Lucene search
K
NvdMost viewed

364673 matches found

NVD
NVD
•added 2022/06/10 8:15 p.m.•45 views

CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

7.5CVSS0.00966EPSS
Exploits1References1
NVD
NVD
•added 2022/06/02 7:15 p.m.•45 views

CVE-2022-31024

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...

6.5CVSS0.00572EPSS
Exploits0References3
NVD
NVD
•added 2022/05/25 9:15 p.m.•45 views

CVE-2022-29252

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions...

7.4CVSS0.00921EPSS
Exploits0References3
NVD
NVD
•added 2022/05/24 3:15 p.m.•45 views

CVE-2022-29219

Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Because the developers represent uint64 values as native javascript...

7.5CVSS0.01228EPSS
Exploits0References3
NVD
NVD
•added 2022/05/20 3:15 p.m.•45 views

CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

10CVSS0.01857EPSS
Exploits0References4
NVD
NVD
•added 2022/04/11 8:15 p.m.•45 views

CVE-2022-25790

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution...

7.8CVSS0.01463EPSS
Exploits0References1
NVD
NVD
•added 2022/04/04 8:15 p.m.•45 views

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

7.5CVSS0.00971EPSS
Exploits0References1
NVD
NVD
•added 2022/03/30 1:15 p.m.•45 views

CVE-2022-1155

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10...

7.4CVSS0.00977EPSS
Exploits1References2
NVD
NVD
•added 2022/03/29 7:15 a.m.•45 views

CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

9.1CVSS0.00777EPSS
Exploits1References1
NVD
NVD
•added 2022/03/18 6:15 p.m.•45 views

CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could...

7.8CVSS0.00424EPSS
Exploits0References4
NVD
NVD
•added 2022/03/11 6:15 p.m.•45 views

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

6.5CVSS0.00508EPSS
Exploits0References7
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2021-46378

DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download...

7.5CVSS0.31863EPSS
Exploits4References3
NVD
NVD
•added 2022/03/04 3:15 p.m.•45 views

CVE-2020-18326

Cross Site Request Forgery CSRF vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user...

8.8CVSS0.0219EPSS
Exploits2References1
NVD
NVD
•added 2022/03/02 8:15 p.m.•45 views

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

9.8CVSS0.01446EPSS
Exploits0References2
NVD
NVD
•added 2022/02/24 3:15 p.m.•45 views

CVE-2022-25079

TOTOLink A810R V4.1.2cu.5182B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS0.0322EPSS
Exploits1References1
NVD
NVD
•added 2022/02/11 6:15 p.m.•45 views

CVE-2021-31932

Nokia BTS TRS web console FTMW20FP22019.08.160010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . dot character...

9.8CVSS0.21639EPSS
Exploits3References1
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
•added 2022/02/04 11:15 p.m.•45 views

CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
•added 2022/02/03 12:15 p.m.•45 views

CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS0.00845EPSS
Exploits1References4
NVD
NVD
•added 2022/01/26 11:15 a.m.•45 views

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

8.1CVSS0.02033EPSS
Exploits0References1
NVD
NVD
•added 2022/01/13 10:15 p.m.•45 views

CVE-2021-34997

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8.8CVSS0.04248EPSS
Exploits0References1
NVD
NVD
•added 2022/01/06 9:15 a.m.•45 views

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...

6.1CVSS0.02327EPSS
Exploits0References1
NVD
NVD
•added 2022/01/04 8:15 p.m.•45 views

CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to...

10CVSS0.01197EPSS
Exploits0References2
NVD
NVD
•added 2022/01/03 10:15 p.m.•45 views

CVE-2021-37098

Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash...

7.5CVSS0.00655EPSS
Exploits0References1
NVD
NVD
•added 2021/12/23 9:15 a.m.•45 views

CVE-2021-44548

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB...

9.8CVSS0.05087EPSS
Exploits0References2
NVD
NVD
•added 2021/12/15 7:15 p.m.•45 views

CVE-2021-0971

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

6.5CVSS0.00649EPSS
Exploits0References1
NVD
NVD
•added 2021/11/29 8:15 a.m.•45 views

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS0.53008EPSS
Exploits3References2
NVD
NVD
•added 2021/11/24 7:15 p.m.•45 views

CVE-2021-43778

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the front/send.php file...

