Lucene search
K
NvdMost viewed

363816 matches found

NVD
NVD
added 2025/04/22 3:15 a.m.43 views

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

7.8CVSS0.0093EPSS
Exploits2References2
NVD
NVD
added 2025/04/17 9:15 p.m.43 views

CVE-2025-29449

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function...

6.5CVSS0.00309EPSS
Exploits1References1
NVD
NVD
added 2025/04/15 6:15 a.m.43 views

CVE-2024-13207

The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

4.8CVSS0.00239EPSS
Exploits1References1
NVD
NVD
added 2025/04/10 3:16 p.m.43 views

CVE-2025-32027

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...

6.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2025/03/31 5:15 p.m.43 views

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS0.00446EPSS
Exploits1References2
NVD
NVD
added 2025/03/31 3:15 p.m.43 views

CVE-2025-30095

VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...

9CVSS0.00483EPSS
Exploits0References5
NVD
NVD
added 2025/03/24 5:15 p.m.43 views

CVE-2025-30208

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS0.74998EPSS
Exploits28References6
NVD
NVD
added 2025/03/22 5:15 p.m.43 views

CVE-2025-2622

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...

8.8CVSS0.0065EPSS
Exploits1References5
NVD
NVD
added 2025/03/20 10:15 a.m.43 views

CVE-2024-12886

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

7.5CVSS0.00672EPSS
Exploits2References1
NVD
NVD
added 2025/03/12 7:15 p.m.43 views

CVE-2025-0117

A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. GlobalProtect App on macOS, Linux, iOS, Android, Chrome OS and...

7.1CVSS0.0015EPSS
Exploits0References1
NVD
NVD
added 2025/03/12 5:15 p.m.43 views

CVE-2025-27017

Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the credentials...

6.9CVSS0.01135EPSS
Exploits0References2
NVD
NVD
added 2025/03/11 5:16 p.m.43 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS0.58974EPSS
Exploits20References7
NVD
NVD
added 2025/03/05 7:15 p.m.43 views

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field files., a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1...

9.8CVSS0.00685EPSS
Exploits1References2
NVD
NVD
added 2025/03/03 5:15 p.m.43 views

CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS0.00117EPSS
Exploits0References2
NVD
NVD
added 2025/03/03 5:15 a.m.43 views

CVE-2025-1851

A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack...

9CVSS0.01014EPSS
Exploits0References5
NVD
NVD
added 2025/02/24 4:15 a.m.43 views

CVE-2025-1615

A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. Th...

4.8CVSS0.00561EPSS
Exploits0References3
NVD
NVD
added 2025/02/21 10:15 p.m.43 views

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
NVD
NVD
added 2025/02/21 10:15 p.m.43 views

CVE-2019-8900

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the...

6.8CVSS0.67089EPSS
Exploits1References1
NVD
NVD
added 2025/02/19 5:15 a.m.43 views

CVE-2025-1441

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wprfilterwooproducts' function. This makes it possible for unauthenticated attacke...

8.8CVSS0.00204EPSS
Exploits0References3
NVD
NVD
added 2025/02/18 9:15 p.m.43 views

CVE-2025-26605

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access...

9.4CVSS0.00456EPSS
Exploits1References1
NVD
NVD
added 2025/02/12 9:15 p.m.43 views

CVE-2025-0110

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...

8.6CVSS0.01227EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 12:15 p.m.43 views

CVE-2025-1196

A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack...

5.4CVSS0.00344EPSS
Exploits1References5
NVD
NVD
added 2025/02/12 9:15 a.m.43 views

CVE-2025-1188

A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched...

9.8CVSS0.00484EPSS
Exploits1References4
NVD
NVD
added 2025/02/07 11:15 p.m.43 views

CVE-2025-24028

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Tex...

