Lucene search
K
NvdMost viewed

364820 matches found

NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38086

Azure Kinect SDK Remote Code Execution Vulnerability...

6.4CVSS0.0061EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38048

Windows Network Driver Interface Specification NDIS Denial of Service Vulnerability...

6.5CVSS0.01008EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.44 views

CVE-2024-38023

Microsoft SharePoint Server Remote Code Execution Vulnerability...

7.2CVSS0.529EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 12:15 p.m.44 views

CVE-2024-33654

A vulnerability has been identified in Simcenter Femap All versions V2406. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS0.00173EPSS
Exploits0References1
NVD
NVD
added 2024/07/08 4:15 p.m.44 views

CVE-2024-21778

A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability...

7.2CVSS0.00943EPSS
Exploits0References2
NVD
NVD
added 2024/07/05 2:15 p.m.44 views

CVE-2024-38346

The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...

9.8CVSS0.03301EPSS
Exploits0References4
NVD
NVD
added 2024/07/05 2:15 a.m.44 views

CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

6.5CVSS0.00835EPSS
Exploits0References6
NVD
NVD
added 2024/07/04 12:15 p.m.44 views

CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

8.8CVSS0.00295EPSS
Exploits0References4
NVD
NVD
added 2024/07/03 8:15 p.m.44 views

CVE-2024-34750

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...

7.5CVSS0.04602EPSS
Exploits0References3
NVD
NVD
added 2024/07/02 7:15 p.m.44 views

CVE-2022-25478

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device...

7.8CVSS0.00188EPSS
Exploits0References3
NVD
NVD
added 2024/07/01 9:15 p.m.44 views

CVE-2024-38368

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

9.3CVSS0.14851EPSS
Exploits0References5
NVD
NVD
added 2024/07/01 4:15 p.m.44 views

CVE-2024-36422

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...

6.1CVSS0.00406EPSS
Exploits1References2
NVD
NVD
added 2024/06/27 10:15 a.m.44 views

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

9.8CVSS0.00528EPSS
Exploits0References2
NVD
NVD
added 2024/06/27 6:15 a.m.44 views

CVE-2024-4704

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing...

6.1CVSS0.00449EPSS
Exploits2References1
NVD
NVD
added 2024/06/26 12:15 a.m.44 views

CVE-2024-4869

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS0.00377EPSS
Exploits0References3
NVD
NVD
added 2024/06/25 4:15 a.m.44 views

CVE-2024-36999

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 12:15 a.m.44 views

CVE-2024-3121

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

6.8CVSS0.00446EPSS
Exploits2References1
NVD
NVD
added 2024/06/21 11:15 a.m.44 views

CVE-2024-38626

In the Linux kernel, the following vulnerability has been resolved: fuse: clear FRSENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------ cut here ------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuserequestend+0x685/0x7e0...

5.5CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2024/06/14 1:15 p.m.44 views

CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handlefoldersfileupload' function. This makes it possible for authenticated attackers, with author access and above, to uplo...

4.3CVSS0.00673EPSS
Exploits0References3
NVD
NVD
added 2024/06/14 6:15 a.m.44 views

CVE-2023-51496

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7...

5.3CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 8:15 p.m.44 views

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

7.5CVSS0.00442EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 2:15 a.m.44 views

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

10CVSS0.56209EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 10:15 p.m.44 views

CVE-2024-36302

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS0.00552EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 10:15 p.m.44 views

CVE-2024-36303

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

7.8CVSS0.00354EPSS
Exploits0References2
NVD
NVD
added 2024/06/10 5:16 p.m.44 views

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

5.3CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 6:15 p.m.44 views

CVE-2024-31347

Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0...

4.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/06/08 2:15 p.m.44 views

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1...

6.5CVSS0.00237EPSS
Exploits0References1
NVD
NVD
added 2024/06/06 6:15 p.m.44 views

CVE-2024-2914

A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to...

