Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2023/01/05 11:15 p.m.44 views

CVE-2021-32828

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

6.1CVSS5.9AI score0.0071EPSS
Exploits1References2
NVD
NVD
added 2023/01/05 1:15 a.m.44 views

CVE-2023-0057

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33...

6.1CVSS4.6AI score0.00456EPSS
Exploits0References2
NVD
NVD
added 2022/12/27 3:15 p.m.44 views

CVE-2022-4722

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5...

7.2CVSS0.0113EPSS
Exploits1References2
NVD
NVD
added 2022/12/21 1:15 a.m.44 views

CVE-2022-4617

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.3.2...

6.1CVSS0.00616EPSS
Exploits1References2
NVD
NVD
added 2022/12/16 4:15 p.m.44 views

CVE-2022-20581

In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

6.7CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 2022/12/13 7:15 p.m.44 views

CVE-2022-44704

Microsoft Windows System Monitor Sysmon Elevation of Privilege Vulnerability...

7.8CVSS0.00704EPSS
Exploits0References2
NVD
NVD
added 2022/12/07 9:15 p.m.44 views

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

7.5CVSS0.00689EPSS
Exploits0References1
NVD
NVD
added 2022/11/30 11:15 p.m.44 views

CVE-2022-46162

discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...

9.8CVSS0.0113EPSS
Exploits1References2
NVD
NVD
added 2022/11/30 10:15 p.m.44 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS0.00473EPSS
Exploits0References6
NVD
NVD
added 2022/11/23 8:15 p.m.44 views

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

9.9CVSS0.0119EPSS
Exploits1References3
NVD
NVD
added 2022/11/22 1:15 p.m.44 views

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...

6.1CVSS0.00472EPSS
Exploits0References3
NVD
NVD
added 2022/11/21 9:15 p.m.44 views

CVE-2022-42096

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content...

4.8CVSS0.0196EPSS
Exploits1References4
NVD
NVD
added 2022/11/15 8:15 p.m.44 views

CVE-2022-38666

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/11/09 9:15 p.m.44 views

CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

9.8CVSS0.00929EPSS
Exploits0References1
NVD
NVD
added 2022/10/16 4:15 a.m.44 views

CVE-2022-42968

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled...

9.8CVSS0.01051EPSS
Exploits0References3
NVD
NVD
added 2022/10/14 8:15 p.m.44 views

CVE-2022-39310

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...

6.5CVSS0.00615EPSS
Exploits0References3
NVD
NVD
added 2022/10/11 9:15 p.m.44 views

CVE-2022-41177

Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly .igs, .iges, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload force...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
added 2022/09/29 8:15 p.m.44 views

CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

9.1CVSS0.01574EPSS
Exploits0References3
NVD
NVD
added 2022/09/23 4:15 p.m.44 views

CVE-2022-38742

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

9.8CVSS0.21829EPSS
Exploits0References1
NVD
NVD
added 2022/09/21 4:15 p.m.44 views

CVE-2022-41249

A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2022/09/21 8:15 a.m.44 views

CVE-2022-40604

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...

7.5CVSS0.01573EPSS
Exploits0References2
NVD
NVD
added 2022/09/15 2:15 a.m.44 views

CVE-2022-38352

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS0.20199EPSS
Exploits1References1
NVD
NVD
added 2022/09/14 11:15 a.m.44 views

CVE-2022-36436

OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacke...

9.8CVSS0.01653EPSS
Exploits1References4
NVD
NVD
added 2022/09/07 11:15 p.m.44 views

CVE-2022-36585

In Tenda G3 USG3V3.0brV15.11.0.67663ENTDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf...

9.8CVSS0.00814EPSS
Exploits0References2
NVD
NVD
added 2022/08/29 6:15 p.m.44 views

CVE-2022-36037

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

5.9CVSS0.00694EPSS
Exploits0References3
NVD
NVD
added 2022/08/24 2:15 p.m.44 views

CVE-2021-39815

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it which makes it available to be freed, and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670...

9.8CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 2022/08/23 4:15 p.m.44 views

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

5.5CVSS0.00263EPSS
Exploits0References4
NVD
NVD
added 2022/08/23 4:15 p.m.44 views

CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

5.9CVSS0.01095EPSS
Exploits0References4
NVD
NVD
added 2022/08/17 9:15 p.m.44 views

CVE-2022-2337

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...

7.5CVSS0.01297EPSS
Exploits0References2
NVD
NVD
added 2022/08/10 8:15 p.m.44 views

CVE-2021-46778

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

5.6CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2022/08/01 8:15 p.m.44 views

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

9.8CVSS0.01541EPSS
Exploits1References5
NVD
NVD
added 2022/07/28 4:15 p.m.44 views

CVE-2022-30319

Saia Burgess Controls SBC PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls SBC PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The potential impact is:...

8.1CVSS0.00655EPSS
Exploits0References2
NVD
NVD
added 2022/07/20 5:15 p.m.44 views

CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser;...

7.5CVSS0.16583EPSS
Exploits4References2
NVD
NVD
added 2022/07/20 12:15 p.m.44 views

CVE-2022-2488

A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...

9.8CVSS0.28724EPSS
Exploits1References3
NVD
NVD
added 2022/06/30 6:15 p.m.44 views

CVE-2022-34815

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

4.3CVSS0.00454EPSS
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.44 views

CVE-2022-33069

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...

5.5CVSS0.00591EPSS
Exploits1References1
NVD
NVD
added 2022/06/14 9:15 p.m.44 views

CVE-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

4.3CVSS0.00585EPSS
Exploits0References3
NVD
NVD
added 2022/06/06 11:15 p.m.44 views

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...

8.1CVSS0.02383EPSS
Exploits2References2
NVD
NVD
added 2022/06/02 7:15 p.m.44 views

CVE-2022-31024

richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...

6.5CVSS0.00572EPSS
Exploits0References3
NVD
NVD
added 2022/06/02 2:15 p.m.44 views

CVE-2022-30999

FriendsofFlarum FoF Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files 'image/svg+xml', navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an...

8.7CVSS0.01124EPSS
Exploits1References4
NVD
NVD
added 2022/05/25 9:15 p.m.44 views

CVE-2022-29252

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions...

7.4CVSS0.00921EPSS
Exploits0References3
NVD
NVD
added 2022/05/03 6:15 p.m.44 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.5CVSS0.02786EPSS
Exploits3References4
NVD
NVD
added 2022/04/01 5:15 a.m.44 views

CVE-2021-35088

Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure...

9.1CVSS0.00817EPSS
Exploits0References1
NVD
NVD
added 2022/03/16 3:15 p.m.44 views

CVE-2021-39689

In multiple functions of odsignmain.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.2CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added 2022/03/15 2:15 p.m.44 views

CVE-2022-24721

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...

8.1CVSS0.01101EPSS
Exploits0References2
NVD
NVD
added 2022/03/11 6:15 p.m.44 views

CVE-2022-0001

Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...

6.5CVSS0.00508EPSS
Exploits0References7
NVD
NVD
added 2022/03/09 11:15 p.m.44 views

CVE-2022-24745

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

6.5CVSS0.00524EPSS
Exploits0References1
NVD
NVD
added 2022/02/28 4:15 p.m.44 views

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

9.8CVSS0.01154EPSS
Exploits0References2
NVD
NVD
added 2022/02/28 9:15 a.m.44 views

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...

4.3CVSS0.00339EPSS
Exploits2References1
NVD
NVD
added 2022/02/24 12:15 a.m.44 views

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

5.3CVSS0.00634EPSS
Exploits0References2
Total number of security vulnerabilities5000