Lucene search
K
NvdMost viewed

363954 matches found

NVD
NVD
added 2023/12/06 5:15 p.m.44 views

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

5.3CVSS0.00631EPSS
Exploits0References3
NVD
NVD
added 2023/12/05 6:15 a.m.44 views

CVE-2023-39248

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption Denial of Service vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network...

7.5CVSS0.007EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 4:15 p.m.44 views

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS0.00903EPSS
Exploits2References3
NVD
NVD
added 2023/11/14 10:15 p.m.44 views

CVE-2023-46023

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter...

6.5CVSS0.00583EPSS
Exploits3References1
NVD
NVD
added 2023/11/03 5:15 a.m.44 views

CVE-2023-41914

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files...

7CVSS7AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2023/11/02 2:15 p.m.44 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS4.6AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 2023/10/27 8:15 p.m.44 views

CVE-2023-29009

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

6.1CVSS6AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2023/10/27 7:15 p.m.44 views

CVE-2023-4967

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA Virtual Server...

8.2CVSS8.5AI score0.00878EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 6:17 p.m.44 views

CVE-2023-46128

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.3AI score0.00529EPSS
Exploits1References3
NVD
NVD
added 2023/10/20 8:15 a.m.44 views

CVE-2023-4648

The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.8CVSS4.4AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 7:15 p.m.44 views

CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

8.8CVSS7.5AI score0.00484EPSS
Exploits0References3
NVD
NVD
added 2023/10/16 10:15 a.m.44 views

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

7.5CVSS6.1AI score0.00389EPSS
Exploits0References1
NVD
NVD
added 2023/10/10 2:15 p.m.44 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References173
NVD
NVD
added 2023/10/10 12:15 p.m.44 views

CVE-2023-44763

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting XSS. NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the...

5.4CVSS5.2AI score0.00585EPSS
Exploits1References3
NVD
NVD
added 2023/10/05 4:15 p.m.44 views

CVE-2023-45160

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...

8.8CVSS8.7AI score0.00705EPSS
Exploits0References4
NVD
NVD
added 2023/10/04 2:15 p.m.44 views

CVE-2023-27433

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0...

8.8CVSS6.5AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/10/04 12:15 p.m.44 views

CVE-2023-3153

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured...

5.3CVSS5.4AI score0.00994EPSS
Exploits0References6
NVD
NVD
added 2023/09/30 5:15 p.m.44 views

CVE-2022-4956

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may ...

7.8CVSS7.7AI score0.00387EPSS
Exploits1References4
NVD
NVD
added 2023/09/27 3:19 p.m.44 views

CVE-2023-43645

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's...

5.9CVSS5.7AI score0.00751EPSS
Exploits0References2
NVD
NVD
added 2023/09/27 3:19 p.m.44 views

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically...

5.3CVSS5.2AI score0.00337EPSS
Exploits0References2
NVD
NVD
added 2023/09/23 12:15 a.m.44 views

CVE-2023-43338

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjsgetptr. This vulnerability allows attackers to execute arbitrary code via a crafted input...

9.8CVSS9.7AI score0.00903EPSS
Exploits1References1
NVD
NVD
added 2023/09/22 8:15 p.m.44 views

CVE-2023-40989

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component...

9.8CVSS9.8AI score0.01841EPSS
Exploits0References1
NVD
NVD
added 2023/09/12 5:15 p.m.44 views

CVE-2023-36772

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00697EPSS
Exploits0References1
NVD
NVD
added 2023/09/07 7:15 a.m.44 views

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS9.2AI score0.01056EPSS
Exploits0References1
NVD
NVD
added 2023/08/26 9:15 a.m.44 views

CVE-2023-4547

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4.7AI score0.48533EPSS
Exploits4References3
NVD
NVD
added 2023/08/25 8:15 p.m.44 views

CVE-2023-40579

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using ListObjects with specific models. The...

6.5CVSS6.4AI score0.00451EPSS
Exploits0References2
NVD
NVD
added 2023/08/19 1:15 a.m.44 views

CVE-2023-4432

Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4...

