Lucene search
K
NvdMost viewed

364000 matches found

NVD
NVD
added 2024/06/21 11:15 a.m.44 views

CVE-2024-38626

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FRSENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------ cut here ------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuserequestend+0x685/0x7e0...

5.5CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2024/06/20 5:15 p.m.44 views

CVE-2024-37344

There is a cross-site scripting vulnerability in the Policy management UI of Absolute Secure Access prior to version 13.06. Attackers with system administrator permissions can interfere with another system administrator’s use of the policy management UI when the administrators are editing the sam...

4.5CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2024/06/19 1:15 p.m.44 views

CVE-2023-38386

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25...

9.8CVSS0.00431EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 1:15 p.m.44 views

CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handlefoldersfileupload' function. This makes it possible for authenticated attackers, with author access and above, to uplo...

4.3CVSS0.00673EPSS
Exploits0References3
NVD
NVD
added 2024/06/13 8:15 p.m.44 views

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

7.5CVSS0.00442EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 4:15 p.m.44 views

CVE-2024-23503

Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6...

4.3CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 10:15 p.m.44 views

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS0.00552EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 10:15 p.m.44 views

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS0.00354EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 5:16 p.m.44 views

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

5.3CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 6:15 p.m.44 views

CVE-2024-31347

Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0...

4.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 2:15 p.m.44 views

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1...

6.5CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 6:15 p.m.44 views

CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...

8.8CVSS0.00917EPSS
Exploits1References2
NVD
NVD
added 2024/05/31 4:15 p.m.44 views

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

5.4CVSS6AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 7:15 p.m.44 views

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...

5.5CVSS5.5AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/05/24 5:15 p.m.44 views

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

4.3CVSS6.4AI score0.00919EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 4:15 p.m.44 views

CVE-2024-0762

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ fo...

7.8CVSS7.8AI score0.00758EPSS
Exploits2References4
NVD
NVD
added 2024/05/14 3:38 p.m.44 views

CVE-2024-34077

MantisBT Mantis Bug Tracker is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible whi...

7.3CVSS7.2AI score0.01186EPSS
Exploits1References3
NVD
NVD
added 2024/05/03 6:15 p.m.44 views

CVE-2024-34075

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

6.2CVSS6.3AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2024/05/03 5:15 p.m.44 views

CVE-2024-33791

A cross-site scripting XSS vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function...

4.6CVSS5.6AI score0.00385EPSS
Exploits1References1
NVD
NVD
added 2024/05/02 2:15 p.m.44 views

CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...

6.8CVSS6.8AI score0.00787EPSS
Exploits0References2
NVD
NVD
added 2024/04/19 3:15 p.m.44 views

CVE-2024-32478

Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...

6.9CVSS6.6AI score0.00192EPSS
Exploits0References2
NVD
NVD
added 2024/04/16 12:15 a.m.44 views

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References1
NVD
NVD
added 2024/04/12 10:15 p.m.44 views

CVE-2024-28869

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

7.5CVSS7.4AI score0.01046EPSS
Exploits0References5
NVD
NVD
added 2024/04/12 4:15 p.m.44 views

CVE-2024-30392

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon flowd of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service DoS. On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific UR...

8.7CVSS7.5AI score0.00694EPSS
Exploits0References2
NVD
NVD
added 2024/04/10 8:15 p.m.44 views

CVE-2024-31984

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

9.9CVSS9.8AI score0.82996EPSS
Exploits1References8
NVD
NVD
added 2024/04/10 5:15 a.m.44 views

CVE-2023-6385

The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs...

4.3CVSS6.5AI score0.00225EPSS
Exploits2References1
NVD
NVD
added 2024/04/06 8:15 a.m.44 views

CVE-2024-0837

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...

6.4CVSS5.7AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 8:15 p.m.44 views

CVE-2023-38709

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...

7.3CVSS5.7AI score0.03914EPSS
Exploits0References11
NVD
NVD
added 2024/04/03 7:15 a.m.44 views

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

6.1CVSS6.2AI score0.00677EPSS
Exploits4References2
NVD
NVD
added 2024/03/26 3:15 p.m.44 views

CVE-2024-22356

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893...

4.9CVSS4.7AI score0.00538EPSS
Exploits0References2
NVD
NVD
added 2024/03/15 8:15 p.m.44 views

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

7.4CVSS7.5AI score0.00411EPSS
Exploits0References5
NVD
NVD
added 2024/03/07 11:15 a.m.44 views

CVE-2024-1169

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyformsuploadhandledroppedmedia function in all versions up to, and...

7.5CVSS7.4AI score0.0058EPSS
Exploits0References3
NVD
NVD
added 2024/03/06 7:15 p.m.44 views

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

8.7CVSS6.7AI score0.00676EPSS
Exploits0References2
NVD
NVD
added 2024/03/01 9:15 p.m.44 views

CVE-2024-27101

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

9.1CVSS7.1AI score0.00456EPSS
Exploits0References2
NVD
NVD
added 2024/02/29 1:43 a.m.44 views

CVE-2024-0620

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

5.3CVSS5AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2024/02/23 5:15 a.m.44 views

CVE-2024-22243

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS7.9AI score0.03967EPSS
Exploits1References3
NVD
NVD
added 2024/02/21 7:15 a.m.44 views

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

5.3CVSS5.4AI score0.00909EPSS
Exploits0References2
NVD
NVD
added 2024/02/10 9:15 a.m.44 views

CVE-2023-51492

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2024/02/09 2:15 p.m.44 views

CVE-2024-25315

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2...

9.8CVSS9.9AI score0.00734EPSS
Exploits1References1
NVD
NVD
added 2024/02/07 5:15 p.m.44 views

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

9.8CVSS9.3AI score0.01539EPSS
Exploits1References3
NVD
NVD
added 2024/02/01 4:17 p.m.44 views

CVE-2024-24752

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

6.5CVSS6.4AI score0.0075EPSS
Exploits1References2
NVD
NVD
added 2024/01/29 11:15 p.m.44 views

CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

6.5CVSS6.5AI score0.0102EPSS
Exploits1References6
NVD
NVD
added 2024/01/25 7:15 p.m.44 views

CVE-2024-0883

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...

9.8CVSS7.3AI score0.00649EPSS
Exploits1References3
NVD
NVD
added 2024/01/23 6:15 p.m.44 views

CVE-2024-22417

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

6.1CVSS6AI score0.0063EPSS
Exploits1References8
NVD
NVD
added 2024/01/22 2:15 p.m.44 views

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

7.8CVSS8AI score0.00474EPSS
Exploits2References4
NVD
NVD
added 2024/01/17 7:15 p.m.44 views

CVE-2024-0647

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

6.1CVSS4.7AI score0.00711EPSS
Exploits1References3
NVD
NVD
added 2024/01/16 10:15 p.m.44 views

CVE-2024-21670

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

8.1CVSS6.9AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2024/01/16 4:15 p.m.44 views

CVE-2023-0389

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS4.7AI score0.00473EPSS
Exploits2References1
NVD
NVD
added 2024/01/11 9:15 a.m.44 views

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to execute any...

9.8CVSS9.5AI score0.08544EPSS
Exploits1References2
NVD
NVD
added 2024/01/11 9:15 a.m.44 views

CVE-2023-6266

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download...

7.5CVSS7.3AI score0.02072EPSS
Exploits0References4
Total number of security vulnerabilities5000