Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2006/08/05 12:4 a.m.71 views

CVE-2006-3990

Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the commtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter in 1 Savant2Pluginstylesheet.php, 2...

7.5CVSS7.8AI score0.18385EPSS
Exploits1References39
NVD
NVD
added 2026/05/18 8:16 p.m.70 views

CVE-2026-47092

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

7.8CVSS0.0051EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 5:16 a.m.70 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

7.2CVSS0.04544EPSS
Exploits1References5
NVD
NVD
added 2026/05/07 4:16 a.m.70 views

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS0.00365EPSS
Exploits0References10
NVD
NVD
added 2026/05/04 8:16 a.m.70 views

CVE-2026-7742

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

6.5CVSS0.00241EPSS
Exploits0References5
NVD
NVD
added 2025/10/15 9:15 a.m.70 views

CVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00878EPSS
Exploits3References4
NVD
NVD
added 2025/09/03 1:15 a.m.70 views

CVE-2025-57806

Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page...

6.9CVSS0.00065EPSS
Exploits0References3
NVD
NVD
added 2025/07/26 4:16 a.m.70 views

CVE-2025-54412

skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke...

8.7CVSS0.00137EPSS
Exploits0References3
NVD
NVD
added 2025/04/28 8:15 p.m.70 views

CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS0.0418EPSS
Exploits1References3
NVD
NVD
added 2025/02/12 10:15 p.m.70 views

CVE-2024-39365

Uncontrolled search path for the FPGA Support Package for the IntelR oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

6.7CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 2:4 a.m.70 views

CVE-2024-49113

Windows Lightweight Directory Access Protocol LDAP Denial of Service Vulnerability...

7.5CVSS0.83642EPSS
Exploits6References1
NVD
NVD
added 2024/11/04 11:15 p.m.70 views

CVE-2024-51501

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...

10CVSS0.00535EPSS
Exploits0References2
NVD
NVD
added 2024/10/22 3:15 p.m.70 views

CVE-2024-26271

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

8.8CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2024/09/26 6:15 p.m.70 views

CVE-2024-47171

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended...

4.3CVSS0.00495EPSS
Exploits0References3
NVD
NVD
added 2024/09/10 4:15 p.m.70 views

CVE-2024-44677

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the DatabaseController.java component...

9.8CVSS0.00497EPSS
Exploits2References3
NVD
NVD
added 2024/09/03 8:15 p.m.70 views

CVE-2024-4629

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

6.5CVSS0.00793EPSS
Exploits0References11
NVD
NVD
added 2024/08/13 3:15 a.m.70 views

CVE-2024-7094

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...

9.8CVSS0.37899EPSS
Exploits0References6
NVD
NVD
added 2024/06/19 3:15 p.m.70 views

CVE-2024-34444

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0...

8.8CVSS0.00331EPSS
Exploits1References2
NVD
NVD
added 2024/04/29 6:15 a.m.70 views

CVE-2024-33559

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5...

9.3CVSS9.7AI score0.03553EPSS
Exploits3References1
NVD
NVD
added 2023/07/31 2:15 p.m.70 views

CVE-2023-34644

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW3.01B11P204, RG-NBS and RG-S1930 series switches SWITCH3.01B11P218, RG-EG series business VPN routers EG3.01B11P216, EAP and RAP series wireless access points AP3.01B11P218, NBC series wirele...

9.8CVSS9.8AI score0.01523EPSS
Exploits0References2
NVD
NVD
added 2023/07/29 8:15 a.m.70 views

CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.8AI score0.0163EPSS
Exploits0References4
NVD
NVD
added 2023/05/08 9:15 p.m.70 views

CVE-2023-30334

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the MiniMag.asm and bbcode.asm libraries...

6.1CVSS6.2AI score0.00624EPSS
Exploits1References5
NVD
NVD
added 2023/01/17 9:15 p.m.70 views

CVE-2022-39195

A cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter...

6.1CVSS5.9AI score0.06314EPSS
Exploits4References2
NVD
NVD
added 2022/11/21 7:15 p.m.70 views

CVE-2022-3388

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role...

