Lucene search
K
NvdMost viewed

363826 matches found

NVD
NVD
added 2024/01/18 8:15 p.m.43 views

CVE-2024-22400

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no...

6.1CVSS4.6AI score0.00454EPSS
Exploits0References4
NVD
NVD
added 2024/01/16 10:15 p.m.43 views

CVE-2022-31021

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

5.3CVSS4.4AI score0.00428EPSS
Exploits1References2
NVD
NVD
added 2024/01/12 7:15 p.m.43 views

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS7.3AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/01/11 6:15 a.m.43 views

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

9.9CVSS9.4AI score0.00627EPSS
Exploits1References5
NVD
NVD
added 2024/01/11 1:15 a.m.43 views

CVE-2024-21666

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

6.5CVSS6.3AI score0.00564EPSS
Exploits1References3
NVD
NVD
added 2024/01/10 10:15 p.m.43 views

CVE-2023-32424

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

5.5CVSS4.9AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2024/01/10 9:15 p.m.43 views

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

5.7CVSS5.8AI score0.00306EPSS
Exploits0References3
NVD
NVD
added 2024/01/09 9:15 a.m.43 views

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...

9.8CVSS9.8AI score0.01205EPSS
Exploits1References2
NVD
NVD
added 2024/01/08 9:15 p.m.43 views

CVE-2022-45354

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60...

7.5CVSS6.2AI score0.38083EPSS
Exploits0References1
NVD
NVD
added 2024/01/03 5:15 p.m.43 views

CVE-2023-46742

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

6.5CVSS5.2AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2024/01/03 4:15 p.m.43 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

6.1CVSS6.2AI score0.00956EPSS
Exploits1References6
NVD
NVD
added 2023/12/29 10:15 a.m.43 views

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...

7.5CVSS0.01006EPSS
Exploits1References6
NVD
NVD
added 2023/12/29 3:15 a.m.43 views

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

8.1CVSS0.007EPSS
Exploits1References3
NVD
NVD
added 2023/12/23 8:15 p.m.43 views

CVE-2023-49594

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

6.5CVSS0.01243EPSS
Exploits1References3
NVD
NVD
added 2023/12/14 10:15 p.m.43 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

5.4CVSS0.00912EPSS
Exploits1References14
NVD
NVD
added 2023/12/08 3:15 p.m.43 views

CVE-2023-6245

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

7.5CVSS0.01212EPSS
Exploits0References5
NVD
NVD
added 2023/12/05 3:15 a.m.43 views

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

7.5CVSS0.01173EPSS
Exploits0References1
NVD
NVD
added 2023/11/23 12:15 a.m.43 views

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

6.5CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2023/11/20 11:15 p.m.43 views

CVE-2023-48051

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding...

7.5CVSS0.00248EPSS
Exploits1References1
NVD
NVD
added 2023/11/18 12:15 a.m.43 views

CVE-2023-46402

git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...

7.5CVSS0.0085EPSS
Exploits1References1
NVD
NVD
added 2023/11/14 11:15 p.m.43 views

CVE-2023-45626

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles...

7.2CVSS0.00942EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 9:15 p.m.43 views

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

9.8CVSS0.01345EPSS
Exploits4References4
NVD
NVD
added 2023/11/10 10:15 p.m.43 views

CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

5.3CVSS0.00369EPSS
Exploits0References4
NVD
NVD
added 2023/11/08 10:15 p.m.43 views

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

6.1CVSS0.00609EPSS
Exploits0References3
NVD
NVD
added 2023/11/07 7:15 p.m.43 views

CVE-2023-46242

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have programming privileges in order to exploit this vulnerability. This issue...

