Lucene search
K
NvdMost viewed

364109 matches found

NVD
NVD
added 2024/01/03 4:15 p.m.43 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

6.1CVSS6.2AI score0.00956EPSS
Exploits1References6
NVD
NVD
added 2023/12/29 10:15 a.m.43 views

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...

7.5CVSS0.01006EPSS
Exploits1References6
NVD
NVD
added 2023/12/29 3:15 a.m.43 views

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

8.1CVSS0.007EPSS
Exploits1References3
NVD
NVD
added 2023/12/23 8:15 p.m.43 views

CVE-2023-49594

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

6.5CVSS0.01243EPSS
Exploits1References3
NVD
NVD
added 2023/12/14 10:15 p.m.43 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

5.4CVSS0.00912EPSS
Exploits1References14
NVD
NVD
added 2023/12/13 8:15 p.m.43 views

CVE-2023-46247

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...

7.5CVSS0.00692EPSS
Exploits0References3
NVD
NVD
added 2023/12/08 3:15 p.m.43 views

CVE-2023-6245

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

7.5CVSS0.01212EPSS
Exploits0References5
NVD
NVD
added 2023/12/05 3:15 a.m.43 views

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

7.5CVSS0.01173EPSS
Exploits0References1
NVD
NVD
added 2023/11/23 12:15 a.m.43 views

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

6.5CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2023/11/20 11:15 p.m.43 views

CVE-2023-48051

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding...

7.5CVSS0.00248EPSS
Exploits1References1
NVD
NVD
added 2023/11/18 12:15 a.m.43 views

CVE-2023-46402

git-urls 1.0.0 allows ReDOS Regular Expression Denial of Service in urls.go...

7.5CVSS0.0085EPSS
Exploits1References1
NVD
NVD
added 2023/11/14 11:15 p.m.43 views

CVE-2023-45626

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles...

7.2CVSS0.00942EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 9:15 p.m.43 views

CVE-2023-34060

VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass log...

9.8CVSS0.01345EPSS
Exploits4References4
NVD
NVD
added 2023/11/10 10:15 p.m.43 views

CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

5.3CVSS0.00369EPSS
Exploits0References4
NVD
NVD
added 2023/11/08 10:15 p.m.43 views

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

6.1CVSS0.00609EPSS
Exploits0References3
NVD
NVD
added 2023/11/07 7:15 p.m.43 views

CVE-2023-46242

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have programming privileges in order to exploit this vulnerability. This issue...

9.6CVSS0.00381EPSS
Exploits0References3
NVD
NVD
added 2023/11/06 12:15 a.m.43 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.3CVSS5.3AI score0.00618EPSS
Exploits2References3
NVD
NVD
added 2023/11/03 7:15 a.m.43 views

CVE-2023-5763

In Eclipse Glassfish 5 or 6, running with old versions of JDK lower than 6u211, or 7u201, or 8u191, allows remote attackers to load malicious code on the server via access to insecure ORB listeners...

9.8CVSS7.3AI score0.0065EPSS
Exploits0References2
NVD
NVD
added 2023/11/01 3:15 a.m.43 views

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References1
NVD
NVD
added 2023/10/30 11:15 p.m.43 views

CVE-2023-45671

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4.7CVSS4.6AI score0.01425EPSS
Exploits1References2
NVD
NVD
added 2023/10/26 10:15 p.m.43 views

CVE-2023-42406

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component...

9.8CVSS9.7AI score0.01947EPSS
Exploits1References2
NVD
NVD
added 2023/10/23 7:15 a.m.43 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS8AI score0.03024EPSS
Exploits1References6
NVD
NVD
added 2023/10/19 10:15 p.m.43 views

CVE-2023-45819

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully craft...

6.1CVSS6.1AI score0.00601EPSS
Exploits0References1
NVD
NVD
added 2023/10/19 5:15 p.m.43 views

CVE-2023-35126

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, whic...

