Lucene search
K
NvdMost viewed

363949 matches found

NVD
NVD
added 2024/09/10 5:15 p.m.44 views

CVE-2024-38220

Azure Stack Hub Elevation of Privilege Vulnerability...

9CVSS0.00971EPSS
Exploits0References1
NVD
NVD
added 2024/09/07 5:15 p.m.44 views

CVE-2024-42024

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed...

9.1CVSS0.01254EPSS
Exploits0References1
NVD
NVD
added 2024/09/07 4:15 p.m.44 views

CVE-2023-30582

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a...

5.3CVSS0.0058EPSS
Exploits0References2
NVD
NVD
added 2024/09/04 4:15 p.m.44 views

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

8.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/09/04 4:15 p.m.44 views

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS0.00552EPSS
Exploits1References2
NVD
NVD
added 2024/08/29 3:15 p.m.44 views

CVE-2024-43917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2...

9.8CVSS0.21769EPSS
Exploits3References1
NVD
NVD
added 2024/08/29 11:15 a.m.44 views

CVE-2024-7418

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the postqueryguten and postquery functions. This makes it possible for authenticated attackers,...

4.3CVSS0.00495EPSS
Exploits0References4
NVD
NVD
added 2024/08/26 3:15 p.m.44 views

CVE-2024-43966

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1...

7.6CVSS0.00439EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 11:15 a.m.44 views

CVE-2024-44931

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...

5.5CVSS0.00248EPSS
Exploits0References10
NVD
NVD
added 2024/08/24 3:15 a.m.44 views

CVE-2024-2254

The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 4:15 a.m.44 views

CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

7.5CVSS0.00432EPSS
Exploits0References1
NVD
NVD
added 2024/08/15 7:15 p.m.44 views

CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

8.6CVSS0.00601EPSS
Exploits0References10
NVD
NVD
added 2024/08/13 9:15 p.m.44 views

CVE-2024-7742

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is possible to launch...

9.8CVSS0.00824EPSS
Exploits1References4
NVD
NVD
added 2024/08/06 6:15 a.m.44 views

CVE-2024-6203

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users given their email address is known. When these poisoned links get accessed e.g. manually by the victim or automatically by an email client...

8.3CVSS0.00367EPSS
Exploits0References1
NVD
NVD
added 2024/07/27 2:15 a.m.44 views

CVE-2024-4410

The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the /classes/class-idf-wizard.php file. This makes it possible for...

5.4CVSS0.00377EPSS
Exploits0References4
NVD
NVD
added 2024/07/26 9:15 p.m.44 views

CVE-2024-41117

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...

9.8CVSS0.01322EPSS
Exploits1References4
NVD
NVD
added 2024/07/19 5:15 a.m.44 views

CVE-2024-21583

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...

4.1CVSS0.00597EPSS
Exploits0References9
NVD
NVD
added 2024/07/12 2:15 p.m.44 views

CVE-2024-37564

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7...

8.5CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2024/07/12 1:15 p.m.44 views

CVE-2024-36522

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...

9.8CVSS0.02127EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 9:15 p.m.44 views

CVE-2024-31317

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00779EPSS
Exploits12References2
NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38086

Azure Kinect SDK Remote Code Execution Vulnerability...

6.4CVSS0.0061EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38060

Windows Imaging Component Remote Code Execution Vulnerability...

8.8CVSS0.16034EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38048

Windows Network Driver Interface Specification NDIS Denial of Service Vulnerability...

6.5CVSS0.01017EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38023

Microsoft SharePoint Server Remote Code Execution Vulnerability...

7.2CVSS0.5318EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 12:15 p.m.44 views

CVE-2024-33654

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.00173EPSS
Exploits0References1
NVD
NVD
added 2024/07/05 2:15 a.m.44 views

CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

6.5CVSS0.00835EPSS
Exploits0References6
NVD
NVD
added 2024/07/04 11:15 p.m.44 views

CVE-2024-39943

rejetto HFS aka HTTP File Server 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users if they have Upload permissions. This occurs because a shell is used to execute df i.e., with execSync instead of spawnSync in childprocess in Node.js...

9.9CVSS0.48477EPSS
Exploits1References3
NVD
NVD
added 2024/07/04 12:15 p.m.44 views

CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

8.8CVSS0.00295EPSS
Exploits0References4
NVD
NVD
added 2024/07/03 8:15 p.m.44 views

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS0.04602EPSS
Exploits0References3
NVD
NVD
added 2024/07/01 9:15 p.m.44 views

CVE-2024-38368

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

9.3CVSS0.14851EPSS
Exploits0References5
NVD
NVD
added 2024/07/01 7:15 p.m.44 views

CVE-2024-38477

null pointer dereference in modproxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS0.03153EPSS
Exploits0References4
NVD
NVD
added 2024/07/01 4:15 p.m.44 views

CVE-2024-36422

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...

6.1CVSS0.00406EPSS
Exploits1References2
NVD
NVD
added 2024/06/27 6:15 a.m.44 views

CVE-2024-4704

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing...

6.1CVSS0.00449EPSS
Exploits2References1
NVD
NVD
added 2024/06/24 12:15 a.m.44 views

CVE-2024-3121

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

6.8CVSS0.00446EPSS
Exploits2References1
NVD
NVD
added 2024/06/21 8:15 p.m.44 views

CVE-2020-27352

When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...

9.3CVSS0.00256EPSS
Exploits1References3
NVD
NVD
added 2024/06/21 11:15 a.m.44 views

CVE-2024-38626

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FRSENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------ cut here ------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuserequestend+0x685/0x7e0...

5.5CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2024/06/20 5:15 p.m.44 views

CVE-2024-37344

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the sam...

4.5CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2024/06/19 1:15 p.m.44 views

CVE-2023-38386

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25...

9.8CVSS0.00431EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 1:15 p.m.44 views

CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handlefoldersfileupload' function. This makes it possible for authenticated attackers, with author access and above, to uplo...

4.3CVSS0.00673EPSS
Exploits0References3
NVD
NVD
added 2024/06/13 8:15 p.m.44 views

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

7.5CVSS0.00442EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 4:15 p.m.44 views

CVE-2024-23503

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6...

4.3CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 10:15 p.m.44 views

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS0.00552EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 10:15 p.m.44 views

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS0.00354EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 5:16 p.m.44 views

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

5.3CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 6:15 p.m.44 views

CVE-2024-31347

Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0...

4.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 2:15 p.m.44 views

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1...

6.5CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 6:15 p.m.44 views

CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...

8.8CVSS0.00917EPSS
Exploits1References2
NVD
NVD
added 2024/05/31 4:15 p.m.44 views

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

5.4CVSS6AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 7:15 p.m.44 views

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...

5.5CVSS5.5AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/05/24 5:15 p.m.44 views

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

4.3CVSS6.4AI score0.00919EPSS
Exploits1References2
Total number of security vulnerabilities5000