Lucene search
K
NvdMost viewed

363954 matches found

NVD
NVD
•added 2023/05/18 11:15 p.m.•44 views

CVE-2023-32680

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...

9.6CVSS6.8AI score0.00598EPSS
Exploits0References4
NVD
NVD
•added 2023/05/16 5:15 p.m.•44 views

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.5AI score0.00601EPSS
Exploits0References1
NVD
NVD
•added 2023/04/23 11:15 a.m.•44 views

CVE-2023-23827

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Google Maps v3 Shortcode plugin = 1.2.1 versions...

6.5CVSS6AI score0.0037EPSS
Exploits0References1
NVD
NVD
•added 2023/04/21 3:15 p.m.•44 views

CVE-2023-26876

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filteruserid parameter to the admin.php?page=history&filterimageid=&filteruserid endpoint...

8.8CVSS9AI score0.09725EPSS
Exploits5References5
NVD
NVD
•added 2023/04/18 12:15 p.m.•44 views

CVE-2021-41613

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...

4.3CVSS4.7AI score0.00407EPSS
Exploits0References2
NVD
NVD
•added 2023/04/16 2:15 a.m.•44 views

CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

7.5CVSS7.4AI score0.09803EPSS
Exploits4References2
NVD
NVD
•added 2023/04/11 3:15 a.m.•44 views

CVE-2023-29109

The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...

4.6CVSS5AI score0.00324EPSS
Exploits0References2
NVD
NVD
•added 2023/04/07 3:15 p.m.•44 views

CVE-2023-28707

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

7.5CVSS7.5AI score0.02062EPSS
Exploits0References3
NVD
NVD
•added 2023/04/03 2:15 p.m.•44 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

6.1CVSS7AI score0.33112EPSS
Exploits1References3
NVD
NVD
•added 2023/03/30 1:15 a.m.•44 views

CVE-2023-0620

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provide...

6.7CVSS7AI score0.00378EPSS
Exploits0References2
NVD
NVD
•added 2023/03/29 7:15 p.m.•44 views

CVE-2022-37350

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.8CVSS7.7AI score0.0077EPSS
Exploits0References2
NVD
NVD
•added 2023/03/29 7:15 p.m.•44 views

CVE-2022-2560

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper...

9.1CVSS8.4AI score0.77688EPSS
Exploits0References1
NVD
NVD
•added 2023/03/27 10:15 p.m.•44 views

CVE-2022-2237

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function...

6.1CVSS6.1AI score0.00399EPSS
Exploits0References1
NVD
NVD
•added 2023/03/27 9:15 p.m.•44 views

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

5.5CVSS5.4AI score0.00249EPSS
Exploits1References3
NVD
NVD
•added 2023/03/16 9:15 p.m.•44 views

CVE-2023-27494

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

6.1CVSS5.7AI score0.00407EPSS
Exploits0References2
NVD
NVD
•added 2023/03/16 1:15 p.m.•44 views

CVE-2022-26080

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G4612 – comcode 150047415...

6.3CVSS6.8AI score0.00427EPSS
Exploits0References1
NVD
NVD
•added 2023/03/10 9:15 p.m.•44 views

CVE-2022-33213

Memory corruption in modem due to buffer overflow while processing a PPP packet...

8.8CVSS8.2AI score0.00409EPSS
Exploits0References1
NVD
NVD
•added 2023/03/02 7:15 p.m.•44 views

CVE-2023-26055

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places...

9.9CVSS9.4AI score0.01163EPSS
Exploits1References4
NVD
NVD
•added 2023/02/23 3:15 p.m.•44 views

CVE-2023-0868

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are...

6.7CVSS6.3AI score0.00442EPSS
Exploits0References2
NVD
NVD
•added 2023/02/21 10:15 p.m.•44 views

CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

9.8CVSS9.5AI score0.85247EPSS
Exploits2References2
NVD
NVD
•added 2023/02/16 7:15 p.m.•44 views

CVE-2023-25653

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

7.5CVSS7.6AI score0.00552EPSS
Exploits0References2
NVD
NVD
•added 2023/02/16 7:15 p.m.•44 views

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

8.8CVSS9AI score0.02514EPSS
Exploits0References1
NVD
NVD
•added 2023/02/14 2:15 a.m.•44 views

CVE-2023-0814

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...

6.5CVSS6.7AI score0.00769EPSS
Exploits2References5
NVD
NVD
•added 2023/02/12 2:15 p.m.•44 views

CVE-2023-0787

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

8.1CVSS7.7AI score0.00533EPSS
Exploits1References2
NVD
NVD
•added 2023/02/09 7:15 p.m.•44 views

CVE-2023-21451

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S12 allows attacker to cause memory corruptions...