8.3CVSS6.4AI score0.00532EPSS
Exploits1References2
NVD
NVD
added 2023/08/16 9:15 p.m.44 views

CVE-2023-20242

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

6.1CVSS5.5AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2023/08/14 9:15 p.m.44 views

CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

6.1CVSS6.2AI score0.00388EPSS
Exploits0References5
NVD
NVD
added 2023/08/08 10:15 p.m.44 views

CVE-2023-39951

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

6.5CVSS6.3AI score0.00672EPSS
Exploits1References3
NVD
NVD
added 2023/08/08 10:15 a.m.44 views

CVE-2023-24845

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969...

9.8CVSS9.4AI score0.00579EPSS
Exploits0References2
NVD
NVD
added 2023/08/07 8:15 p.m.44 views

CVE-2023-38704

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

9.8CVSS9.3AI score0.00846EPSS
Exploits0References2
NVD
NVD
added 2023/08/03 9:15 a.m.44 views

CVE-2023-4119

A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sortby leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifi...

6.1CVSS5.1AI score0.0202EPSS
Exploits3References3
NVD
NVD
added 2023/07/25 10:15 p.m.44 views

CVE-2023-38501

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...

6.3CVSS6.1AI score0.06195EPSS
Exploits3References3
NVD
NVD
added 2023/07/14 10:15 a.m.44 views

CVE-2023-3672

Cross-site Scripting XSS - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5...

7.3CVSS0.00428EPSS
Exploits1References2
NVD
NVD
added 2023/07/13 8:15 p.m.44 views

CVE-2023-37463

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been...

7.5CVSS0.00591EPSS
Exploits1References2
NVD
NVD
added 2023/07/13 3:15 a.m.44 views

CVE-2023-34132

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS0.06549EPSS
Exploits1References3
NVD
NVD
added 2023/07/12 4:15 p.m.44 views

CVE-2023-37964

A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.0051EPSS
Exploits0References2
NVD
NVD
added 2023/07/07 10:15 p.m.44 views

CVE-2023-37269

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Users with the backend.managebranding permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting...

4.8CVSS4.4AI score0.01637EPSS
Exploits4References5
NVD
NVD
added 2023/06/29 1:15 a.m.44 views

CVE-2023-36476

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LU...

7.9CVSS7.8AI score0.00259EPSS
Exploits1References3
NVD
NVD
added 2023/06/28 2:15 p.m.44 views

CVE-2023-36467

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...

8.8CVSS8.6AI score0.0118EPSS
Exploits0References4
NVD
NVD
added 2023/06/27 6:15 p.m.44 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

7.5CVSS5.5AI score0.00503EPSS
Exploits0References3
NVD
NVD
added 2023/06/23 4:15 p.m.44 views

CVE-2023-34465

XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending...

9.9CVSS9.5AI score0.00853EPSS
Exploits1References5
NVD
NVD
added 2023/06/16 7:15 p.m.44 views

CVE-2023-25186

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell which is by default disabled...

5.1CVSS5.3AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2023/06/14 5:15 p.m.44 views

CVE-2023-34095

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...

9.8CVSS9.5AI score0.01539EPSS
Exploits1References6
NVD
NVD
added 2023/06/09 1:15 p.m.44 views

CVE-2023-3184

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross sit...

4.8CVSS3.8AI score0.02264EPSS
Exploits4References4
NVD
NVD
added 2023/06/02 2:15 p.m.44 views

CVE-2023-3060

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btnfunctions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated...

5.4CVSS4.2AI score0.00594EPSS
Exploits1References3
NVD
NVD
added 2023/06/01 1:15 p.m.44 views

CVE-2022-43760

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...

8.4CVSS8.3AI score0.00714EPSS
Exploits0References2
NVD
NVD
added 2023/05/25 8:15 p.m.44 views

CVE-2023-25439

Stored Cross Site Scripting XSS vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details...

6.1CVSS6AI score0.02246EPSS
Exploits4References1
NVD
NVD
added 2023/05/23 2:15 a.m.44 views

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

6.5CVSS6.5AI score0.00279EPSS
Exploits0References2
Total number of security vulnerabilities5000