Lucene search
K
NvdMost viewed

364165 matches found

NVD
NVD
added 2022/11/30 10:15 p.m.44 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS0.00473EPSS
Exploits0References6
NVD
NVD
added 2022/11/23 8:15 p.m.44 views

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

9.9CVSS0.0119EPSS
Exploits1References3
NVD
NVD
added 2022/11/22 1:15 p.m.44 views

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...

6.1CVSS0.00472EPSS
Exploits0References3
NVD
NVD
added 2022/11/21 9:15 p.m.44 views

CVE-2022-42096

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content...

4.8CVSS0.0196EPSS
Exploits1References4
NVD
NVD
added 2022/11/15 8:15 p.m.44 views

CVE-2022-38666

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
added 2022/11/09 9:15 p.m.44 views

CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application...

9.8CVSS0.00929EPSS
Exploits0References1
NVD
NVD
added 2022/10/19 4:15 p.m.44 views

CVE-2022-43403

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...

9.9CVSS0.01428EPSS
Exploits0References3
NVD
NVD
added 2022/10/16 4:15 a.m.44 views

CVE-2022-42968

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled...

9.8CVSS0.01051EPSS
Exploits0References3
NVD
NVD
added 2022/10/14 8:15 p.m.44 views

CVE-2022-39310

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...

6.5CVSS0.00615EPSS
Exploits0References3
NVD
NVD
added 2022/10/11 9:15 p.m.44 views

CVE-2022-41177

Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly .igs, .iges, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload force...

7.8CVSS0.00491EPSS
Exploits0References2
NVD
NVD
added 2022/09/29 8:15 p.m.44 views

CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

9.1CVSS0.01574EPSS
Exploits0References3
NVD
NVD
added 2022/09/23 4:15 p.m.44 views

CVE-2022-38742

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could...

9.8CVSS0.21829EPSS
Exploits0References1
NVD
NVD
added 2022/09/21 8:15 a.m.44 views

CVE-2022-40604

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...

7.5CVSS0.01573EPSS
Exploits0References2
NVD
NVD
added 2022/09/15 2:15 a.m.44 views

CVE-2022-38352

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS0.20199EPSS
Exploits1References1
NVD
NVD
added 2022/09/14 11:15 a.m.44 views

CVE-2022-36436

OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacke...

9.8CVSS0.01653EPSS
Exploits1References4
NVD
NVD
added 2022/09/07 11:15 p.m.44 views

CVE-2022-36585

In Tenda G3 USG3V3.0brV15.11.0.67663ENTDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf...

9.8CVSS0.00814EPSS
Exploits0References2
NVD
NVD
added 2022/08/24 2:15 p.m.44 views

CVE-2021-39815

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it which makes it available to be freed, and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670...

9.8CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 2022/08/23 4:15 p.m.44 views

CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

5.5CVSS0.00263EPSS
Exploits0References4
NVD
NVD
added 2022/08/23 4:15 p.m.44 views

CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

5.9CVSS0.01095EPSS
Exploits0References4
NVD
NVD
added 2022/08/17 9:15 p.m.44 views

CVE-2022-2337

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22...

7.5CVSS0.01297EPSS
Exploits0References2
NVD
NVD
added 2022/08/10 8:15 p.m.44 views

CVE-2021-46778

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading SMT. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive...

5.6CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2022/08/01 8:15 p.m.44 views

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

9.8CVSS0.01541EPSS
Exploits1References5
NVD
NVD
added 2022/07/28 4:15 p.m.44 views

CVE-2022-30319

Saia Burgess Controls SBC PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls SBC PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The potential impact is:...

8.1CVSS0.00655EPSS
Exploits0References2
NVD
NVD
added 2022/07/20 5:15 p.m.44 views

CVE-2022-34046

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IPADDRESS/sysinit.shtml?r=52300 and searching for logincheckuser;...