9.6CVSS0.00381EPSS
Exploits0References3
NVD
NVD
added 2023/11/06 12:15 a.m.43 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.3CVSS5.3AI score0.00618EPSS
Exploits2References3
NVD
NVD
added 2023/11/03 7:15 a.m.43 views

CVE-2023-5763

In Eclipse Glassfish 5 or 6, running with old versions of JDK lower than 6u211, or 7u201, or 8u191, allows remote attackers to load malicious code on the server via access to insecure ORB listeners...

9.8CVSS7.3AI score0.0065EPSS
Exploits0References2
NVD
NVD
added 2023/11/03 5:15 a.m.43 views

CVE-2023-41914

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files...

7CVSS7AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 2023/11/01 3:15 a.m.43 views

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References1
NVD
NVD
added 2023/10/30 11:15 p.m.43 views

CVE-2023-45671

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4.7CVSS4.6AI score0.01425EPSS
Exploits1References2
NVD
NVD
added 2023/10/26 10:15 p.m.43 views

CVE-2023-42406

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component...

9.8CVSS9.7AI score0.01947EPSS
Exploits1References2
NVD
NVD
added 2023/10/23 7:15 a.m.43 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS8AI score0.03024EPSS
Exploits1References6
NVD
NVD
added 2023/10/19 10:15 p.m.43 views

CVE-2023-45819

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

6.1CVSS6.1AI score0.00601EPSS
Exploits0References1
NVD
NVD
added 2023/10/18 10:15 p.m.43 views

CVE-2023-45814

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.2AI score0.00449EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 7:15 p.m.43 views

CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...

4.3CVSS4.5AI score0.00699EPSS
Exploits0References3
NVD
NVD
added 2023/10/16 7:15 p.m.43 views

CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

8.8CVSS7.5AI score0.00484EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 12:15 a.m.43 views

CVE-2023-44177

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service DoS condition. This...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2023/10/11 4:15 p.m.43 views

CVE-2023-34346

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...

9.8CVSS9.8AI score0.01292EPSS
Exploits0References2
NVD
NVD
added 2023/10/10 5:15 a.m.43 views

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

8.8CVSS8.7AI score0.01457EPSS
Exploits1References1
NVD
NVD
added 2023/10/09 4:15 p.m.43 views

CVE-2023-41047

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

6.5CVSS6.9AI score0.00568EPSS
Exploits1References3
NVD
NVD
added 2023/10/06 1:15 p.m.43 views

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

5.4CVSS5.3AI score0.00559EPSS
Exploits1References2
NVD
NVD
added 2023/09/29 6:15 a.m.43 views

CVE-2023-44466

An issue was discovered in net/ceph/messengerv2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in cephdecode32...

8.8CVSS9.1AI score0.54577EPSS
Exploits1References5
NVD
NVD
added 2023/09/15 8:15 p.m.43 views

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

7.5CVSS7.3AI score0.0076EPSS
Exploits1References2
NVD
NVD
added 2023/09/13 3:15 p.m.43 views

CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

7.5CVSS7.4AI score0.00592EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 2:15 p.m.43 views

CVE-2023-4701

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vendor eventually states that this issue is identical to CVE-2023-3935...

9.3AI score
Exploits0
NVD
NVD
added 2023/09/12 9:15 p.m.43 views

CVE-2023-41885

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

5.3CVSS5.2AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2023/09/12 5:15 p.m.43 views

CVE-2023-36772

3D Builder Remote Code Execution Vulnerability...

7.8CVSS7.8AI score0.00697EPSS
Exploits0References1
NVD
NVD
added 2023/09/11 10:15 p.m.43 views

CVE-2023-41879

Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would...

7.5CVSS7.6AI score0.00823EPSS
Exploits1References5
NVD
NVD
added 2023/09/11 7:15 p.m.43 views

CVE-2023-31067

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\Clients\www...

9.8CVSS9.6AI score0.02884EPSS
Exploits4References2
NVD
NVD
added 2023/09/05 11:15 p.m.43 views

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS7.8AI score0.00183EPSS
Exploits0References2
Total number of security vulnerabilities5000