Lucene search
K
NvdMost viewed

363815 matches found

NVD
NVD
added 2024/08/13 4:15 p.m.43 views

CVE-2024-21757

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker ...

7.8CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2024/08/12 10:15 p.m.43 views

CVE-2024-43218

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...

6.5CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 3:15 p.m.43 views

CVE-2024-42357

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

9.8CVSS0.00602EPSS
Exploits0References5
NVD
NVD
added 2024/08/08 10:15 a.m.43 views

CVE-2024-42034

LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.6CVSS0.00113EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 5:15 p.m.43 views

CVE-2024-7502

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code...

8.5CVSS0.00424EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 4:15 p.m.43 views

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

9.8CVSS0.1453EPSS
Exploits1References1
NVD
NVD
added 2024/08/02 10:16 a.m.43 views

CVE-2024-4643

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

6.4CVSS0.00351EPSS
Exploits0References4
NVD
NVD
added 2024/08/01 5:15 a.m.43 views

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

6.4CVSS0.0026EPSS
Exploits0References2
NVD
NVD
added 2024/07/26 9:15 p.m.43 views

CVE-2024-41119

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 80 in 8🏜️RasterDataVisualization.py takes user input, which is later used in the eval function on line 86, leading to remote code...

9.8CVSS0.01395EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 10:15 a.m.43 views

CVE-2023-38522

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from...

7.5CVSS0.00987EPSS
Exploits0References2
NVD
NVD
added 2024/07/25 8:15 p.m.43 views

CVE-2024-6558

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by hos...

6.3CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 8:15 a.m.43 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS0.00786EPSS
Exploits1References5
NVD
NVD
added 2024/07/23 6:15 a.m.43 views

CVE-2024-6231

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS0.00369EPSS
Exploits1References1
NVD
NVD
added 2024/07/22 3:15 p.m.43 views

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

8.2CVSS0.25924EPSS
Exploits1References2
NVD
NVD
added 2024/07/22 9:15 a.m.43 views

CVE-2024-37445

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/07/19 9:15 a.m.43 views

CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

9.1CVSS0.01029EPSS
Exploits0References3
NVD
NVD
added 2024/07/19 5:15 a.m.43 views

CVE-2024-21527

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-si...

8.8CVSS0.00574EPSS
Exploits0References6
NVD
NVD
added 2024/07/18 4:15 p.m.43 views

CVE-2024-39911

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

10CVSS0.04566EPSS
Exploits2References2
NVD
NVD
added 2024/07/17 5:15 p.m.43 views

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

9.8CVSS0.02278EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 11:15 p.m.43 views

CVE-2024-21141

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

8.2CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2024/07/15 8:15 p.m.43 views

CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

9.9CVSS0.00552EPSS
Exploits0References2
NVD
NVD
added 2024/07/15 3:15 a.m.43 views

CVE-2024-6738

The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL...

5.3CVSS0.00456EPSS
Exploits0References2
NVD
NVD
added 2024/07/12 3:15 p.m.43 views

CVE-2024-39909

KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...

6.5CVSS0.00443EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 9:15 p.m.43 views

CVE-2024-31320

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00259EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 8:15 p.m.43 views

CVE-2024-34139

Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 5:15 p.m.43 views

CVE-2024-38080

Windows Hyper-V Elevation of Privilege Vulnerability...

7.8CVSS0.07115EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.43 views

CVE-2024-38023

Microsoft SharePoint Server Remote Code Execution Vulnerability...

7.2CVSS0.5318EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 5:15 p.m.43 views

CVE-2024-35272

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01854EPSS
Exploits0References1
NVD
NVD
added 2024/07/08 10:15 p.m.43 views

CVE-2024-3653

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

5.3CVSS0.01866EPSS
Exploits0References9
NVD
NVD
added 2024/07/08 4:15 p.m.43 views

CVE-2024-21778

A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability...

7.2CVSS0.00943EPSS
Exploits0References2
NVD
NVD
added 2024/07/05 2:15 p.m.43 views

CVE-2024-38346

The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...

9.8CVSS0.03301EPSS
Exploits0References4
NVD
NVD
added 2024/07/05 2:15 a.m.43 views

CVE-2024-34481

drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page...

6.1CVSS0.00625EPSS
Exploits1References4
NVD
NVD
added 2024/07/04 1:15 p.m.43 views

CVE-2024-6506

Information exposure vulnerability in the MRW plugin, in its 5.4.3 version, affecting the "mrwlog" functionality. This vulnerability could allow a remote attacker to obtain other customers' order information and access sensitive information such as name and phone number. This vulnerability also...

8.2CVSS0.00502EPSS
Exploits0References1
NVD
NVD
added 2024/07/02 7:15 p.m.43 views

CVE-2022-25478

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device...

7.8CVSS0.0019EPSS
Exploits0References4
NVD
NVD
added 2024/06/28 12:15 p.m.43 views

CVE-2024-5735

Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0...

7.5CVSS0.01515EPSS
Exploits2References5
NVD
NVD
added 2024/06/27 10:15 a.m.43 views

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

9.8CVSS0.00528EPSS
Exploits0References2
NVD
NVD
added 2024/06/27 6:15 a.m.43 views

CVE-2024-3111

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...

7.1CVSS0.00315EPSS
Exploits2References1
NVD
NVD
added 2024/06/26 12:15 a.m.43 views

CVE-2024-4869

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

7.2CVSS0.00377EPSS
Exploits0References3
NVD
NVD
added 2024/06/25 4:15 a.m.43 views

CVE-2024-36999

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS0.00395EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 9:15 p.m.43 views

CVE-2024-37759

DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...

9.8CVSS0.0282EPSS
Exploits2References2
NVD
NVD
added 2024/06/19 6:15 p.m.43 views

CVE-2024-36117

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version...

8.6CVSS0.03145EPSS
Exploits1References3
NVD
NVD
added 2024/06/17 6:15 p.m.43 views

CVE-2024-6056

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

6.3CVSS0.0065EPSS
Exploits1References4
NVD
NVD
added 2024/06/14 5:15 p.m.43 views

CVE-2024-5659

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable faultMNRF/Assert. This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device wou...

8.3CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 8:15 a.m.43 views

CVE-2024-36499

Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.8CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 6:15 a.m.43 views

CVE-2024-2218

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.6CVSS0.00342EPSS
Exploits2References1
NVD
NVD
added 2024/06/14 6:15 a.m.43 views

CVE-2023-51496

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7...

5.3CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 2:15 a.m.43 views

CVE-2024-5984

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been...

9.8CVSS0.00787EPSS
Exploits1References4
NVD
NVD
added 2024/06/13 2:15 a.m.43 views

CVE-2024-3922

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

10CVSS0.56209EPSS
Exploits0References2
NVD
NVD
added 2024/06/12 8:15 p.m.43 views

CVE-2023-49559

An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function...

3.7CVSS0.0051EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 1:15 a.m.43 views

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

9.1CVSS0.01024EPSS
Exploits0References2
Total number of security vulnerabilities5000