Lucene search
K
NvdMost viewed

364114 matches found

NVD
NVD
added 2024/11/05 7:15 p.m.43 views

CVE-2024-51493

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS0.00282EPSS
Exploits0References1
NVD
NVD
added 2024/11/04 7:15 p.m.43 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.8CVSS0.0029EPSS
Exploits1References1
NVD
NVD
added 2024/11/04 2:15 a.m.43 views

CVE-2024-10750

A vulnerability has been found in Tenda i22 1.0.0.34687 and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can ...

7.1CVSS0.00831EPSS
Exploits1References5
NVD
NVD
added 2024/11/04 1:15 a.m.43 views

CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

4.7CVSS0.00264EPSS
Exploits1References4
NVD
NVD
added 2024/11/01 3:15 p.m.43 views

CVE-2024-49256

Incorrect Authorization vulnerability in WP Chill Htaccess File Editor htaccess-file-editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through = 1.0.18...

8.8CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2024/11/01 3:15 p.m.43 views

CVE-2024-47317

Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded.This issue affects Ads by WPQuads: from n/a through = 2.0.84...

8.8CVSS0.00375EPSS
Exploits0References1
NVD
NVD
added 2024/11/01 3:15 p.m.43 views

CVE-2024-43154

Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9...

4.3CVSS0.00384EPSS
Exploits0References1
NVD
NVD
added 2024/10/31 8:15 p.m.43 views

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

7.5CVSS0.04237EPSS
Exploits2References1
NVD
NVD
added 2024/10/28 12:15 a.m.43 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

9.8CVSS0.98529EPSS
Exploits6References2
NVD
NVD
added 2024/10/24 12:15 p.m.43 views

CVE-2024-49682

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through = 4.5.3...

6.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2024/10/05 3:15 p.m.43 views

CVE-2024-47387

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Search Atlas Group Search Atlas SEO metasync allows Stored XSS.This issue affects Search Atlas SEO: from n/a through = 1.8.2...

5.9CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2024/10/04 6:15 p.m.43 views

CVE-2024-25707

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

4.8CVSS0.00329EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 12:15 a.m.43 views

CVE-2024-45496

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An...

9.9CVSS0.00894EPSS
Exploits1References8
NVD
NVD
added 2024/09/16 7:16 p.m.43 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
NVD
NVD
added 2024/09/12 1:15 p.m.43 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/11 12:15 a.m.43 views

CVE-2024-40655

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS0.0008EPSS
Exploits0References2
NVD
NVD
added 2024/09/10 11:15 a.m.43 views

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated...

8.8CVSS0.01067EPSS
Exploits0References6
NVD
NVD
added 2024/09/10 10:15 a.m.43 views

CVE-2024-43647

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 6ES7288-1CR40-0AA0 All versions, SIMATIC S7-200 SMART CPU CR60 6ES7288-1CR60-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA0 All versions, SIMATIC S7-200 SMART CPU SR20 6ES7288-1SR20-0AA1 All versions, SIMATI...

8.7CVSS0.0056EPSS
Exploits0References1
NVD
NVD
added 2024/09/09 5:15 p.m.43 views

CVE-2024-45406

Craft is a content management system CMS. Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input...

5.5CVSS0.00334EPSS
Exploits1References2
NVD
NVD
added 2024/08/29 2:15 p.m.43 views

CVE-2024-1056

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowiframetaginpost' function which uses the 'wpksesallowedhtml' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possibl...

6.4CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2024/08/27 6:15 p.m.43 views

CVE-2024-7720

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries...

9.8CVSS0.01143EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 p.m.43 views

CVE-2024-43265

Cross-Site Request Forgery CSRF vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1...

4.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 7:15 a.m.43 views

CVE-2024-45256

An arbitrary file write issue in the exfiltration endpoint in BYOB Build Your Own Botnet 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in fileadd in api/files/routes.py...

