Lucene search
K
NvdMost viewed

363781 matches found

NVD
NVD
added 2023/06/13 9:15 a.m.43 views

CVE-2023-33305

A loop with unreachable exit condition 'infinite loop' in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0....

6.5CVSS5.8AI score0.00827EPSS
Exploits0References1
NVD
NVD
added 2023/06/09 8:15 p.m.43 views

CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

5.3CVSS4.7AI score0.00625EPSS
Exploits0References4
NVD
NVD
added 2023/06/09 7:15 a.m.43 views

CVE-2023-2897

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mo...

5.3CVSS4.4AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2023/06/07 9:15 p.m.43 views

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

7.8CVSS7.2AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2023/06/05 10:15 p.m.43 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS7.7AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2023/05/26 5:15 p.m.43 views

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

5.9CVSS5.6AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 11:15 a.m.43 views

CVE-2022-41987

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2023/05/19 12:15 p.m.43 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.5CVSS7.7AI score0.02396EPSS
Exploits2References2
NVD
NVD
added 2023/05/18 11:15 p.m.43 views

CVE-2023-32680

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...

9.6CVSS6.8AI score0.00598EPSS
Exploits0References4
NVD
NVD
added 2023/05/10 3:15 p.m.43 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References3
NVD
NVD
added 2023/05/02 9:15 p.m.43 views

CVE-2022-30759

In Nokia One-NDS aka Network Directory Server through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands...

8.8CVSS9AI score0.01137EPSS
Exploits3References2
NVD
NVD
added 2023/04/25 8:15 p.m.43 views

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/24 5:15 p.m.43 views

CVE-2023-26494

lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume th...

6.1CVSS6.2AI score0.00637EPSS
Exploits1References5
NVD
NVD
added 2023/04/19 12:15 a.m.43 views

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

6.5CVSS6.9AI score0.00844EPSS
Exploits1References2
NVD
NVD
added 2023/04/16 3:15 a.m.43 views

CVE-2022-34128

The Cartography aka positions plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php...

9.8CVSS9.8AI score0.07746EPSS
Exploits3References3
NVD
NVD
added 2023/04/11 10:15 a.m.43 views

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

5.3CVSS5.1AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2023/04/09 8:15 p.m.43 views

CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsfunctionframe at src/njsfunction.h...

7.5CVSS7.6AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2023/04/05 2:15 p.m.43 views

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

6.5CVSS6.3AI score0.00705EPSS
Exploits0References4
NVD
NVD
added 2023/04/04 1:15 p.m.43 views

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS6.2AI score0.00678EPSS
Exploits1References3
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-43608

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of...

8.8CVSS9AI score0.0083EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-36978

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification...

9.8CVSS9.8AI score0.07334EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28642

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28306

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00897EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of...

8.8CVSS9AI score0.01234EPSS
Exploits0References2
NVD
NVD
added 2023/03/27 10:15 p.m.43 views

CVE-2023-26493

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...

8.8CVSS8.6AI score0.02907EPSS
Exploits1References3
NVD
NVD
added 2023/03/27 10:15 p.m.43 views

CVE-2022-2237

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function...

6.1CVSS6.1AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2023/03/27 4:15 p.m.43 views

CVE-2023-0497

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS4.7AI score0.00281EPSS
Exploits2References1
NVD
NVD
added 2023/03/23 5:15 p.m.43 views

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

7.5CVSS6.1AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2023/03/21 12:15 p.m.43 views

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...

7.8CVSS7.5AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2023/03/14 6:15 a.m.43 views

CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

6.5CVSS6AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2023/03/06 4:15 a.m.43 views

CVE-2015-10091

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely...

7.2CVSS6AI score0.00588EPSS
Exploits0References3
NVD
NVD
added 2023/03/02 7:15 p.m.43 views

CVE-2023-26472

XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...

9.9CVSS9.6AI score0.01107EPSS
Exploits1References3
NVD
NVD
added 2023/02/26 1:15 p.m.43 views

CVE-2023-1047

A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may...

7.8CVSS6.2AI score0.00395EPSS
Exploits0References3
NVD
NVD
added 2023/02/23 3:15 p.m.43 views

CVE-2023-0868

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are...

6.7CVSS6.3AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2023/02/20 5:15 p.m.43 views

CVE-2022-46836

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component...

9.1CVSS9.5AI score0.01126EPSS
Exploits2References2
NVD
NVD
added 2023/02/16 9:15 p.m.43 views

CVE-2022-41314

Uncontrolled search path in some IntelR Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2023/02/16 7:15 p.m.43 views

CVE-2021-42756

Multiple stack-based buffer overflow vulnerabilities CWE-121 in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically...

9.8CVSS10AI score0.36405EPSS
Exploits1References1
NVD
NVD
added 2023/02/15 2:15 p.m.43 views

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

8.8CVSS8.8AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 2:15 p.m.43 views

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.7AI score0.01095EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 3:15 a.m.43 views

CVE-2022-32473

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7CVSS7.4AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2023/02/14 8:15 p.m.43 views

CVE-2023-21809

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability...

7.8CVSS7.5AI score0.00598EPSS
Exploits0References1
NVD
NVD
added 2023/02/12 2:15 p.m.43 views

CVE-2023-0787

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11...

8.1CVSS7.7AI score0.00533EPSS
Exploits1References2
NVD
NVD
added 2023/02/12 4:15 a.m.43 views

CVE-2022-34145

Transient DOS due to buffer over-read in WLAN Host while parsing frame information...

7.5CVSS7.6AI score0.00424EPSS
Exploits0References1
NVD
NVD
added 2023/02/11 1:23 a.m.43 views

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

9.1CVSS8AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2023/02/10 8:15 p.m.43 views

CVE-2023-23161

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar...

6.1CVSS5.9AI score0.0591EPSS
Exploits4References4
NVD
NVD
added 2023/02/09 5:15 p.m.43 views

CVE-2022-48301

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...

7.5CVSS7.6AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2023/02/07 11:15 p.m.43 views

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00521EPSS
Exploits0References3
NVD
NVD
added 2023/02/03 6:15 p.m.43 views

CVE-2021-36426

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inclib/general.inc.php...

8.8CVSS8.8AI score0.01058EPSS
Exploits1References1
NVD
NVD
added 2023/02/02 12:15 p.m.43 views

CVE-2023-0642

Cross-Site Request Forgery CSRF in GitHub repository squidex/squidex prior to 7.4.0...

6.8CVSS6.6AI score0.00412EPSS
Exploits1References2
Total number of security vulnerabilities5000