9.1CVSS0.52658EPSS
Exploits2References5
NVD
NVD
•added 2021/11/12 11:15 a.m.•45 views

CVE-2021-21699

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS0.88476EPSS
Exploits0References2
NVD
NVD
•added 2021/11/10 1:19 a.m.•45 views

CVE-2021-42300

Azure Sphere Tampering Vulnerability...

6.7CVSS0.00547EPSS
Exploits0References1
NVD
NVD
•added 2021/10/13 3:15 p.m.•45 views

CVE-2021-39304

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass...

7.5CVSS0.00981EPSS
Exploits0References2
NVD
NVD
•added 2021/10/04 12:15 p.m.•45 views

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

6.1CVSS0.09912EPSS
Exploits4References3
NVD
NVD
•added 2021/10/04 10:15 a.m.•45 views

CVE-2021-22557

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

7.8CVSS0.0158EPSS
Exploits4References2
NVD
NVD
•added 2021/09/28 8:15 p.m.•45 views

CVE-2021-21570

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information...

6.8CVSS0.00778EPSS
Exploits0References1
NVD
NVD
•added 2021/09/22 3:15 p.m.•45 views

CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.5CVSS0.48417EPSS
Exploits4References4
NVD
NVD
•added 2021/09/14 11:15 p.m.•45 views

CVE-2021-23029

On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery SSRF attacks through F5 Advanced Web Application Firewall WAF and the BIG-IP ASM Configuration utility. Note: Software versions which have...

8.8CVSS0.00875EPSS
Exploits0References1
NVD
NVD
•added 2021/09/14 12:15 p.m.•45 views

CVE-2021-33685

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data...

6.5CVSS0.01029EPSS
Exploits0References2
NVD
NVD
•added 2021/09/14 11:15 a.m.•45 views

CVE-2021-27391

A vulnerability has been identified in APOGEE MBC PPC P2 Ethernet All versions = V2.6.3, APOGEE MEC PPC P2 Ethernet All versions = V2.6.3, APOGEE PXC Compact BACnet All versions = V2.8, APOGEE PXC Modular BACnet All versions = V2.8, TALON TC Compact BACnet All versions V3.5.3, TALON TC Modular...

10CVSS0.03369EPSS
Exploits0References1
NVD
NVD
•added 2021/09/01 8:15 p.m.•45 views

CVE-2021-39185

Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null...

9.1CVSS0.00594EPSS
Exploits0References2
NVD
NVD
•added 2021/08/29 8:15 p.m.•45 views

CVE-2021-40172

Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings...

8.8CVSS0.00994EPSS
Exploits0References1
NVD
NVD
•added 2021/08/08 6:15 a.m.•45 views

CVE-2020-36469

An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally...

5.9CVSS0.00978EPSS
Exploits1References2
NVD
NVD
•added 2021/08/03 12:15 p.m.•45 views

CVE-2021-35265

A reflected cross-site scripting XSS vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page...

6.1CVSS0.03436EPSS
Exploits1References2
NVD
NVD
•added 2021/07/16 11:15 a.m.•45 views

CVE-2021-21819

A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS0.02886EPSS
Exploits2References1
NVD
NVD
•added 2021/07/13 11:15 a.m.•45 views

CVE-2021-34315

A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The BMPloader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files. This could result in an out of bounds read past the end of an...

7.8CVSS0.01574EPSS
Exploits0References2
NVD
NVD
•added 2021/06/17 1:15 p.m.•45 views

CVE-2021-32940

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...

7.1CVSS0.0205EPSS
Exploits0References4
NVD
NVD
•added 2021/06/12 4:15 a.m.•45 views

CVE-2021-32554

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
•added 2021/06/08 5:15 p.m.•45 views

CVE-2021-32673

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue...

9.8CVSS0.01941EPSS
Exploits0References4
NVD
NVD
•added 2021/05/21 11:15 p.m.•45 views

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

10CVSS0.08798EPSS
Exploits2References2
NVD
NVD
•added 2021/05/19 10:15 p.m.•45 views

CVE-2021-29625

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo...

7.5CVSS0.09572EPSS
Exploits1References3
NVD
NVD
•added 2021/05/14 8:15 p.m.•45 views

CVE-2021-29557

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

5.5CVSS0.00189EPSS
Exploits1References2
Total number of security vulnerabilities5000