9.8CVSS0.05635EPSS
Exploits3References3
NVD
NVD
added 2024/08/22 3:15 p.m.43 views

CVE-2024-43787

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware...

5CVSS0.00231EPSS
Exploits1References3
NVD
NVD
added 2024/08/21 4:15 p.m.43 views

CVE-2024-43411

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS0.004EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 8:15 p.m.43 views

CVE-2024-41773

IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls...

6.5CVSS0.00282EPSS
Exploits0References2
NVD
NVD
added 2024/08/20 3:15 p.m.43 views

CVE-2024-30949

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the gettimeofday function...

9.8CVSS0.00762EPSS
Exploits0References3
NVD
NVD
added 2024/08/20 2:15 a.m.43 views

CVE-2024-5932

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

10CVSS0.74283EPSS
Exploits11References8
NVD
NVD
added 2024/08/19 11:15 p.m.43 views

CVE-2024-7935

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file print.php. The manipulation of the argument mapid leads to sql injection. The attack may be launched remotely. The explo...

9.8CVSS0.00484EPSS
Exploits1References4
NVD
NVD
added 2024/08/18 10:15 p.m.43 views

CVE-2024-43239

Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...

8.1CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 4:15 p.m.43 views

CVE-2024-21757

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker ...

7.8CVSS0.00191EPSS
Exploits0References1
NVD
NVD
added 2024/08/12 10:15 p.m.43 views

CVE-2024-43218

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...

6.5CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 3:15 p.m.43 views

CVE-2024-42357

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

9.8CVSS0.00602EPSS
Exploits0References5
NVD
NVD
added 2024/08/06 5:15 p.m.43 views

CVE-2024-7502

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code...

8.5CVSS0.00424EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 4:15 p.m.43 views

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

9.8CVSS0.1453EPSS
Exploits1References1
NVD
NVD
added 2024/08/02 10:16 a.m.43 views

CVE-2024-4643

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

6.4CVSS0.00351EPSS
Exploits0References4
NVD
NVD
added 2024/08/01 5:15 a.m.43 views

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

6.4CVSS0.0026EPSS
Exploits0References2
NVD
NVD
added 2024/07/26 9:15 p.m.43 views

CVE-2024-41119

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 80 in 8🏜️RasterDataVisualization.py takes user input, which is later used in the eval function on line 86, leading to remote code...

9.8CVSS0.01395EPSS
Exploits1References4
NVD
NVD
added 2024/07/26 10:15 a.m.43 views

CVE-2023-38522

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from...

7.5CVSS0.00987EPSS
Exploits0References2
NVD
NVD
added 2024/07/25 8:15 p.m.43 views

CVE-2024-6558

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by hos...

6.3CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 8:15 a.m.43 views

CVE-2024-6874

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS0.00786EPSS
Exploits1References5
NVD
NVD
added 2024/07/23 6:15 a.m.43 views

CVE-2024-6231

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS0.00369EPSS
Exploits1References1
NVD
NVD
added 2024/07/22 3:15 p.m.43 views

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

8.2CVSS0.25924EPSS
Exploits1References2
NVD
NVD
added 2024/07/22 9:15 a.m.43 views

CVE-2024-37445

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23...

6.5CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 11:15 p.m.43 views

CVE-2024-37449

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13...

5.9CVSS0.0026EPSS
Exploits0References1
NVD
NVD
added 2024/07/19 9:15 a.m.43 views

CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

9.1CVSS0.01029EPSS
Exploits0References3
NVD
NVD
added 2024/07/19 5:15 a.m.43 views

CVE-2024-21527

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-si...

8.8CVSS0.00574EPSS
Exploits0References6
NVD
NVD
added 2024/07/17 5:15 p.m.43 views

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

9.8CVSS0.02278EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 11:15 p.m.43 views

CVE-2024-21141

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

8.2CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 1:15 p.m.43 views

CVE-2022-48853

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

5.5CVSS0.00265EPSS
Exploits0References17
Total number of security vulnerabilities5000