Lucene search
K
NvdMost viewed

364488 matches found

NVD
NVD
added 2025/05/07 8:15 a.m.44 views

CVE-2025-0669

Cross-Site Request Forgery CSRF vulnerability in BOINC Server allows Cross Site Request Forgery.This issue affects BOINC Server: before 1.4.3...

8.8CVSS0.00204EPSS
Exploits1References1
NVD
NVD
added 2025/05/04 12:15 a.m.44 views

CVE-2025-47245

In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...

8.1CVSS0.0042EPSS
Exploits0References3
NVD
NVD
added 2025/05/02 6:15 a.m.44 views

CVE-2025-3488

The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmllanguageswitcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00247EPSS
Exploits0References3
NVD
NVD
added 2025/05/01 2:15 p.m.44 views

CVE-2025-23254

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering...

8.8CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2025/04/29 8:15 p.m.44 views

CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

9.4CVSS0.00976EPSS
Exploits0References4
NVD
NVD
added 2025/04/28 6:15 a.m.44 views

CVE-2024-9771

The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00219EPSS
Exploits1References1
NVD
NVD
added 2025/04/25 1:15 a.m.44 views

CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS0.23628EPSS
Exploits0References3
NVD
NVD
added 2025/04/22 4:15 p.m.44 views

CVE-2025-28030

TOTOLINK A810R V4.1.2cu.5182B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function...

8.8CVSS0.00375EPSS
Exploits1References1
NVD
NVD
added 2025/04/22 10:15 a.m.44 views

CVE-2025-46227

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brecht Custom Related Posts custom-related-posts allows Stored XSS.This issue affects Custom Related Posts: from n/a through = 1.7.4...

6.5CVSS0.00173EPSS
Exploits0References1
NVD
NVD
added 2025/04/20 1:15 p.m.44 views

CVE-2025-3826

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsuppliername/txtaddress leads to cross site scripting. It is possible ...

4.8CVSS0.00324EPSS
Exploits1References4
NVD
NVD
added 2025/04/19 9:15 p.m.44 views

CVE-2025-3820

A vulnerability was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644 and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched...

9CVSS0.08143EPSS
Exploits1References5
NVD
NVD
added 2025/04/17 6:15 a.m.44 views

CVE-2025-1525

The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00239EPSS
Exploits1References1
NVD
NVD
added 2025/04/13 6:15 a.m.44 views

CVE-2025-3532

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The...

6.1CVSS0.00403EPSS
Exploits1References4
NVD
NVD
added 2025/04/11 11:15 a.m.44 views

CVE-2025-23387

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9....

5.3CVSS0.00508EPSS
Exploits0References2
NVD
NVD
added 2025/04/04 5:15 a.m.44 views

CVE-2025-3194

Versions of the package bigint-buffer from 0.0.0 are vulnerable to Buffer Overflow in the toBigIntLE function. Attackers can exploit this to crash the application...

8.7CVSS0.00565EPSS
Exploits0References3
NVD
NVD
added 2025/03/28 2:15 p.m.44 views

CVE-2025-2877

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

6.5CVSS0.00379EPSS
Exploits0References5
NVD
NVD
added 2025/03/24 8:15 p.m.44 views

CVE-2025-2231

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visi...

7.8CVSS0.0027EPSS
Exploits0References2
NVD
NVD
added 2025/03/23 12:15 p.m.44 views

CVE-2025-2649

A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploi...

9.8CVSS0.00467EPSS
Exploits1References5
NVD
NVD
added 2025/03/17 6:15 p.m.44 views

CVE-2025-26125

An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges...

7.3CVSS0.00476EPSS
Exploits0References3
NVD
NVD
added 2025/03/17 3:15 p.m.44 views

CVE-2025-26127

A stored cross-site scripting XSS vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5CVSS0.00213EPSS
Exploits0References2
NVD
NVD
added 2025/02/16 1:15 a.m.44 views

CVE-2025-1332

A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

4.8CVSS0.00336EPSS
Exploits1References3
NVD
NVD
added 2025/02/14 5:15 p.m.44 views

CVE-2025-25990

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component...

