Lucene search
K
NvdMost viewed

363922 matches found

NVD
NVD
•added 2021/05/14 8:15 p.m.•44 views

CVE-2021-29603

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

7.8CVSS0.00201EPSS
Exploits1References2
NVD
NVD
•added 2021/05/07 9:15 p.m.•44 views

CVE-2021-31453

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.02784EPSS
Exploits0References2
NVD
NVD
•added 2021/04/23 4:15 p.m.•44 views

CVE-2021-31407

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request...

8.6CVSS0.02382EPSS
Exploits0References4
NVD
NVD
•added 2021/04/20 12:15 p.m.•44 views

CVE-2021-25680

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting XSS issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be...

6.1CVSS0.03431EPSS
Exploits5References3
NVD
NVD
•added 2021/04/09 1:15 p.m.•44 views

CVE-2021-25326

Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/testversion.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed...

5.4CVSS0.01486EPSS
Exploits3References3
NVD
NVD
•added 2021/04/05 7:15 p.m.•44 views

CVE-2021-24163

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

8.8CVSS0.01439EPSS
Exploits2References2
NVD
NVD
•added 2021/04/05 7:15 p.m.•44 views

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

7.2CVSS0.84112EPSS
Exploits9References3
NVD
NVD
•added 2021/04/01 6:15 p.m.•44 views

CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system...

8.6CVSS0.01139EPSS
Exploits0References2
NVD
NVD
•added 2021/03/30 3:15 p.m.•44 views

CVE-2021-27268

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.02491EPSS
Exploits0References2
NVD
NVD
•added 2021/03/24 5:15 p.m.•44 views

CVE-2019-19352

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...

7CVSS0.00255EPSS
Exploits0References2
NVD
NVD
•added 2021/03/15 5:15 p.m.•44 views

CVE-2021-23355

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

9.8CVSS0.01201EPSS
Exploits1References1
NVD
NVD
•added 2021/03/11 4:15 p.m.•44 views

CVE-2021-27050

HEVC Video Extensions Remote Code Execution Vulnerability...

7.8CVSS0.0231EPSS
Exploits0References1
NVD
NVD
•added 2021/03/05 2:15 a.m.•44 views

CVE-2021-27964

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file...

9.8CVSS0.46021EPSS
Exploits5References3
NVD
NVD
•added 2021/03/04 9:15 p.m.•44 views

CVE-2021-25333

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code...

3.2CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2021/03/04 8:15 p.m.•44 views

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

10CVSS0.11168EPSS
Exploits1References3
NVD
NVD
•added 2021/02/09 5:15 p.m.•44 views

CVE-2021-25141

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be...

4.9CVSS0.00296EPSS
Exploits0References1
NVD
NVD
•added 2021/02/09 8:15 a.m.•44 views

CVE-2021-23327

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

6.3CVSS0.0137EPSS
Exploits1References4
NVD
NVD
•added 2021/01/26 6:16 p.m.•44 views

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

9.8CVSS9.4AI score0.01552EPSS
Exploits1References1
NVD
NVD
•added 2021/01/26 6:15 p.m.•44 views

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

6.8CVSS7.2AI score0.01169EPSS
Exploits1References1
NVD
NVD
•added 2021/01/12 9:15 p.m.•44 views

CVE-2020-26995

A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structur...

8.8CVSS8.8AI score0.03492EPSS
Exploits0References4
NVD
NVD
•added 2021/01/12 3:15 p.m.•44 views

CVE-2021-21446

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service...

7.5CVSS7.5AI score0.01441EPSS
Exploits0References2
NVD
NVD
•added 2020/12/29 6:15 p.m.•44 views

CVE-2020-28281

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS9.6AI score0.03591EPSS
Exploits1References2
NVD
NVD
•added 2020/12/23 4:15 p.m.•44 views

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

7.5CVSS7.6AI score0.01421EPSS
Exploits2References4
NVD
NVD
•added 2020/12/08 1:15 a.m.•44 views

CVE-2020-27822

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server...

7.1CVSS5.5AI score0.01109EPSS
Exploits0References1
NVD
NVD
•added 2020/12/01 3:15 p.m.•44 views

CVE-2020-25181

WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution...

8.8CVSS9.4AI score0.01972EPSS
Exploits0References1
NVD
NVD
•added 2020/11/19 10:15 p.m.•44 views

CVE-2020-7554

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition Def.exe version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF Configuration Group File file is imported to IGSS Definition...