7.5CVSS0.16583EPSS
Exploits4References2
NVD
NVD
added 2022/06/30 6:15 p.m.44 views

CVE-2022-34815

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

4.3CVSS0.00454EPSS
Exploits0References1
NVD
NVD
added 2022/06/23 5:15 p.m.44 views

CVE-2022-33069

Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...

5.5CVSS0.00591EPSS
Exploits1References1
NVD
NVD
added 2022/06/14 9:15 p.m.44 views

CVE-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

4.3CVSS0.00585EPSS
Exploits0References3
NVD
NVD
added 2022/06/06 11:15 p.m.44 views

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...

8.1CVSS0.02383EPSS
Exploits2References2
NVD
NVD
added 2022/06/02 2:15 p.m.44 views

CVE-2022-30999

FriendsofFlarum FoF Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files 'image/svg+xml', navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an...

8.7CVSS0.01124EPSS
Exploits1References4
NVD
NVD
added 2022/05/25 9:15 p.m.44 views

CVE-2022-29252

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions...

7.4CVSS0.00921EPSS
Exploits0References3
NVD
NVD
added 2022/05/05 5:15 p.m.44 views

CVE-2022-29474

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

4.3CVSS0.01469EPSS
Exploits0References1
NVD
NVD
added 2022/05/03 6:15 p.m.44 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.5CVSS0.02786EPSS
Exploits3References4
NVD
NVD
added 2022/03/16 3:15 p.m.44 views

CVE-2021-39689

In multiple functions of odsignmain.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.2CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added 2022/03/15 2:15 p.m.44 views

CVE-2022-24721

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...

8.1CVSS0.01101EPSS
Exploits0References2
NVD
NVD
added 2022/03/09 11:15 p.m.44 views

CVE-2022-24745

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected b...

6.5CVSS0.00524EPSS
Exploits0References1
NVD
NVD
added 2022/02/28 4:15 p.m.44 views

CVE-2022-24711

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

9.8CVSS0.01154EPSS
Exploits0References2
NVD
NVD
added 2022/02/28 9:15 a.m.44 views

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...

4.3CVSS0.00339EPSS
Exploits2References1
NVD
NVD
added 2022/02/24 12:15 a.m.44 views

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

5.3CVSS0.00634EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 11:15 p.m.44 views

CVE-2022-24668

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...

7.5CVSS0.01119EPSS
Exploits0References1
NVD
NVD
added 2022/02/09 11:15 p.m.44 views

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

5.4CVSS0.00489EPSS
Exploits0References2
NVD
NVD
added 2022/02/09 10:15 p.m.44 views

CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandlerprocessSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML...

6.8CVSS0.00957EPSS
Exploits0References3
NVD
NVD
added 2022/02/04 11:15 p.m.44 views

CVE-2022-23588

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS0.00864EPSS
Exploits1References4
NVD
NVD
added 2022/02/04 11:15 p.m.44 views

CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
added 2022/02/04 11:15 p.m.44 views

CVE-2022-23562

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

8.8CVSS0.00578EPSS
Exploits0References4
NVD
NVD
added 2022/02/04 11:15 p.m.44 views

CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

7.1CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2022/02/04 8:15 p.m.44 views

CVE-2021-23470

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

9.8CVSS0.01266EPSS
Exploits1References2
NVD
NVD
added 2022/02/03 2:15 p.m.44 views

CVE-2022-21738

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
added 2022/01/19 11:15 a.m.44 views

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

9.3CVSS0.01016EPSS
Exploits0References1
NVD
NVD
added 2021/12/17 5:15 p.m.44 views

CVE-2021-20606

Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open...

5.5CVSS0.00932EPSS
Exploits0References3
NVD
NVD
added 2021/12/15 3:15 p.m.44 views

CVE-2021-4117

yetiforcecrm is vulnerable to Business Logic Errors...

7.7CVSS0.00708EPSS
Exploits1References2
Total number of security vulnerabilities5000