Lucene search
K
NvdMost viewed

363816 matches found

NVD
NVD
added 2024/12/04 8:15 a.m.43 views

CVE-2023-6978

The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

6.1CVSS0.00285EPSS
Exploits0References2
NVD
NVD
added 2024/12/03 6:15 a.m.43 views

CVE-2024-49411

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege...

4.6CVSS0.00223EPSS
Exploits0References1
NVD
NVD
added 2024/11/29 6:15 p.m.43 views

CVE-2024-49360

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user UserA with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders C:\Sandbox\UserB\xxx. An authenticated attack...

9.2CVSS0.00493EPSS
Exploits1References1
NVD
NVD
added 2024/11/26 6:15 p.m.43 views

CVE-2024-10878

The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...

6.1CVSS0.00443EPSS
Exploits0References3
NVD
NVD
added 2024/11/21 6:15 p.m.43 views

CVE-2024-52309

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...

5.1CVSS0.00598EPSS
Exploits0References3
NVD
NVD
added 2024/11/21 11:15 a.m.43 views

CVE-2024-9828

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

4.1CVSS0.00491EPSS
Exploits1References1
NVD
NVD
added 2024/11/19 6:15 p.m.43 views

CVE-2024-53084

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with ea...

5.5CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 2024/11/19 6:15 p.m.43 views

CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...

5.5CVSS0.00238EPSS
Exploits0References5
NVD
NVD
added 2024/11/15 10:15 p.m.43 views

CVE-2024-9500

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management...

7.8CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 9:15 p.m.43 views

CVE-2024-45610

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form...

6.5CVSS0.00333EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 5:15 p.m.43 views

CVE-2024-52528

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2...

9.3CVSS0.00551EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 5:15 p.m.43 views

CVE-2021-34752

A vulnerability in the CLI of Cisco FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of...

6.7CVSS0.00262EPSS
Exploits0References1
NVD
NVD
added 2024/11/15 11:15 a.m.43 views

CVE-2023-0737

wallabag version 2.5.2 contains a Cross-Site Request Forgery CSRF vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4...

6.5CVSS0.00304EPSS
Exploits1References2
NVD
NVD
added 2024/11/14 6:15 p.m.43 views

CVE-2024-52374

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through = 1.5.5...

10CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2024/11/14 4:15 p.m.43 views

CVE-2024-11213

A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/editrole.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit...

7.2CVSS0.00512EPSS
Exploits1References5
NVD
NVD
added 2024/11/13 4:15 p.m.43 views

CVE-2024-52298

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

7.5CVSS0.0066EPSS
Exploits1References1
NVD
NVD
added 2024/11/13 2:15 a.m.43 views

CVE-2024-10629

The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxvfileupload function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS0.01619EPSS
Exploits3References3
NVD
NVD
added 2024/11/12 6:15 p.m.43 views

CVE-2024-49048

TorchGeo Remote Code Execution Vulnerability...

8.1CVSS0.01221EPSS
Exploits0References1
NVD
NVD
added 2024/11/10 1:15 p.m.43 views

CVE-2024-10958

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

7.3CVSS0.01577EPSS
Exploits1References4
NVD
NVD
added 2024/11/08 11:15 p.m.43 views

CVE-2024-52004

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to...

8.7CVSS0.00679EPSS
Exploits0References2
NVD
NVD
added 2024/11/06 7:15 a.m.43 views

CVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...

9.9CVSS0.00944EPSS
Exploits0References3
NVD
NVD
added 2024/11/05 7:15 p.m.43 views

CVE-2024-51493

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS0.00282EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 7:15 p.m.43 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS0.0029EPSS
Exploits1References1
NVD
NVD
added 2024/11/04 2:15 a.m.43 views

CVE-2024-10750

A vulnerability has been found in Tenda i22 1.0.0.34687 and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can ...