7.8CVSS7.8AI score0.02385EPSS
Exploits0References2
NVD
NVD
•added 2020/11/12 2:15 p.m.•44 views

CVE-2020-27481

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS9.9AI score0.1064EPSS
Exploits2References1
NVD
NVD
•added 2020/11/06 2:15 p.m.•44 views

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References2
NVD
NVD
•added 2020/11/06 2:15 p.m.•44 views

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

7.5CVSS7.5AI score0.01112EPSS
Exploits1References5
NVD
NVD
•added 2020/11/05 8:15 p.m.•44 views

CVE-2020-5793

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerabili...

7.8CVSS7.4AI score0.00392EPSS
Exploits0References2
NVD
NVD
•added 2020/10/27 5:15 p.m.•44 views

CVE-2020-11858

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge containerized. The vulneravility affects: 1. Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10...

7.8CVSS7.8AI score0.02687EPSS
Exploits3References4
NVD
NVD
•added 2020/10/16 2:15 p.m.•44 views

CVE-2020-14299

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS0.0136EPSS
Exploits0References1
NVD
NVD
•added 2020/09/19 9:15 p.m.•44 views

CVE-2020-25791

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit...

7.5CVSS0.01733EPSS
Exploits1References2
NVD
NVD
•added 2020/09/04 3:15 a.m.•44 views

CVE-2020-1911

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

9.8CVSS9.7AI score0.02003EPSS
Exploits0References2
NVD
NVD
•added 2020/09/01 10:15 a.m.•44 views

CVE-2020-7725

All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function...

9.8CVSS9.6AI score0.01916EPSS
Exploits1References1
NVD
NVD
•added 2020/08/25 9:15 p.m.•44 views

CVE-2020-15645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9CVSS9AI score0.10678EPSS
Exploits1References3
NVD
NVD
•added 2020/08/21 10:15 a.m.•44 views

CVE-2020-7710

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

9.8CVSS8.7AI score0.0143EPSS
Exploits1References2
NVD
NVD
•added 2020/08/11 1:15 p.m.•44 views

CVE-2020-10783

Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files...

8.3CVSS8.2AI score0.01EPSS
Exploits0References2
NVD
NVD
•added 2020/06/24 7:15 p.m.•44 views

CVE-2020-15026

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...

4.9CVSS0.01299EPSS
Exploits1References1
NVD
NVD
•added 2020/06/03 5:15 p.m.•44 views

CVE-2020-13784

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...

7.5CVSS7.6AI score0.01296EPSS
Exploits1References2
NVD
NVD
•added 2020/05/12 9:15 p.m.•44 views

CVE-2020-1718

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS7.7AI score0.01004EPSS
Exploits0References1
NVD
NVD
•added 2020/05/12 1:15 p.m.•44 views

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

9.8CVSS9.7AI score0.0525EPSS
Exploits0References2
NVD
NVD
•added 2020/05/07 5:15 p.m.•44 views

CVE-2020-12608

An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...

9.3CVSS7.8AI score0.22404EPSS
Exploits4References3
NVD
NVD
•added 2020/04/15 9:15 p.m.•44 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS7.5AI score0.01686EPSS
Exploits0References3
NVD
NVD
•added 2020/03/30 8:15 p.m.•44 views

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

5.5CVSS4.8AI score0.01197EPSS
Exploits0References3
NVD
NVD
•added 2020/03/18 1:15 p.m.•44 views

CVE-2019-14881

A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed...

6.1CVSS5.9AI score0.01113EPSS
Exploits0References2
NVD
NVD
•added 2020/03/06 9:15 p.m.•44 views

CVE-2020-10112

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached...

5.8CVSS5.5AI score0.01433EPSS
Exploits3References3
NVD
NVD
•added 2020/02/13 12:15 a.m.•44 views

CVE-2019-18915

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service...

7.8CVSS7.8AI score0.01478EPSS
Exploits5References2
NVD
NVD
•added 2020/01/18 12:15 a.m.•44 views

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

7.8CVSS7.8AI score0.00732EPSS
Exploits5References3
NVD
NVD
•added 2019/12/05 3:15 p.m.•44 views

CVE-2019-14910

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...

9.8CVSS9.6AI score0.01054EPSS
Exploits0References1
Total number of security vulnerabilities5000