Lucene search
K
NvdMost viewed

363813 matches found

NVD
NVD
•added 2024/05/17 7:15 a.m.•43 views

CVE-2023-32129

Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9...

4.3CVSS4.7AI score0.0041EPSS
Exploits0References1
NVD
NVD
•added 2024/05/14 4:17 p.m.•43 views

CVE-2024-34357

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the ShowImageController eID txcmsshowpic is vulnerable to cross-si...

5.4CVSS5.1AI score0.00502EPSS
Exploits0References5
NVD
NVD
•added 2024/05/07 11:15 p.m.•43 views

CVE-2021-34963

Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS8AI score0.00349EPSS
Exploits0References2
NVD
NVD
•added 2024/05/03 11:15 a.m.•43 views

CVE-2024-34072

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

7.8CVSS8AI score0.00408EPSS
Exploits0References2
NVD
NVD
•added 2024/05/03 3:15 a.m.•43 views

CVE-2023-42115

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens ...

9.8CVSS8AI score0.10042EPSS
Exploits5References1
NVD
NVD
•added 2024/05/03 3:15 a.m.•43 views

CVE-2023-39458

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit th...

5.3CVSS5.4AI score0.00247EPSS
Exploits0References2
NVD
NVD
•added 2024/05/02 5:15 p.m.•43 views

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

6.3CVSS6.2AI score0.00384EPSS
Exploits0References2
NVD
NVD
•added 2024/04/29 2:15 p.m.•43 views

CVE-2024-1969

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Secomea GateManager webserver modules allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033...

8.2CVSS8.3AI score0.00456EPSS
Exploits0References1
NVD
NVD
•added 2024/04/29 4:15 a.m.•43 views

CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7.9AI score0.3786EPSS
Exploits0References6
NVD
NVD
•added 2024/04/23 6:15 p.m.•43 views

CVE-2024-32482

The Tillitis TKey signer device application is an ed25519 signing tool. A vulnerability has been found that makes it possible to disclose portions of the TKey’s data in RAM over the USB interface. To exploit the vulnerability an attacker needs to use a custom client application and to touch the...

2.2CVSS3.5AI score0.00115EPSS
Exploits0References2
NVD
NVD
•added 2024/04/18 10:15 a.m.•43 views

CVE-2024-26921

In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...

5.5CVSS6.4AI score0.0038EPSS
Exploits1References8
NVD
NVD
•added 2024/04/16 10:15 p.m.•43 views

CVE-2024-31452

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...

9.8CVSS7.9AI score0.00656EPSS
Exploits0References2
NVD
NVD
•added 2024/04/10 9:15 p.m.•43 views

CVE-2024-31988

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, b...

9.6CVSS9.3AI score0.00696EPSS
Exploits1References6
NVD
NVD
•added 2024/04/09 5:15 p.m.•43 views

CVE-2024-26229

Windows CSC Service Elevation of Privilege Vulnerability...

7.8CVSS8.1AI score0.09375EPSS
Exploits4References1
NVD
NVD
•added 2024/04/09 3:15 p.m.•43 views

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

7.5CVSS7.3AI score0.13479EPSS
Exploits1References2
NVD
NVD
•added 2024/04/03 5:15 a.m.•43 views

CVE-2024-2322

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

6.8CVSS6.6AI score0.00353EPSS
Exploits2References1
NVD
NVD
•added 2024/03/22 4:15 p.m.•43 views

CVE-2022-32756

IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507...

2.7CVSS3.7AI score0.00508EPSS
Exploits0References2
NVD
NVD
•added 2024/03/21 2:15 p.m.•43 views

CVE-2024-2494

A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...

6.2CVSS6.3AI score0.00364EPSS
Exploits0References7
NVD
NVD
•added 2024/03/13 7:15 p.m.•43 views

CVE-2024-28194

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

9.8CVSS9.3AI score0.00823EPSS
Exploits1References1
NVD
NVD
•added 2024/03/12 5:15 p.m.•43 views

CVE-2024-26204

Outlook for Android Information Disclosure Vulnerability...

7.5CVSS7.4AI score0.02136EPSS
Exploits0References1
NVD
NVD
•added 2024/03/09 1:15 a.m.•43 views

CVE-2024-28122

JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

6.8CVSS6.4AI score0.0057EPSS
Exploits1References3
NVD
NVD
•added 2024/02/29 6:15 a.m.•43 views

CVE-2023-1841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Honeywell MPA2 Access Panel Web server modules allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package...

