Lucene search
K
NvdMost viewed

364208 matches found

NVD
NVD
added 2024/03/15 8:15 p.m.44 views

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

7.4CVSS7.5AI score0.00411EPSS
Exploits0References5
NVD
NVD
added 2024/03/06 7:15 p.m.44 views

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

8.7CVSS6.7AI score0.00676EPSS
Exploits0References2
NVD
NVD
added 2024/03/01 9:15 p.m.44 views

CVE-2024-27101

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

9.1CVSS7.1AI score0.00456EPSS
Exploits0References2
NVD
NVD
added 2024/02/29 1:43 a.m.44 views

CVE-2024-0620

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...

5.3CVSS5AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2024/02/21 7:15 a.m.44 views

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

5.3CVSS5.4AI score0.00909EPSS
Exploits0References2
NVD
NVD
added 2024/02/10 9:15 a.m.44 views

CVE-2023-51492

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2024/02/09 2:15 p.m.44 views

CVE-2024-25318

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2...

8.8CVSS9.1AI score0.00698EPSS
Exploits1References1
NVD
NVD
added 2024/02/09 2:15 p.m.44 views

CVE-2024-25315

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2...

9.8CVSS9.9AI score0.00734EPSS
Exploits1References1
NVD
NVD
added 2024/02/07 5:15 p.m.44 views

CVE-2024-24563

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

9.8CVSS9.3AI score0.01539EPSS
Exploits1References3
NVD
NVD
added 2024/02/01 4:17 p.m.44 views

CVE-2024-24752

Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each whic...

6.5CVSS6.4AI score0.0075EPSS
Exploits1References2
NVD
NVD
added 2024/01/29 11:15 p.m.44 views

CVE-2024-23829

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...

6.5CVSS6.5AI score0.0102EPSS
Exploits1References6
NVD
NVD
added 2024/01/23 6:15 p.m.44 views

CVE-2024-22417

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

6.1CVSS6AI score0.0063EPSS
Exploits1References8
NVD
NVD
added 2024/01/22 2:15 p.m.44 views

CVE-2020-36771

CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...

7.8CVSS8AI score0.00474EPSS
Exploits2References4
NVD
NVD
added 2024/01/17 7:15 p.m.44 views

CVE-2024-0647

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

6.1CVSS4.7AI score0.00711EPSS
Exploits1References3
NVD
NVD
added 2024/01/16 10:15 p.m.44 views

CVE-2024-21670

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

8.1CVSS6.9AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2024/01/16 4:15 p.m.44 views

CVE-2023-0389

The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...

4.8CVSS4.7AI score0.00473EPSS
Exploits2References1
NVD
NVD
added 2024/01/11 1:15 a.m.44 views

CVE-2024-21666

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

6.5CVSS6.3AI score0.00564EPSS
Exploits1References3
NVD
NVD
added 2024/01/09 10:15 a.m.44 views

CVE-2023-51744

A vulnerability has been identified in JT2Go All versions V14.3.0.6, Teamcenter Visualization V13.3 All versions V13.3.0.13, Teamcenter Visualization V14.1 All versions V14.1.0.12, Teamcenter Visualization V14.2 All versions V14.2.0.9, Teamcenter Visualization V14.3 All versions V14.3.0.6. The...

5.5CVSS5AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2024/01/09 9:15 a.m.44 views

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...

9.8CVSS9.8AI score0.01205EPSS
Exploits1References2
NVD
NVD
added 2023/12/29 5:15 p.m.44 views

CVE-2020-17163

Visual Studio Code Python Extension Remote Code Execution Vulnerability...

7.8CVSS0.00584EPSS
Exploits0References1
NVD
NVD
added 2023/12/22 7:15 p.m.44 views

CVE-2023-50714

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth2 PKCE implementation is vulnerable in 2 ways. First, the authCodeVerifier should be removed after usage similar to authStat...

8.8CVSS0.00492EPSS
Exploits1References5
NVD
NVD
added 2023/12/21 3:15 p.m.44 views

CVE-2023-50724

Resque pronounced like "rescue" is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the currentqueue parameter in the path of the queues endpoin...

6.3CVSS0.00484EPSS
Exploits1References3
NVD
NVD
added 2023/12/11 6:15 a.m.44 views

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

9.8CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2023/12/06 5:15 p.m.44 views

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

5.3CVSS0.00631EPSS
Exploits0References3
NVD
NVD
added 2023/12/05 6:15 a.m.44 views

CVE-2023-39248

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption Denial of Service vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network...