8.8CVSS0.00917EPSS
Exploits1References2
NVD
NVD
added 2024/05/31 4:15 p.m.44 views

CVE-2022-25037

An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting XSS vulnerability via the image upload function...

5.4CVSS6AI score0.00268EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 7:15 p.m.44 views

CVE-2024-35228

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eve...

5.5CVSS5.5AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/05/24 5:15 p.m.44 views

CVE-2023-46442

An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service DoS...

4.3CVSS6.4AI score0.00919EPSS
Exploits1References2
NVD
NVD
added 2024/05/14 4:15 p.m.44 views

CVE-2024-0762

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ fo...

7.8CVSS7.8AI score0.00758EPSS
Exploits2References4
NVD
NVD
added 2024/05/14 3:38 p.m.44 views

CVE-2024-34077

MantisBT Mantis Bug Tracker is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible whi...

7.3CVSS7.2AI score0.01186EPSS
Exploits1References3
NVD
NVD
added 2024/05/14 3:12 p.m.44 views

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...

6.7CVSS6.8AI score0.01673EPSS
Exploits4References1
NVD
NVD
added 2024/05/03 6:15 p.m.44 views

CVE-2024-34075

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

6.2CVSS6.3AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2024/05/03 5:15 p.m.44 views

CVE-2024-33791

A cross-site scripting XSS vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function...

4.6CVSS5.6AI score0.00385EPSS
Exploits1References1
NVD
NVD
added 2024/05/03 11:15 a.m.44 views

CVE-2024-34072

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

7.8CVSS8AI score0.00408EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 2:15 p.m.44 views

CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...

6.8CVSS6.8AI score0.00787EPSS
Exploits0References2
NVD
NVD
added 2024/04/19 3:15 p.m.44 views

CVE-2024-32478

Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...

6.9CVSS6.6AI score0.00192EPSS
Exploits0References2
NVD
NVD
added 2024/04/16 12:15 a.m.44 views

CVE-2024-1560

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the deleteartifactmlflowartifacts handler and localfileuritopath function, allowing for...

8.1CVSS8AI score0.00856EPSS
Exploits1References1
NVD
NVD
added 2024/04/12 10:15 p.m.44 views

CVE-2024-28869

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

7.5CVSS7.4AI score0.01046EPSS
Exploits0References5
NVD
NVD
added 2024/04/12 4:15 p.m.44 views

CVE-2024-30392

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon flowd of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service DoS. On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific UR...

8.7CVSS7.5AI score0.00694EPSS
Exploits0References2
NVD
NVD
added 2024/04/10 8:15 p.m.44 views

CVE-2024-31984

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

9.9CVSS9.8AI score0.82996EPSS
Exploits1References8
NVD
NVD
added 2024/04/10 5:15 a.m.44 views

CVE-2023-6385

The WordPress Ping Optimizer WordPress plugin through 2.35.1.3.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs...

4.3CVSS6.5AI score0.00225EPSS
Exploits2References1
NVD
NVD
added 2024/04/06 8:15 a.m.44 views

CVE-2024-0837

The Element Pack Elementor Addons Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 5.3.2 due to...

6.4CVSS5.7AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 6:15 p.m.44 views

CVE-2024-2660

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7...

6.8CVSS6.4AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2024/04/03 7:15 a.m.44 views

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

6.1CVSS6.2AI score0.00677EPSS
Exploits4References2
NVD
NVD
added 2024/03/15 8:15 p.m.44 views

CVE-2024-27920

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing cust...

7.4CVSS7.5AI score0.00411EPSS
Exploits0References5
NVD
NVD
added 2024/03/13 9:15 p.m.44 views

CVE-2024-27102

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

9.9CVSS9.5AI score0.0055EPSS
Exploits0References2
NVD
NVD
added 2024/03/06 7:15 p.m.44 views

CVE-2024-27287

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized...

8.7CVSS6.7AI score0.00676EPSS
Exploits0References2
Total number of security vulnerabilities5000