8.1CVSS7.9AI score0.00372EPSS
Exploits0References2
NVD
NVD
•added 2024/02/23 5:15 a.m.•43 views

CVE-2024-22243

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

8.1CVSS7.9AI score0.03967EPSS
Exploits1References3
NVD
NVD
•added 2024/02/21 6:15 p.m.•43 views

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

5.3CVSS7.7AI score0.00427EPSS
Exploits1References1
NVD
NVD
•added 2024/02/09 2:15 p.m.•43 views

CVE-2024-25318

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2...

8.8CVSS9.1AI score0.00698EPSS
Exploits1References1
NVD
NVD
•added 2024/02/08 9:15 p.m.•43 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.5CVSS7.7AI score0.00602EPSS
Exploits1References1
NVD
NVD
•added 2024/02/07 9:15 p.m.•43 views

CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

7.5CVSS6.5AI score0.01448EPSS
Exploits0References13
NVD
NVD
•added 2024/02/06 11:15 p.m.•43 views

CVE-2024-22388

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys...

7.8CVSS6.5AI score0.00168EPSS
Exploits0References2
NVD
NVD
•added 2024/02/06 4:15 a.m.•43 views

CVE-2024-24808

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

6.1CVSS5.1AI score0.00545EPSS
Exploits1References2
NVD
NVD
•added 2024/01/26 6:15 p.m.•43 views

CVE-2024-0937

A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...

9.8CVSS7.1AI score0.00678EPSS
Exploits0References4
NVD
NVD
•added 2024/01/25 9:15 p.m.•43 views

CVE-2023-52251

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages...

8.8CVSS9AI score0.85025EPSS
Exploits5References2
NVD
NVD
•added 2024/01/25 7:15 p.m.•43 views

CVE-2024-0883

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...

9.8CVSS7.3AI score0.00649EPSS
Exploits1References3
NVD
NVD
•added 2024/01/22 5:15 a.m.•43 views

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

7.5CVSS7.5AI score0.0096EPSS
Exploits1References7
NVD
NVD
•added 2024/01/18 9:15 p.m.•43 views

CVE-2024-22415

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

9.8CVSS8.4AI score0.00491EPSS
Exploits0References2
NVD
NVD
•added 2024/01/18 8:15 p.m.•43 views

CVE-2024-22400

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no...

6.1CVSS4.6AI score0.00454EPSS
Exploits0References4
NVD
NVD
•added 2024/01/16 10:15 p.m.•43 views

CVE-2022-31021

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

5.3CVSS4.4AI score0.00428EPSS
Exploits1References2
NVD
NVD
•added 2024/01/12 7:15 p.m.•43 views

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS7.3AI score0.00163EPSS
Exploits0References1
NVD
NVD
•added 2024/01/11 6:15 a.m.•43 views

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

9.9CVSS9.4AI score0.00627EPSS
Exploits1References5
NVD
NVD
•added 2024/01/11 1:15 a.m.•43 views

CVE-2024-21666

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

6.5CVSS6.3AI score0.00564EPSS
Exploits1References3
NVD
NVD
•added 2024/01/10 10:15 p.m.•43 views

CVE-2023-32424

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

5.5CVSS4.9AI score0.00189EPSS
Exploits0References2
NVD
NVD
•added 2024/01/10 9:15 p.m.•43 views

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

5.7CVSS5.8AI score0.00306EPSS
Exploits0References3
NVD
NVD
•added 2024/01/09 9:15 a.m.•43 views

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...

9.8CVSS9.8AI score0.01205EPSS
Exploits1References2
NVD
NVD
•added 2024/01/08 9:15 p.m.•43 views

CVE-2022-45354

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60...

7.5CVSS6.2AI score0.38083EPSS
Exploits0References1
NVD
NVD
•added 2024/01/03 5:15 p.m.•43 views

CVE-2023-46742

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

6.5CVSS5.2AI score0.00271EPSS
Exploits0References2
NVD
NVD
•added 2024/01/03 4:15 p.m.•43 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

6.1CVSS6.2AI score0.00956EPSS
Exploits1References6
NVD
NVD
•added 2023/12/29 10:15 a.m.•43 views

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...

7.5CVSS0.01006EPSS
Exploits1References6
NVD
NVD
•added 2023/12/29 3:15 a.m.•43 views

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

8.1CVSS0.007EPSS
Exploits1References3
NVD
NVD
•added 2023/12/23 8:15 p.m.•43 views

CVE-2023-49594

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

6.5CVSS0.01243EPSS
Exploits1References3
NVD
NVD
•added 2023/12/14 10:15 p.m.•43 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

5.4CVSS0.00912EPSS
Exploits1References14
NVD
NVD
•added 2023/12/08 3:15 p.m.•43 views

CVE-2023-6245

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

7.5CVSS0.01212EPSS
Exploits0References5
Total number of security vulnerabilities5000