Lucene search
K
NvdMost viewed

363383 matches found

NVD
NVD
added 2022/03/03 9:15 p.m.68 views

CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS0.01995EPSS
Exploits1References4
NVD
NVD
added 2020/05/18 10:15 p.m.68 views

CVE-2020-13154

Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet...

6.5CVSS6.3AI score0.03118EPSS
Exploits1References2
NVD
NVD
added 2019/07/19 7:15 a.m.68 views

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=...

5.4CVSS5.3AI score0.01505EPSS
Exploits5References2
NVD
NVD
added 2019/07/18 1:15 p.m.68 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2013/04/17 6:55 p.m.68 views

CVE-2013-2426

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from t...

9.3CVSS7.9AI score0.05712EPSS
Exploits0References19
NVD
NVD
added 2026/05/12 3:16 a.m.67 views

CVE-2026-40129

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

4.3CVSS0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 1:16 a.m.67 views

CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting XSS related to BB code rendering. An attacker can inject malicious scripts through BB code that are stored and executed when other users view the content...

6.4CVSS0.00138EPSS
Exploits0References2
NVD
NVD
added 2025/12/19 9:15 p.m.67 views

CVE-2023-53950

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS0.00559EPSS
Exploits0References3
NVD
NVD
added 2025/12/11 7:15 p.m.67 views

CVE-2025-56129

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...

8.8CVSS0.02308EPSS
Exploits1References3
NVD
NVD
added 2025/07/09 4:15 p.m.67 views

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS0.00196EPSS
Exploits0References2
NVD
NVD
added 2025/05/26 7:15 a.m.67 views

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

6.3CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 7:15 p.m.67 views

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS0.01151EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 3:15 p.m.67 views

CVE-2024-8785

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...

9.8CVSS0.09504EPSS
Exploits0References3
NVD
NVD
added 2024/11/12 6:15 p.m.67 views

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability...

8.8CVSS0.13719EPSS
Exploits1References2
NVD
NVD
added 2024/09/26 6:15 p.m.67 views

CVE-2024-47171

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended...

4.3CVSS0.00495EPSS
Exploits0References3
NVD
NVD
added 2024/08/24 6:15 p.m.67 views

CVE-2024-8131

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by thi...

9.8CVSS0.08208EPSS
Exploits1References6
NVD
NVD
added 2024/08/13 6:15 p.m.67 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7.8CVSS0.27561EPSS
Exploits4References3
NVD
NVD
added 2024/07/09 5:15 p.m.67 views

CVE-2024-20701

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01611EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 4:15 a.m.67 views

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

10CVSS0.01011EPSS
Exploits0References10
NVD
NVD
added 2024/06/13 8:15 p.m.67 views

CVE-2024-5947

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...

6.5CVSS0.02418EPSS
Exploits3References1
NVD
NVD
added 2024/04/11 1:15 p.m.67 views

CVE-2024-32109

Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...

4.3CVSS4.6AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2024/04/04 2:15 p.m.67 views

CVE-2024-2700

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

7CVSS7AI score0.00286EPSS
Exploits0References8
NVD
NVD
added 2024/03/21 10:15 p.m.67 views

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...

8.8CVSS9.2AI score0.01381EPSS
Exploits1References2
NVD
NVD
added 2024/02/22 4:15 p.m.67 views

CVE-2023-51653

Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...

9.8CVSS9.9AI score0.02131EPSS
Exploits1References2
NVD
NVD
added 2023/09/06 9:15 p.m.67 views

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

5.4CVSS5.1AI score0.00469EPSS
Exploits0References3
NVD
NVD
added 2023/02/01 8:15 p.m.67 views

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

6.1CVSS6.1AI score0.01084EPSS
Exploits1References1
NVD
NVD
added 2022/11/14 9:15 p.m.67 views

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

9.8CVSS0.49201EPSS
Exploits3References4
NVD
NVD
added 2022/10/06 6:16 p.m.67 views

CVE-2022-39273

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

7.5CVSS0.0067EPSS
Exploits0References3
NVD
NVD
added 2022/09/08 12:15 a.m.67 views

CVE-2022-38531

FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function...

8.8CVSS0.01812EPSS
Exploits1References1
NVD
NVD
added 2022/08/23 4:15 p.m.67 views

CVE-2022-37112

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php...

9.8CVSS0.00761EPSS
Exploits1References1
NVD
NVD
added 2022/06/09 8:15 p.m.67 views

CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

7.5CVSS0.01392EPSS
Exploits0References4
NVD
NVD
added 2021/10/11 11:15 a.m.67 views

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

5.4CVSS0.00399EPSS
Exploits2References1
NVD
NVD
added 2021/05/28 5:15 p.m.67 views

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

9.4CVSS0.01331EPSS
Exploits0References4
NVD
NVD
added 2020/09/16 1:15 p.m.67 views

CVE-2020-25559

gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...

7.8CVSS0.01564EPSS
Exploits1References1
NVD
NVD
added 2009/09/01 6:30 p.m.67 views

CVE-2009-3042

SQL injection vulnerability in machine.php in Open Computer and Software OCS Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040...

7.5CVSS8.2AI score0.02958EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 9:16 a.m.66 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS0.00352EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 9:16 p.m.66 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS0.00406EPSS
Exploits2References1
NVD
NVD
added 2026/05/12 10:16 p.m.66 views

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 1:16 p.m.66 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS0.00319EPSS
Exploits0References4
NVD
NVD
added 2026/01/07 5:16 p.m.66 views

CVE-2026-20026

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

5.8CVSS0.00634EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 6:15 p.m.66 views

CVE-2025-49736

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS0.0046EPSS
Exploits0References1
NVD
NVD
added 2025/01/06 3:15 p.m.66 views

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...

7.5CVSS0.00526EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 6:15 p.m.66 views

CVE-2024-12792

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

9.8CVSS0.00624EPSS
Exploits1References4
NVD
NVD
added 2024/11/11 6:15 a.m.66 views

CVE-2024-51793

Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through = 3.8115...

10CVSS0.01794EPSS
Exploits4References2
NVD
NVD
added 2024/10/27 12:15 p.m.66 views

CVE-2024-10415

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has...

8.8CVSS0.00563EPSS
Exploits1References5
NVD
NVD
added 2024/09/11 5:15 p.m.66 views

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

7.2CVSS0.01098EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 p.m.66 views

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

8.8CVSS0.0019EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 8:15 a.m.66 views

CVE-2024-6944

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has bee...

7.5CVSS0.0378EPSS
Exploits0References4
NVD
NVD
added 2024/06/19 3:15 p.m.66 views

CVE-2024-34444

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0...

8.8CVSS0.00331EPSS
Exploits1References2
NVD
NVD
added 2023/12/04 11:15 p.m.66 views

CVE-2023-21164

In DevmemIntMapPMR of devicememserver.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00414EPSS
Exploits0References1
Total number of security vulnerabilities5000