSS0.00249EPSS
Exploits0References1
NVD
NVD
•added 2025/04/29 8:15 p.m.•44 views

CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

9.4CVSS0.00976EPSS
Exploits0References4
NVD
NVD
•added 2025/04/28 9:15 a.m.•44 views

CVE-2025-39367

Missing Authorization vulnerability in SeventhQueen Kleo kleo.This issue affects Kleo: from n/a through 5.4.4...

5.3CVSS0.00232EPSS
Exploits0References1
NVD
NVD
•added 2025/04/28 6:15 a.m.•44 views

CVE-2024-9771

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00219EPSS
Exploits1References1
NVD
NVD
•added 2025/04/25 1:15 a.m.•44 views

CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS0.23628EPSS
Exploits0References3
NVD
NVD
•added 2025/04/24 9:15 p.m.•44 views

CVE-2025-43861

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the "Review Changes"...

5.4CVSS0.00214EPSS
Exploits1References2
NVD
NVD
•added 2025/04/22 4:15 p.m.•44 views

CVE-2025-28030

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function...

8.8CVSS0.00375EPSS
Exploits1References1
NVD
NVD
•added 2025/04/22 10:15 a.m.•44 views

CVE-2025-46227

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through = 1.7.4...

6.5CVSS0.00173EPSS
Exploits0References1
NVD
NVD
•added 2025/04/20 1:15 p.m.•44 views

CVE-2025-3826

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsuppliername/txtaddress leads to cross site scripting. It is possible ...

4.8CVSS0.00324EPSS
Exploits1References4
NVD
NVD
•added 2025/04/19 9:15 p.m.•44 views

CVE-2025-3820

A vulnerability was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644 and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched...

9CVSS0.08143EPSS
Exploits1References5
NVD
NVD
•added 2025/04/17 6:15 a.m.•44 views

CVE-2025-1525

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00219EPSS
Exploits1References1
NVD
NVD
•added 2025/04/11 11:15 a.m.•44 views

CVE-2025-23387

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9....

5.3CVSS0.00508EPSS
Exploits0References2
NVD
NVD
•added 2025/04/08 6:15 p.m.•44 views

CVE-2025-21204

Improper link resolution before file access 'link following' in Windows Update Stack allows an authorized attacker to elevate privileges locally...

7.8CVSS0.06422EPSS
Exploits1References3
NVD
NVD
•added 2025/04/04 5:15 a.m.•44 views

CVE-2025-3194

Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE function. Attackers can exploit this to crash the application...

8.7CVSS0.00565EPSS
Exploits0References3
NVD
NVD
•added 2025/03/28 2:15 p.m.•44 views

CVE-2025-2877

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

6.5CVSS0.00379EPSS
Exploits0References5
NVD
NVD
•added 2025/03/24 8:15 p.m.•44 views

CVE-2025-2231

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visi...

7.8CVSS0.0027EPSS
Exploits0References2
NVD
NVD
•added 2025/03/23 12:15 p.m.•44 views

CVE-2025-2649

A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploi...

9.8CVSS0.00467EPSS
Exploits1References5
NVD
NVD
•added 2025/03/17 6:15 p.m.•44 views

CVE-2025-26125

An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges...

7.3CVSS0.00476EPSS
Exploits0References3
NVD
NVD
•added 2025/03/17 3:15 p.m.•44 views

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5CVSS0.00213EPSS
Exploits0References2
NVD
NVD
•added 2025/03/14 8:15 a.m.•44 views

CVE-2025-1526

The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget countdown feature in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.0024EPSS
Exploits0References3
NVD
NVD
•added 2025/03/05 7:15 p.m.•44 views

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

9.8CVSS0.00685EPSS
Exploits1References2
NVD
NVD
•added 2025/02/16 1:15 a.m.•44 views

CVE-2025-1332

A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

4.8CVSS0.00336EPSS
Exploits1References3
NVD
NVD
•added 2025/02/14 5:15 p.m.•44 views

CVE-2025-25990

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component...

6.1CVSS0.0026EPSS
Exploits1References1
NVD
NVD
•added 2025/02/13 7:15 a.m.•44 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS0.02104EPSS
Exploits1References2
NVD
NVD
•added 2025/02/12 7:15 p.m.•44 views

CVE-2025-25201

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

4CVSS0.00133EPSS
Exploits0References3
NVD
NVD
•added 2025/02/06 8:15 a.m.•44 views

CVE-2025-20094

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege...

8.8CVSS0.0015EPSS
Exploits0References2
NVD
NVD
•added 2025/01/10 5:15 p.m.•44 views

CVE-2024-57212

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the actionreboot function...

5.1CVSS0.0074EPSS
Exploits1References1
NVD
NVD
•added 2025/01/10 4:15 p.m.•44 views

CVE-2025-22596

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the modulosvisiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in...

6.5CVSS0.00295EPSS
Exploits1References1
NVD
NVD
•added 2025/01/06 6:15 a.m.•44 views

CVE-2024-11849

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS0.00306EPSS
Exploits1References1
NVD
NVD
•added 2024/12/31 5:15 p.m.•44 views

CVE-2024-55955

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...

7.3CVSS0.00133EPSS
Exploits0References1
Total number of security vulnerabilities5000