Lucene search
K
NvdMost viewed

364310 matches found

NVD
NVD
•added 2021/06/08 2:15 p.m.•44 views

CVE-2021-30357

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access...

5.3CVSS0.22792EPSS
Exploits1References1
NVD
NVD
•added 2021/05/27 4:15 p.m.•44 views

CVE-2021-27492

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...

5.5CVSS0.01745EPSS
Exploits0References3
NVD
NVD
•added 2021/05/14 8:15 p.m.•44 views

CVE-2021-29603

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

7.8CVSS0.00201EPSS
Exploits1References2
NVD
NVD
•added 2021/05/07 9:15 p.m.•44 views

CVE-2021-31453

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.02784EPSS
Exploits0References2
NVD
NVD
•added 2021/05/07 12:15 p.m.•44 views

CVE-2021-21984

VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance...

9.8CVSS0.01981EPSS
Exploits0References1
NVD
NVD
•added 2021/04/23 4:15 p.m.•44 views

CVE-2021-31407

Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request...

8.6CVSS0.02382EPSS
Exploits0References4
NVD
NVD
•added 2021/04/20 12:15 p.m.•44 views

CVE-2021-25680

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting XSS issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be...

6.1CVSS0.03431EPSS
Exploits5References2
NVD
NVD
•added 2021/04/09 1:15 p.m.•44 views

CVE-2021-25326

Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/testversion.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed...

5.4CVSS0.01486EPSS
Exploits3References3
NVD
NVD
•added 2021/04/05 7:15 p.m.•44 views

CVE-2021-24163

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

8.8CVSS0.01439EPSS
Exploits2References2
NVD
NVD
•added 2021/04/05 7:15 p.m.•44 views

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

7.2CVSS0.84112EPSS
Exploits9References3
NVD
NVD
•added 2021/04/01 6:15 p.m.•44 views

CVE-2021-22195

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system...

8.6CVSS0.01139EPSS
Exploits0References2
NVD
NVD
•added 2021/03/30 3:15 p.m.•44 views

CVE-2021-27268

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS0.02491EPSS
Exploits0References2
NVD
NVD
•added 2021/03/15 5:15 p.m.•44 views

CVE-2021-23355

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

9.8CVSS0.01201EPSS
Exploits1References1
NVD
NVD
•added 2021/03/12 3:15 p.m.•44 views

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

7.5CVSS0.02176EPSS
Exploits1References3
NVD
NVD
•added 2021/03/11 4:15 p.m.•44 views

CVE-2021-27050

HEVC Video Extensions Remote Code Execution Vulnerability...

7.8CVSS0.0231EPSS
Exploits0References1
NVD
NVD
•added 2021/03/05 2:15 a.m.•44 views

CVE-2021-27964

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file...

9.8CVSS0.46021EPSS
Exploits5References3
NVD
NVD
•added 2021/03/04 9:15 p.m.•44 views

CVE-2021-25333

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code...

3.2CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2021/03/04 8:15 p.m.•44 views

CVE-2020-8298

fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the copy, copySync, remove, and removeSync methods...

10CVSS0.11168EPSS
Exploits1References3
NVD
NVD
•added 2021/02/19 11:15 p.m.•44 views

CVE-2020-12668

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

6.8CVSS0.01814EPSS
Exploits1References5
NVD
NVD
•added 2021/02/09 8:15 p.m.•44 views

CVE-2021-26551

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module...

8.8CVSS0.02609EPSS
Exploits3References3
NVD
NVD
•added 2021/02/09 5:15 p.m.•44 views

CVE-2021-25141

A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be...

4.9CVSS0.00296EPSS
Exploits0References1
NVD
NVD
•added 2021/02/09 8:15 a.m.•44 views

CVE-2021-23327

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

6.3CVSS0.0137EPSS
Exploits1References4
NVD
NVD
•added 2021/01/26 6:16 p.m.•44 views

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

9.8CVSS9.4AI score0.01552EPSS
Exploits1References1
NVD
NVD
•added 2021/01/12 9:15 p.m.•44 views

CVE-2020-26995

A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could result in an out of bounds write past the end of an allocated structur...

8.8CVSS8.8AI score0.03492EPSS
Exploits0References4
NVD
NVD
•added 2021/01/12 9:15 p.m.•44 views

CVE-2020-25226

A vulnerability has been identified in SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.5, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.5.0. The web server of the affected devices contains a vulnerability that may lead to a buffer overflow...

10CVSS9.6AI score0.01907EPSS
Exploits0References1
NVD
NVD
•added 2021/01/12 3:15 p.m.•44 views

CVE-2021-21446

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service...