7.1CVSS0.00831EPSS
Exploits1References5
NVD
NVD
added 2024/11/04 1:15 a.m.43 views

CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

4.7CVSS0.00264EPSS
Exploits1References4
NVD
NVD
added 2024/11/01 3:15 p.m.43 views

CVE-2024-49256

Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through = 1.0.18...

8.8CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2024/11/01 3:15 p.m.43 views

CVE-2024-47317

Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded.This issue affects Ads by WPQuads: from n/a through = 2.0.84...

8.8CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2024/11/01 3:15 p.m.43 views

CVE-2024-43154

Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9...

4.3CVSS0.00384EPSS
Exploits0References1
NVD
NVD
added 2024/10/31 8:15 p.m.43 views

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

7.5CVSS0.04237EPSS
Exploits2References1
NVD
NVD
added 2024/10/28 12:15 a.m.43 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

9.8CVSS0.98529EPSS
Exploits6References2
NVD
NVD
added 2024/10/24 12:15 p.m.43 views

CVE-2024-49682

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through = 4.5.3...

6.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2024/10/05 3:15 p.m.43 views

CVE-2024-47387

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Search Atlas Group Search Atlas SEO metasync allows Stored XSS.This issue affects Search Atlas SEO: from n/a through = 1.8.2...

5.9CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2024/10/04 6:15 p.m.43 views

CVE-2024-25707

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

4.8CVSS0.00329EPSS
Exploits0References1
NVD
NVD
added 2024/10/01 12:15 p.m.43 views

CVE-2024-9405

An incorrect limitation of a path to a restricted directory path traversal has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the...

5.3CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 12:15 a.m.43 views

CVE-2024-45496

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An...

9.9CVSS0.00894EPSS
Exploits1References8
NVD
NVD
added 2024/09/16 7:16 p.m.43 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
NVD
NVD
added 2024/09/13 9:15 a.m.43 views

CVE-2024-6656

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable. This issue affects Cockpit Software: before v2.13...

9.8CVSS0.00433EPSS
Exploits0References2
NVD
NVD
added 2024/09/13 7:15 a.m.43 views

CVE-2024-8664

The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

6.1CVSS0.00359EPSS
Exploits0References3
NVD
NVD
added 2024/09/12 1:15 p.m.43 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/11 12:15 a.m.43 views

CVE-2024-40655

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS0.0008EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 11:15 a.m.43 views

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

8.8CVSS0.01067EPSS
Exploits0References6
NVD
NVD
added 2024/09/10 10:15 a.m.43 views

CVE-2024-43647

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 6ES7288-1CR40-0AA0 All versions, SIMATIC S7-200 SMART CPU CR60 6ES7288-1CR60-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA1 All versions, SIMATI...

8.7CVSS0.0056EPSS
Exploits0References1
NVD
NVD
added 2024/09/09 5:15 p.m.43 views

CVE-2024-45406

Craft is a content management system CMS. Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input...

5.5CVSS0.00334EPSS
Exploits1References2
NVD
NVD
added 2024/09/04 4:15 p.m.43 views

CVE-2024-45075

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication...

8.8CVSS0.00445EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 2:15 p.m.43 views

CVE-2024-1056

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowiframetaginpost' function which uses the 'wpksesallowedhtml' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possibl...

6.4CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2024/08/27 6:15 p.m.43 views

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

9.8CVSS0.01143EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 p.m.43 views

CVE-2024-43265

Cross-Site Request Forgery CSRF vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1...

4.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 7:15 a.m.43 views

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

9.8CVSS0.05635EPSS
Exploits3References3
NVD
NVD
added 2024/08/22 3:15 p.m.43 views

CVE-2024-43787

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware...

5CVSS0.00231EPSS
Exploits1References3
NVD
NVD
added 2024/08/21 4:15 p.m.43 views

CVE-2024-43411

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS0.004EPSS
Exploits0References2
Total number of security vulnerabilities5000