8.8CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2022/09/13 6:15 p.m.70 views

CVE-2022-36107

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the FileDumpController backend and frontend context is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account i...

6.5CVSS0.00722EPSS
Exploits0References3
NVD
NVD
added 2022/03/23 8:15 p.m.70 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

4.3CVSS0.00754EPSS
Exploits0References1
NVD
NVD
added 2021/12/15 7:15 p.m.70 views

CVE-2021-0978

In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed...

3.3CVSS0.00104EPSS
Exploits0References1
NVD
NVD
added 2021/12/13 11:15 a.m.70 views

CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS0.728EPSS
Exploits7References3
NVD
NVD
added 2021/04/13 8:15 p.m.70 views

CVE-2021-28471

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability...

7.8CVSS0.04075EPSS
Exploits0References1
NVD
NVD
added 2019/10/31 5:15 p.m.70 views

CVE-2019-16251

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...

4.3CVSS4.6AI score0.00948EPSS
Exploits0References2
NVD
NVD
added 2010/10/18 5:0 p.m.70 views

CVE-2009-5006

The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service NULL pointer...

4CVSS6.2AI score0.04086EPSS
Exploits0References8
NVD
NVD
added 2026/05/15 3:16 a.m.69 views

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS0.00112EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 10:16 p.m.69 views

CVE-2026-44427

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path e.g., //evil.com/ tha...

0.00409EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 10:16 p.m.69 views

CVE-2026-33844

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

9CVSS0.00988EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 10:15 a.m.69 views

CVE-2025-8956

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

8.8CVSS0.18145EPSS
Exploits1References5
NVD
NVD
added 2025/06/11 6:15 p.m.69 views

CVE-2025-0923

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system...

5.3CVSS0.00241EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 8:15 a.m.69 views

CVE-2025-27538

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

2.7CVSS0.00214EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.69 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7.8CVSS0.27561EPSS
Exploits4References3
NVD
NVD
added 2024/08/12 4:15 p.m.69 views

CVE-2024-41909

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

5.9CVSS0.00581EPSS
Exploits0References3
NVD
NVD
added 2024/06/27 9:15 p.m.69 views

CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...

10CVSS0.01088EPSS
Exploits0References2
NVD
NVD
added 2024/05/23 5:15 p.m.69 views

CVE-2024-35082

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysOperLogMapper.xml...

6.3CVSS7.8AI score0.00254EPSS
Exploits0References2
NVD
NVD
added 2024/04/29 5:15 p.m.69 views

CVE-2024-33444

SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...

9.8CVSS7.7AI score0.00899EPSS
Exploits1References3
NVD
NVD
added 2024/04/11 1:15 p.m.69 views

CVE-2024-32109

Cross-Site Request Forgery CSRF vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a through 2.1.9...

4.3CVSS4.6AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2024/03/14 3:15 a.m.69 views

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...

6.7CVSS7AI score0.00076EPSS
Exploits0References1
NVD
NVD
added 2024/01/26 6:15 p.m.69 views

CVE-2024-20263

A vulnerability with the access control list ACL management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...

7.2CVSS6.3AI score0.0045EPSS
Exploits0References1
NVD
NVD
added 2024/01/19 6:15 p.m.69 views

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576...

7.8CVSS7.7AI score0.0033EPSS
Exploits1References1
NVD
NVD
added 2024/01/09 10:15 a.m.69 views

CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...

7.2CVSS6.5AI score0.00547EPSS
Exploits0References1
NVD
NVD
added 2024/01/08 2:15 p.m.69 views

CVE-2024-21645

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...

5.3CVSS5.4AI score0.24513EPSS
Exploits1References2
NVD
NVD
added 2023/07/14 8:15 p.m.69 views

CVE-2023-37474

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This...

7.5CVSS0.42828EPSS
Exploits4References3
NVD
NVD
added 2023/07/12 4:15 p.m.69 views

CVE-2023-36266

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 fixed in 17.2, and the KeeperFill Browser Extensions version 16.5.4 fixed in 17.2, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and...

5.5CVSS5.6AI score0.00839EPSS
Exploits3References4
Total number of security vulnerabilities5000