Lucene search
K
NvdMost viewed

364265 matches found

NVD
NVD
added 2024/01/09 10:15 a.m.69 views

CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...

7.2CVSS6.5AI score0.00547EPSS
Exploits0References1
NVD
NVD
added 2024/01/08 2:15 p.m.69 views

CVE-2024-21645

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...

5.3CVSS5.4AI score0.24513EPSS
Exploits1References2
NVD
NVD
added 2023/07/14 8:15 p.m.69 views

CVE-2023-37474

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This...

7.5CVSS0.42828EPSS
Exploits4References3
NVD
NVD
added 2023/07/12 4:15 p.m.69 views

CVE-2023-36266

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 fixed in 17.2, and the KeeperFill Browser Extensions version 16.5.4 fixed in 17.2, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and...

5.5CVSS5.6AI score0.00839EPSS
Exploits3References4
NVD
NVD
added 2023/07/10 4:15 p.m.69 views

CVE-2023-2029

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.0061EPSS
Exploits3References2
NVD
NVD
added 2023/05/12 2:15 p.m.69 views

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

9.8CVSS9.7AI score0.08079EPSS
Exploits3References2
NVD
NVD
added 2023/05/05 10:15 p.m.69 views

CVE-2023-30065

MitraStar GPT-2741GNAC-N2 with firmware BRg5.91.11WVK.0b32 was discovered to contain a remote code execution RCE vulnerability in the ping function...

8.8CVSS9.1AI score0.01328EPSS
Exploits1References1
NVD
NVD
added 2023/05/05 2:15 p.m.69 views

CVE-2023-30013

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...

9.8CVSS9.8AI score0.25889EPSS
Exploits4References2
NVD
NVD
added 2023/04/14 12:15 a.m.69 views

CVE-2023-26918

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...

9.8CVSS9.5AI score0.06051EPSS
Exploits4References2
NVD
NVD
added 2023/03/02 7:15 p.m.69 views

CVE-2023-0084

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.2AI score0.28565EPSS
Exploits5References5
NVD
NVD
added 2023/02/13 8:15 p.m.69 views

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

9.8CVSS8.7AI score0.00685EPSS
Exploits0References5
NVD
NVD
added 2022/03/03 9:15 p.m.69 views

CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse ca...

5.3CVSS0.01995EPSS
Exploits1References4
NVD
NVD
added 2021/07/02 10:15 p.m.69 views

CVE-2021-34527

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

9CVSS0.99759EPSS
Exploits41References6
NVD
NVD
added 2021/03/02 7:15 p.m.69 views

CVE-2021-27885

usersettings.php in e107 through 2.3.0 lacks a certain eTOKEN protection mechanism...

8.8CVSS0.03207EPSS
Exploits3References3
NVD
NVD
added 2021/01/08 6:15 p.m.69 views

CVE-2020-17504

The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters...

7.2CVSS7.5AI score0.02848EPSS
Exploits0References3
NVD
NVD
added 2020/09/16 1:15 p.m.69 views

CVE-2020-25559

gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...

7.8CVSS0.01564EPSS
Exploits1References1
NVD
NVD
added 2019/08/20 8:15 p.m.69 views

CVE-2019-13520

Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted project files to overflow the buffer and execute code under the privileges of the application...

7.8CVSS8AI score0.02947EPSS
Exploits0References3
NVD
NVD
added 2019/07/18 1:15 p.m.69 views

CVE-2019-1010096

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery CSRF. The impact is: There is a CSRF vulnerability that can change the read-only user to admin. The component is: admin/users/edit.php?uid=2. The attack vector is: After the administrator logged in, open the html page...

8.8CVSS8.7AI score0.0065EPSS
Exploits1References1
NVD
NVD
added 2019/02/10 10:29 p.m.69 views

CVE-2019-7702

A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as...

6.5CVSS6.3AI score0.0115EPSS
Exploits1References1
NVD
NVD
added 2013/04/17 6:55 p.m.69 views

CVE-2013-2426

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from t...

9.3CVSS7.9AI score0.05691EPSS
Exploits0References19
NVD
NVD
added 2026/04/20 9:16 p.m.68 views

CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS0.4525EPSS
Exploits2References4
NVD
NVD
added 2025/12/11 7:15 p.m.68 views

CVE-2025-56129

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondiagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua...