7.8CVSS7.9AI score0.00484EPSS
Exploits1References3
NVD
NVD
added 2023/10/18 10:15 p.m.43 views

CVE-2023-45814

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.2AI score0.00449EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 7:15 p.m.43 views

CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...

4.3CVSS4.5AI score0.00699EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 12:15 a.m.43 views

CVE-2023-44177

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service DoS condition. This...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2023/10/11 4:15 p.m.43 views

CVE-2023-34346

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...

9.8CVSS9.8AI score0.01292EPSS
Exploits0References2
NVD
NVD
added 2023/10/10 5:15 a.m.43 views

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

8.8CVSS8.7AI score0.01457EPSS
Exploits1References1
NVD
NVD
added 2023/10/09 4:15 p.m.43 views

CVE-2023-41047

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

6.5CVSS6.9AI score0.00568EPSS
Exploits1References3
NVD
NVD
added 2023/10/06 1:15 p.m.43 views

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

5.4CVSS5.3AI score0.00559EPSS
Exploits1References2
NVD
NVD
added 2023/09/29 6:15 a.m.43 views

CVE-2023-44466

An issue was discovered in net/ceph/messengerv2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in cephdecode32...

8.8CVSS9.1AI score0.54577EPSS
Exploits1References5
NVD
NVD
added 2023/09/15 8:15 p.m.43 views

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

7.5CVSS7.3AI score0.0076EPSS
Exploits1References2
NVD
NVD
added 2023/09/13 3:15 p.m.43 views

CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

7.5CVSS7.4AI score0.00592EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 2:15 p.m.43 views

CVE-2023-4701

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vendor eventually states that this issue is identical to CVE-2023-3935...

9.3AI score
Exploits0
NVD
NVD
added 2023/09/12 9:15 p.m.43 views

CVE-2023-41885

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

5.3CVSS5.2AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2023/09/11 10:15 p.m.43 views

CVE-2023-41879

Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would...

7.5CVSS7.6AI score0.00823EPSS
Exploits1References5
NVD
NVD
added 2023/09/11 7:15 p.m.43 views

CVE-2023-31067

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\Clients\www...

9.8CVSS9.6AI score0.02884EPSS
Exploits4References2
NVD
NVD
added 2023/09/05 11:15 p.m.43 views

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS7.8AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2023/09/01 6:15 p.m.43 views

CVE-2023-4708

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely...

9.8CVSS7.3AI score0.45639EPSS
Exploits3References3
NVD
NVD
added 2023/09/01 11:15 a.m.43 views

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...

7.5CVSS7.8AI score0.00701EPSS
Exploits1References2
NVD
NVD
added 2023/08/30 10:15 p.m.43 views

CVE-2023-31714

Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities...

9.8CVSS10AI score0.03278EPSS
Exploits1References4
NVD
NVD
added 2023/08/29 10:15 p.m.43 views

CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

8.8CVSS8.7AI score0.00613EPSS
Exploits1References4
NVD
NVD
added 2023/08/25 9:15 p.m.43 views

CVE-2023-40166

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

5.5CVSS5.9AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2023/08/23 9:15 p.m.43 views

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

9.9CVSS9.6AI score0.00983EPSS
Exploits0References3
NVD
NVD
added 2023/08/22 7:16 p.m.43 views

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

10CVSS9.6AI score0.01401EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 11:15 a.m.43 views

CVE-2023-4321

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3...

8.3CVSS6.4AI score0.00555EPSS
Exploits1References2
NVD
NVD
added 2023/08/10 6:15 p.m.43 views

CVE-2023-39959

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...

5.3CVSS4.5AI score0.00488EPSS
Exploits0References3
NVD
NVD
added 2023/08/08 6:15 p.m.43 views

CVE-2023-20562

Insufficient validation in the IOCTL Input Output Control input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution...

7.8CVSS7.5AI score0.0115EPSS
Exploits2References1
NVD
NVD
added 2023/08/07 9:15 p.m.43 views

CVE-2023-39525

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue...

9.1CVSS7AI score0.00723EPSS
Exploits0References2
Total number of security vulnerabilities5000