7.8CVSS6.7AI score0.00167EPSS
Exploits0References1
NVD
NVD
•added 2023/02/08 8:15 p.m.•44 views

CVE-2023-25150

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users...

5.8CVSS5.6AI score0.00735EPSS
Exploits0References3
NVD
NVD
•added 2023/02/06 8:15 p.m.•44 views

CVE-2023-20605

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104...

4.4CVSS4.3AI score0.00097EPSS
Exploits0References1
NVD
NVD
•added 2023/01/26 6:59 p.m.•44 views

CVE-2022-42387

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS4AI score0.00332EPSS
Exploits0References2
NVD
NVD
•added 2023/01/17 9:15 p.m.•44 views

CVE-2023-22499

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

7.5CVSS7.4AI score0.00601EPSS
Exploits1References2
NVD
NVD
•added 2023/01/17 9:15 p.m.•44 views

CVE-2022-40319

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References IDOR attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account...

7.5CVSS7.4AI score0.07195EPSS
Exploits4References2
NVD
NVD
•added 2023/01/13 12:15 a.m.•44 views

CVE-2023-22401

An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon aftmand of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On the PTX10008 and PTX10016 platforms running Junos ...

7.5CVSS7.5AI score0.00616EPSS
Exploits0References1
NVD
NVD
•added 2023/01/12 8:15 p.m.•44 views

CVE-2023-22488

Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the...

6.8CVSS6.5AI score0.00397EPSS
Exploits0References2
NVD
NVD
•added 2023/01/05 11:15 p.m.•44 views

CVE-2021-32828

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

6.1CVSS5.9AI score0.0071EPSS
Exploits1References2
NVD
NVD
•added 2023/01/05 1:15 a.m.•44 views

CVE-2023-0057

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33...

6.1CVSS4.6AI score0.00456EPSS
Exploits0References2
NVD
NVD
•added 2022/12/27 3:15 p.m.•44 views

CVE-2022-4722

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5...

7.2CVSS0.0113EPSS
Exploits1References2
NVD
NVD
•added 2022/12/21 1:15 a.m.•44 views

CVE-2022-4617

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.3.2...

6.1CVSS0.00616EPSS
Exploits1References2
NVD
NVD
•added 2022/12/16 4:15 p.m.•44 views

CVE-2022-20581

In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

6.7CVSS0.00182EPSS
Exploits0References1
NVD
NVD
•added 2022/12/13 7:15 p.m.•44 views

CVE-2022-44704

Microsoft Windows System Monitor Sysmon Elevation of Privilege Vulnerability...

7.8CVSS0.00704EPSS
Exploits0References2
NVD
NVD
•added 2022/12/07 9:15 p.m.•44 views

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

7.5CVSS0.00689EPSS
Exploits0References1
NVD
NVD
•added 2022/11/30 11:15 p.m.•44 views

CVE-2022-46162

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

9.8CVSS0.0113EPSS
Exploits1References2
NVD
NVD
•added 2022/11/30 10:15 p.m.•44 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS0.00473EPSS
Exploits0References6
NVD
NVD
•added 2022/11/23 8:15 p.m.•44 views

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

9.9CVSS0.0119EPSS
Exploits1References3
NVD
NVD
•added 2022/11/22 1:15 p.m.•44 views

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...

6.1CVSS0.00472EPSS
Exploits0References3
NVD
NVD
•added 2022/11/21 9:15 p.m.•44 views

CVE-2022-42096

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content...

4.8CVSS0.0196EPSS
Exploits1References4
NVD
NVD
•added 2022/11/15 8:15 p.m.•44 views

CVE-2022-38666

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/11/09 9:15 p.m.•44 views

CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

9.8CVSS0.00929EPSS
Exploits0References1
NVD
NVD
•added 2022/10/19 10:15 p.m.•44 views

CVE-2022-41694

In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, and BIG-IQ versions 8.x before 8.2.0.1 and all versions of 7.x, when an SSL key is imported on a BIG-IP or BIG-IQ system, undisclosed input can cause MCPD to terminate...

4.9CVSS0.00595EPSS
Exploits0References1
NVD
NVD
•added 2022/10/16 4:15 a.m.•44 views

CVE-2022-42968

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled...

9.8CVSS0.01051EPSS
Exploits0References3
NVD
NVD
•added 2022/10/15 2:15 a.m.•44 views

CVE-2017-20149

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on t...

9.8CVSS0.02554EPSS
Exploits2References2
NVD
NVD
•added 2022/10/14 8:15 p.m.•44 views

CVE-2022-39310

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...

6.5CVSS0.00615EPSS
Exploits0References3
Total number of security vulnerabilities5000