7.5CVSS0.007EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 4:15 p.m.44 views

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS0.00903EPSS
Exploits2References3
NVD
NVD
added 2023/11/14 10:15 p.m.44 views

CVE-2023-46023

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter...

6.5CVSS0.00583EPSS
Exploits3References1
NVD
NVD
added 2023/11/03 5:15 a.m.44 views

CVE-2023-41914

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files...

7CVSS7AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2023/11/02 2:15 p.m.44 views

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

4.3CVSS4.6AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 2023/10/27 8:15 p.m.44 views

CVE-2023-29009

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0...

6.1CVSS6AI score0.0047EPSS
Exploits0References3
NVD
NVD
added 2023/10/27 7:15 p.m.44 views

CVE-2023-4967

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA Virtual Server...

8.2CVSS8.5AI score0.00878EPSS
Exploits0References1
NVD
NVD
added 2023/10/25 6:17 p.m.44 views

CVE-2023-46128

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.3AI score0.00529EPSS
Exploits1References3
NVD
NVD
added 2023/10/20 8:15 a.m.44 views

CVE-2023-4648

The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

4.8CVSS4.4AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 7:15 p.m.44 views

CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

8.8CVSS7.5AI score0.00484EPSS
Exploits0References3
NVD
NVD
added 2023/10/16 10:15 a.m.44 views

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

7.5CVSS6.1AI score0.00389EPSS
Exploits0References1
NVD
NVD
added 2023/10/10 2:15 p.m.44 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References173
NVD
NVD
added 2023/10/10 12:15 p.m.44 views

CVE-2023-44763

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting XSS. NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the...

5.4CVSS5.2AI score0.00585EPSS
Exploits1References3
NVD
NVD
added 2023/10/05 4:15 p.m.44 views

CVE-2023-45160

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...

8.8CVSS8.7AI score0.00705EPSS
Exploits0References4
NVD
NVD
added 2023/10/04 2:15 p.m.44 views

CVE-2023-27433

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0...

8.8CVSS6.5AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2023/09/30 5:15 p.m.44 views

CVE-2022-4956

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may ...

7.8CVSS7.7AI score0.00387EPSS
Exploits1References4
NVD
NVD
added 2023/09/27 3:19 p.m.44 views

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically...

5.3CVSS5.2AI score0.00337EPSS
Exploits0References2
NVD
NVD
added 2023/09/23 12:15 a.m.44 views

CVE-2023-43338

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjsgetptr. This vulnerability allows attackers to execute arbitrary code via a crafted input...

9.8CVSS9.7AI score0.00903EPSS
Exploits1References1
NVD
NVD
added 2023/09/22 8:15 p.m.44 views

CVE-2023-40989

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component...

9.8CVSS9.8AI score0.01841EPSS
Exploits0References1
NVD
NVD
added 2023/09/15 8:15 p.m.44 views

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

7.5CVSS7.3AI score0.0076EPSS
Exploits1References2
NVD
NVD
added 2023/09/12 5:15 p.m.44 views

CVE-2023-36772

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00697EPSS
Exploits0References1
NVD
NVD
added 2023/09/07 7:15 a.m.44 views

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS9.2AI score0.01056EPSS
Exploits0References1
NVD
NVD
added 2023/08/26 9:15 a.m.44 views

CVE-2023-4547

A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filterbrandid/filterprice leads to cross site scripting. The attack may be launched remotely...

6.1CVSS4.7AI score0.48533EPSS
Exploits4References3
NVD
NVD
added 2023/08/25 8:15 p.m.44 views

CVE-2023-40579

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using ListObjects with specific models. The...

6.5CVSS6.4AI score0.00451EPSS
Exploits0References2
NVD
NVD
added 2023/08/19 1:15 a.m.44 views

CVE-2023-4432

Cross-site Scripting XSS - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4...

8.3CVSS6.4AI score0.00532EPSS
Exploits1References2
NVD
NVD
added 2023/08/16 9:15 p.m.44 views

CVE-2023-20242

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

6.1CVSS5.5AI score0.00394EPSS
Exploits0References1
Total number of security vulnerabilities5000