7.5CVSS7.5AI score0.01441EPSS
Exploits0References2
NVD
NVD
•added 2020/12/29 6:15 p.m.•44 views

CVE-2020-28281

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

9.8CVSS9.6AI score0.03591EPSS
Exploits1References2
NVD
NVD
•added 2020/12/23 4:15 p.m.•44 views

CVE-2020-29550

An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...

7.5CVSS7.6AI score0.01421EPSS
Exploits2References4
NVD
NVD
•added 2020/12/08 1:15 a.m.•44 views

CVE-2020-27822

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server...

7.1CVSS5.5AI score0.01109EPSS
Exploits0References1
NVD
NVD
•added 2020/12/01 3:15 p.m.•44 views

CVE-2020-25181

WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution...

8.8CVSS9.4AI score0.01972EPSS
Exploits0References1
NVD
NVD
•added 2020/11/06 2:15 p.m.•44 views

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

7.5CVSS7.5AI score0.01112EPSS
Exploits1References5
NVD
NVD
•added 2020/11/05 8:15 p.m.•44 views

CVE-2020-5793

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerabili...

7.8CVSS7.4AI score0.00392EPSS
Exploits0References2
NVD
NVD
•added 2020/10/27 5:15 p.m.•44 views

CVE-2020-11858

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge containerized. The vulneravility affects: 1. Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10...

7.8CVSS7.8AI score0.02687EPSS
Exploits3References4
NVD
NVD
•added 2020/09/19 9:15 p.m.•44 views

CVE-2020-25791

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit...

7.5CVSS0.01733EPSS
Exploits1References2
NVD
NVD
•added 2020/09/04 3:15 a.m.•44 views

CVE-2020-1911

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

9.8CVSS9.7AI score0.02003EPSS
Exploits0References2
NVD
NVD
•added 2020/09/02 5:15 p.m.•44 views

CVE-2020-12621

The Teamwire application 5.3.0 for Android allows physically proximate attackers to exploit a flaw related to the pass-code component...

6.1CVSS6.2AI score0.00333EPSS
Exploits0References2
NVD
NVD
•added 2020/09/01 10:15 a.m.•44 views

CVE-2020-7725

All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function...

9.8CVSS9.6AI score0.01916EPSS
Exploits1References1
NVD
NVD
•added 2020/08/25 9:15 p.m.•44 views

CVE-2020-15645

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

9CVSS9AI score0.10678EPSS
Exploits1References3
NVD
NVD
•added 2020/08/21 10:15 a.m.•44 views

CVE-2020-7710

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

9.8CVSS8.7AI score0.0143EPSS
Exploits1References2
NVD
NVD
•added 2020/06/24 7:15 p.m.•44 views

CVE-2020-15026

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...

4.9CVSS0.01299EPSS
Exploits1References1
NVD
NVD
•added 2020/06/03 5:15 p.m.•44 views

CVE-2020-13784

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...

7.5CVSS7.6AI score0.01296EPSS
Exploits1References2
NVD
NVD
•added 2020/05/12 9:15 p.m.•44 views

CVE-2020-1718

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS7.7AI score0.01004EPSS
Exploits0References1
NVD
NVD
•added 2020/05/12 1:15 p.m.•44 views

CVE-2020-8159

There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view...

9.8CVSS9.7AI score0.0525EPSS
Exploits0References2
NVD
NVD
•added 2020/05/07 9:15 p.m.•44 views

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

6.3CVSS6AI score0.00782EPSS
Exploits0References4
NVD
NVD
•added 2020/05/07 5:15 p.m.•44 views

CVE-2020-12608

An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...

9.3CVSS7.8AI score0.22404EPSS
Exploits4References3
NVD
NVD
•added 2020/03/30 8:15 p.m.•44 views

CVE-2020-5274

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the ErrorHandler rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the...

5.5CVSS4.8AI score0.01197EPSS
Exploits0References3
NVD
NVD
•added 2020/03/18 1:15 p.m.•44 views

CVE-2019-14881

A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed...

6.1CVSS5.9AI score0.01113EPSS
Exploits0References2
NVD
NVD
•added 2020/02/13 12:15 a.m.•44 views

CVE-2019-18915

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service...

7.8CVSS7.8AI score0.01478EPSS
Exploits5References2
NVD
NVD
•added 2020/01/18 12:15 a.m.•44 views

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

7.8CVSS7.8AI score0.00732EPSS
Exploits5References3
NVD
NVD
•added 2019/12/05 3:15 p.m.•44 views

CVE-2019-14910

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...

9.8CVSS9.6AI score0.01054EPSS
Exploits0References1
Total number of security vulnerabilities5000