8.8CVSS0.02308EPSS
Exploits1References3
NVD
NVD
added 2025/02/03 10:15 p.m.68 views

CVE-2025-23210

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS0.00403EPSS
Exploits0References2
NVD
NVD
added 2025/01/27 6:15 p.m.68 views

CVE-2025-24357

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

8.8CVSS0.00694EPSS
Exploits0References4
NVD
NVD
added 2025/01/21 4:15 p.m.68 views

CVE-2025-24011

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...

5.3CVSS0.01451EPSS
Exploits1References3
NVD
NVD
added 2024/08/25 2:15 a.m.68 views

CVE-2024-8140

A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument taskname leads to cross site scripting. The attack may be launched remotely. The...

5.4CVSS0.00371EPSS
Exploits1References5
NVD
NVD
added 2024/08/12 1:38 p.m.68 views

CVE-2024-22116

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

9.9CVSS0.01603EPSS
Exploits0References2
NVD
NVD
added 2024/07/21 8:15 a.m.68 views

CVE-2024-6944

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has bee...

7.5CVSS0.0378EPSS
Exploits0References4
NVD
NVD
added 2024/07/01 7:15 p.m.68 views

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

5.4CVSS0.01715EPSS
Exploits0References3
NVD
NVD
added 2024/06/18 9:15 p.m.68 views

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

6.3CVSS0.00605EPSS
Exploits1References4
NVD
NVD
added 2024/06/18 7:15 p.m.68 views

CVE-2022-23829

A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode SMM ROM protections...

8.2CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2024/04/04 2:15 p.m.68 views

CVE-2024-2700

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...

7CVSS7AI score0.00286EPSS
Exploits0References8
NVD
NVD
added 2024/03/15 1:15 p.m.68 views

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

5.5CVSS6.2AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2024/02/24 5:15 a.m.68 views

CVE-2024-21502

Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemathmul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free, arbitrary...

7.5CVSS7.6AI score0.01025EPSS
Exploits1References4
NVD
NVD
added 2024/01/31 2:15 p.m.68 views

CVE-2023-6246

A heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name the basename of...

8.4CVSS8.4AI score0.04794EPSS
Exploits7References13
NVD
NVD
added 2024/01/25 9:15 p.m.68 views

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

7.2CVSS7.3AI score0.15597EPSS
Exploits1References4
NVD
NVD
added 2023/09/06 9:15 p.m.68 views

CVE-2023-29198

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

8.5CVSS6.5AI score0.0049EPSS
Exploits0References2
NVD
NVD
added 2023/08/31 6:15 a.m.68 views

CVE-2023-3162

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to...

9.8CVSS9.6AI score0.00966EPSS
Exploits2References3
NVD
NVD
added 2023/08/29 5:15 p.m.68 views

CVE-2023-41037

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS4.4AI score0.00309EPSS
Exploits1References2
NVD
NVD
added 2023/06/12 6:15 p.m.68 views

CVE-2023-2362

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

6.1CVSS6AI score0.00458EPSS
Exploits2References1
NVD
NVD
added 2023/06/12 4:15 p.m.68 views

CVE-2023-35054

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible...

5.4CVSS4.7AI score0.00971EPSS
Exploits0References1
NVD
NVD
added 2023/04/13 11:15 p.m.68 views

CVE-2023-1326

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate...

7.8CVSS7.8AI score0.00874EPSS
Exploits0References2
NVD
NVD
added 2023/03/30 7:15 p.m.68 views

CVE-2023-28647

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain...

6.8CVSS4.8AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2023/02/23 8:15 p.m.68 views

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

7.5CVSS7.5AI score0.00596EPSS
Exploits0References3
NVD
NVD
added 2023/02/01 8:15 p.m.68 views

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

6.1CVSS6.1AI score0.01084EPSS
Exploits1References1
NVD
NVD
added 2022/11/14 9:15 p.m.68 views

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

9.8CVSS0.49201EPSS
Exploits3References4
NVD
NVD
added 2022/10/06 6:16 p.m.68 views

CVE-2022-39273

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

7.5CVSS0.0067EPSS
Exploits0References3
NVD
NVD
added 2022/06/14 5:15 p.m.68 views

CVE-2022-29612

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol...

4.3CVSS0.00626EPSS
Exploits0References2
NVD
NVD
added 2021/10/12 11:15 p.m.68 views

CVE-2021-20031

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains...

6.1CVSS0.13041EPSS
Exploits4References2
NVD
NVD
added 2021/08/31 5:15 p.m.68 views

CVE-2021-35212

An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user...

9CVSS0.01642EPSS
Exploits0References4
Total number of security vulnerabilities5000