6.1CVSS0.0026EPSS
Exploits1References1
NVD
NVD
added 2025/02/13 7:15 a.m.44 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS0.02104EPSS
Exploits1References2
NVD
NVD
added 2025/02/12 7:15 p.m.44 views

CVE-2025-25201

Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the...

4CVSS0.00133EPSS
Exploits0References3
NVD
NVD
added 2025/02/06 8:15 a.m.44 views

CVE-2025-20094

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege...

8.8CVSS0.0015EPSS
Exploits0References2
NVD
NVD
added 2025/02/04 8:15 p.m.44 views

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS0.00604EPSS
Exploits1References1
NVD
NVD
added 2025/02/04 7:15 p.m.44 views

CVE-2025-25039

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager CPPM allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on...

8.8CVSS0.00623EPSS
Exploits0References1
NVD
NVD
added 2025/02/04 8:15 a.m.44 views

CVE-2025-20891

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability...

5.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2025/01/23 6:15 p.m.44 views

CVE-2025-22153

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

7.9CVSS0.00388EPSS
Exploits0References2
NVD
NVD
added 2025/01/22 3:15 p.m.44 views

CVE-2025-23942

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through = 2.1.6...

9.1CVSS0.02622EPSS
Exploits1References1
NVD
NVD
added 2025/01/22 8:15 a.m.44 views

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.8CVSS0.00309EPSS
Exploits0References2
NVD
NVD
added 2025/01/10 4:15 p.m.44 views

CVE-2025-22596

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the modulosvisiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in...

6.5CVSS0.00295EPSS
Exploits1References1
NVD
NVD
added 2025/01/06 6:15 a.m.44 views

CVE-2024-11849

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS0.00311EPSS
Exploits1References1
NVD
NVD
added 2024/12/31 5:15 p.m.44 views

CVE-2024-55955

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...

7.3CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2024/12/27 10:15 p.m.44 views

CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

4.8CVSS0.00264EPSS
Exploits1References1
NVD
NVD
added 2024/12/26 3:15 p.m.44 views

CVE-2024-12955

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been...

6.9CVSS0.00778EPSS
Exploits2References4
NVD
NVD
added 2024/12/17 6:15 p.m.44 views

CVE-2024-42194

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 4:15 a.m.44 views

CVE-2024-11430

The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvnschart2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

6.5CVSS0.00531EPSS
Exploits0References3
NVD
NVD
added 2024/11/29 6:15 p.m.44 views

CVE-2024-49360

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user UserA with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders C:\Sandbox\UserB\xxx. An authenticated attack...

9.2CVSS0.00493EPSS
Exploits1References1
NVD
NVD
added 2024/11/28 5:15 p.m.44 views

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

9.8CVSS0.02322EPSS
Exploits0References3
NVD
NVD
added 2024/11/20 2:15 p.m.44 views

CVE-2024-52597

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...

6.1CVSS0.00363EPSS
Exploits1References2
NVD
NVD
added 2024/11/19 10:15 p.m.44 views

CVE-2024-52392

Cross-Site Request Forgery CSRF vulnerability in w3speedster W3SPEEDSTER w3speedster-wp.This issue affects W3SPEEDSTER: from n/a through = 7.25...

6.5CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 2024/11/18 6:15 a.m.44 views

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

6.2CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2024/11/15 10:15 p.m.44 views

CVE-2024-9500

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management...

7.8CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 4:15 p.m.44 views

CVE-2022-20685

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit th...

7.5CVSS0.01386EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 4:15 p.m.44 views

CVE-2024-50971

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the mapid parameter...

7.2CVSS0.00732EPSS
Exploits0References2
NVD
NVD
added 2024/11/12 3:15 p.m.44 views

CVE-2024-11127

A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploi...

8.8CVSS0.00484EPSS
Exploits1References5
NVD
NVD
added 2024/11/08 11:15 p.m.44 views

CVE-2024-52004

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

8.7CVSS0.00679EPSS
Exploits0References2
NVD
NVD
added 2024/11/07 10:15 a.m.44 views

CVE-2024-50161

In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining infocnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining infocnt. The following splat will be reported when the value of ret nele...

5.5CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2024/11/06 7:15 a.m.44 views

CVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

9.9CVSS0.00944EPSS
Exploits0References3
Total number of security vulnerabilities5000