Lucene search
K
NvdMost viewed

363954 matches found

NVD
NVD
added 2025/04/20 1:15 p.m.44 views

CVE-2025-3826

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsuppliername/txtaddress leads to cross site scripting. It is possible ...

4.8CVSS0.00324EPSS
Exploits1References4
NVD
NVD
added 2025/04/19 9:15 p.m.44 views

CVE-2025-3820

A vulnerability was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644 and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched...

9CVSS0.08143EPSS
Exploits1References5
NVD
NVD
added 2025/04/17 6:15 a.m.44 views

CVE-2025-1525

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00219EPSS
Exploits1References1
NVD
NVD
added 2025/04/11 11:15 a.m.44 views

CVE-2025-23387

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9....

5.3CVSS0.00508EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 6:15 p.m.44 views

CVE-2025-21204

Improper link resolution before file access 'link following' in Windows Update Stack allows an authorized attacker to elevate privileges locally...

7.8CVSS0.06422EPSS
Exploits1References3
NVD
NVD
added 2025/04/04 5:15 a.m.44 views

CVE-2025-3194

Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE function. Attackers can exploit this to crash the application...

8.7CVSS0.00565EPSS
Exploits0References3
NVD
NVD
added 2025/03/28 2:15 p.m.44 views

CVE-2025-2877

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

6.5CVSS0.00379EPSS
Exploits0References5
NVD
NVD
added 2025/03/24 8:15 p.m.44 views

CVE-2025-2231

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visi...

7.8CVSS0.0027EPSS
Exploits0References2
NVD
NVD
added 2025/03/23 12:15 p.m.44 views

CVE-2025-2649

A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploi...

9.8CVSS0.00467EPSS
Exploits1References5
NVD
NVD
added 2025/03/17 6:15 p.m.44 views

CVE-2025-26125

An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges...

7.3CVSS0.00476EPSS
Exploits0References3
NVD
NVD
added 2025/03/17 3:15 p.m.44 views

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2025/03/14 8:15 a.m.44 views

CVE-2025-1526

The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget countdown feature in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.0024EPSS
Exploits0References3
NVD
NVD
added 2025/03/05 7:15 p.m.44 views

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

9.8CVSS0.00685EPSS
Exploits1References2
NVD
NVD
added 2025/02/16 1:15 a.m.44 views

CVE-2025-1332

A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

4.8CVSS0.00336EPSS
Exploits1References3
NVD
NVD
added 2025/02/14 5:15 p.m.44 views

CVE-2025-25990

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component...

6.1CVSS0.0026EPSS
Exploits1References1
NVD
NVD
added 2025/02/13 7:15 a.m.44 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS0.02104EPSS
Exploits1References2
NVD
NVD
added 2025/02/12 7:15 p.m.44 views

CVE-2025-25201

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

4CVSS0.00133EPSS
Exploits0References3
NVD
NVD
added 2025/02/06 8:15 a.m.44 views

CVE-2025-20094

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege...

8.8CVSS0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/02/04 7:15 p.m.44 views

CVE-2025-25039

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager CPPM allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on...

8.8CVSS0.00623EPSS
Exploits0References1
NVD
NVD
added 2025/01/28 12:15 a.m.44 views

CVE-2022-31749

An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM...

6.5CVSS0.01242EPSS
Exploits2References2
NVD
NVD
added 2025/01/23 6:15 p.m.44 views

CVE-2025-22153

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

7.9CVSS0.00388EPSS
Exploits0References2
NVD
NVD
added 2025/01/10 5:15 p.m.44 views

CVE-2024-57212

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the actionreboot function...

5.1CVSS0.0074EPSS
Exploits1References1
NVD
NVD
added 2025/01/10 4:15 p.m.44 views

CVE-2025-22596

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the modulosvisiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in...