9.6CVSS0.00497EPSS
Exploits1References4
NVD
NVD
added 2025/02/04 10:15 p.m.43 views

CVE-2024-53851

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

6.5CVSS0.00439EPSS
Exploits0References2
NVD
NVD
added 2025/02/04 8:15 p.m.43 views

CVE-2025-24968

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS0.00604EPSS
Exploits1References1
NVD
NVD
added 2025/02/04 8:15 p.m.43 views

CVE-2025-24963

Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host: true, an attacker can send a request to that handler from remote to get th...

7.5CVSS0.02317EPSS
Exploits0References4
NVD
NVD
added 2025/02/04 7:15 p.m.43 views

CVE-2025-25039

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager CPPM allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on...

8.8CVSS0.00623EPSS
Exploits0References1
NVD
NVD
added 2025/02/04 8:15 a.m.43 views

CVE-2025-20891

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability...

5.5CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 5:15 p.m.43 views

CVE-2024-38412

Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors...

7.8CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2025/01/29 10:15 p.m.43 views

CVE-2025-0842

A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS0.00607EPSS
Exploits1References4
NVD
NVD
added 2025/01/29 2:15 a.m.43 views

CVE-2025-0800

A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the...

5.1CVSS0.00411EPSS
Exploits1References4
NVD
NVD
added 2025/01/28 12:15 a.m.43 views

CVE-2022-31749

An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM...

6.5CVSS0.01242EPSS
Exploits2References2
NVD
NVD
added 2025/01/27 3:15 p.m.43 views

CVE-2025-24628

Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through = 1.78...

5.3CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added 2025/01/23 6:15 p.m.43 views

CVE-2025-22153

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

7.9CVSS0.00388EPSS
Exploits0References2
NVD
NVD
added 2025/01/22 6:15 p.m.43 views

CVE-2025-23047

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS0.00481EPSS
Exploits0References2
NVD
NVD
added 2025/01/22 3:15 p.m.43 views

CVE-2025-23942

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through = 2.1.6...

9.1CVSS0.02622EPSS
Exploits1References1
NVD
NVD
added 2025/01/22 8:15 a.m.43 views

CVE-2024-13361

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.8CVSS0.00309EPSS
Exploits0References2
NVD
NVD
added 2025/01/14 1:15 a.m.43 views

CVE-2025-23033

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarsituacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

6.4CVSS0.00273EPSS
Exploits1References2
NVD
NVD
added 2025/01/08 4:15 p.m.43 views

CVE-2025-22130

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...

8.8CVSS0.00654EPSS
Exploits0References3
NVD
NVD
added 2025/01/06 11:15 a.m.43 views

CVE-2024-45555

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image...

8.4CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 2025/01/06 11:15 a.m.43 views

CVE-2024-33059

Memory corruption while processing frame command IOCTL calls...

7.8CVSS0.00128EPSS
Exploits0References1
NVD
NVD
added 2025/01/02 12:15 p.m.43 views

CVE-2023-45104

Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through = 1.6.0...

8.8CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 12:15 a.m.43 views

CVE-2024-55603

Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...

6.5CVSS0.00492EPSS
Exploits1References8
NVD
NVD
added 2024/12/18 11:15 p.m.43 views

CVE-2022-40733

An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboo...

6.5CVSS0.00816EPSS
Exploits1References1
NVD
NVD
added 2024/12/13 3:15 p.m.43 views

CVE-2024-54315

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicheaddons Events Addon for Elementor events-addon-for-elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through = 2.2.2...

6.5CVSS0.00391EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 12:15 p.m.43 views

CVE-2024-54115

Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability...

7.5CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 p.m.43 views

CVE-2023-49154

Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

5.3CVSS0.00614EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 a.m.43 views

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

8.8CVSS0.03637EPSS
Exploits1References4
NVD
NVD
added 2024/12/06 4:15 p.m.43 views

CVE-2024-54135

ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photoupload.php within the decodekey function. User inputs were supplied to this function...

9.8CVSS0.00732EPSS
Exploits1References2
Total number of security vulnerabilities5000