6.5CVSS0.00295EPSS
Exploits1References1
NVD
NVD
added 2025/01/06 6:15 a.m.44 views

CVE-2024-11849

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS0.00306EPSS
Exploits1References1
NVD
NVD
added 2024/12/31 5:15 p.m.44 views

CVE-2024-55955

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...

7.3CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2024/12/27 10:15 p.m.44 views

CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

4.8CVSS0.00264EPSS
Exploits1References1
NVD
NVD
added 2024/12/26 3:15 p.m.44 views

CVE-2024-12955

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been...

6.9CVSS0.00778EPSS
Exploits2References4
NVD
NVD
added 2024/12/18 11:15 p.m.44 views

CVE-2024-41138

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject...

9.8CVSS0.00881EPSS
Exploits1References2
NVD
NVD
added 2024/12/17 6:15 p.m.44 views

CVE-2024-42194

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 4:15 a.m.44 views

CVE-2024-11430

The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvnschart2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

6.5CVSS0.00531EPSS
Exploits0References3
NVD
NVD
added 2024/11/28 5:15 p.m.44 views

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

9.8CVSS0.02322EPSS
Exploits0References3
NVD
NVD
added 2024/11/20 2:15 p.m.44 views

CVE-2024-52597

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...

6.1CVSS0.00363EPSS
Exploits1References2
NVD
NVD
added 2024/11/19 10:15 p.m.44 views

CVE-2024-52392

Cross-Site Request Forgery CSRF vulnerability in w3speedster W3SPEEDSTER w3speedster-wp.This issue affects W3SPEEDSTER: from n/a through = 7.25...

6.5CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.44 views

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

6.2CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2024/11/15 4:15 p.m.44 views

CVE-2022-20685

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

7.5CVSS0.01386EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 4:15 p.m.44 views

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

7.2CVSS0.00732EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 3:15 p.m.44 views

CVE-2024-11127

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

8.8CVSS0.00484EPSS
Exploits1References5
NVD
NVD
added 2024/11/07 10:15 a.m.44 views

CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining infocnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining infocnt. The following splat will be reported when the value of ret nele...

5.5CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2024/11/06 7:15 a.m.44 views

CVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

9.9CVSS0.00944EPSS
Exploits0References3
NVD
NVD
added 2024/10/27 9:15 p.m.44 views

CVE-2024-10429

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

8.6CVSS0.17215EPSS
Exploits1References4
NVD
NVD
added 2024/10/24 3:15 p.m.44 views

CVE-2024-45031

When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Syncope Enduser whe...

6.1CVSS0.0061EPSS
Exploits0References2
NVD
NVD
added 2024/10/22 7:15 p.m.44 views

CVE-2024-45335

Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection...

8.4CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2024/10/22 4:15 p.m.44 views

CVE-2024-48929

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...

4.2CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2024/10/10 10:15 p.m.44 views

CVE-2024-47164

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the bypass of directory traversal checks within the isinorequal function. This function, intended to check if a file resides within a given directory, can be bypassed with certain payloads that...

6.5CVSS0.00687EPSS
Exploits0References1
NVD
NVD
added 2024/10/08 7:15 a.m.44 views

CVE-2024-7206

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

7CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 12:15 p.m.44 views

CVE-2024-9405

An incorrect limitation of a path to a restricted directory path traversal has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the...

5.3CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/09/25 1:15 a.m.44 views

CVE-2024-8878

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...

10CVSS0.01265EPSS
Exploits2References2
NVD
NVD
added 2024/09/19 11:15 p.m.44 views

CVE-2023-27584

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS0.33618EPSS
Exploits1References2
NVD
NVD
added 2024/09/18 6:15 p.m.44 views

CVE-2024-46989

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...

5.3CVSS0.0029EPSS
Exploits0References2
NVD
NVD
added 2024/09/17 9:15 p.m.44 views

CVE-2024-45816

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

6.5CVSS0.00728EPSS
Exploits0References1
Total number of security vulnerabilities5000