Lucene search
K
NvdMost viewed

363499 matches found

NVD
NVD
added 2025/09/05 10:15 p.m.67 views

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

5.3CVSS0.00398EPSS
Exploits0References7
NVD
NVD
added 2025/07/09 4:15 p.m.67 views

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS0.00196EPSS
Exploits0References2
NVD
NVD
added 2025/05/26 7:15 a.m.67 views

CVE-2025-41441

Mailform Pro CGI prior to 4.3.4 generates error messages containing sensitive information, which may allow a remote unauthenticated attacker to obtain coupon codes. This vulnerability only affects products that use the coupon feature...

6.3CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2025/04/01 7:15 p.m.67 views

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS0.01151EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 6:15 p.m.67 views

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability...

8.8CVSS0.13719EPSS
Exploits1References2
NVD
NVD
added 2024/08/24 6:15 p.m.67 views

CVE-2024-8131

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by thi...

9.8CVSS0.08208EPSS
Exploits1References6
NVD
NVD
added 2024/08/13 6:15 p.m.67 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...

7.8CVSS0.27561EPSS
Exploits4References3
NVD
NVD
added 2024/07/09 5:15 p.m.67 views

CVE-2024-20701

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

8.8CVSS0.01611EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 4:15 p.m.67 views

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability CWE-1389 in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit a...

4.7CVSS0.00467EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 8:15 p.m.67 views

CVE-2024-5947

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...

6.5CVSS0.02418EPSS
Exploits3References1
NVD
NVD
added 2024/03/21 10:15 p.m.67 views

CVE-2024-28117

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...

8.8CVSS9.2AI score0.01381EPSS
Exploits1References2
NVD
NVD
added 2024/02/22 4:15 p.m.67 views

CVE-2023-51653

Hertzbeat is a real-time monitoring system. In the implementation of JmxCollectImpl.java, JMXConnectorFactory.connect is vulnerable to JNDI injection. The corresponding interface is /api/monitor/detect. If there is a URL field, the address will be used by default. When the URL is...

9.8CVSS9.9AI score0.02131EPSS
Exploits1References2
NVD
NVD
added 2023/10/03 12:15 p.m.67 views

CVE-2023-25989

Cross-Site Request Forgery CSRF vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References10
NVD
NVD
added 2023/09/06 9:15 p.m.67 views

CVE-2023-41327

WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying and therefore recording to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhook...

5.4CVSS5.1AI score0.00469EPSS
Exploits0References3
NVD
NVD
added 2023/05/08 9:15 p.m.67 views

CVE-2023-30334

AsmBB v2.9.1 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the MiniMag.asm and bbcode.asm libraries...

6.1CVSS6.2AI score0.00624EPSS
Exploits1References5
NVD
NVD
added 2023/02/21 3:15 p.m.67 views

CVE-2023-0934

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.5...

6.3CVSS5.4AI score0.00393EPSS
Exploits1References2
NVD
NVD
added 2023/02/01 8:15 p.m.67 views

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

6.1CVSS6.1AI score0.01084EPSS
Exploits1References1
NVD
NVD
added 2022/12/28 7:15 p.m.67 views

CVE-2022-23553

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

7.5CVSS0.0084EPSS
Exploits0References3
NVD
NVD
added 2022/11/14 9:15 p.m.67 views

CVE-2022-37109

patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...

9.8CVSS0.49201EPSS
Exploits3References4
NVD
NVD
added 2022/09/08 12:15 a.m.67 views

CVE-2022-38531

FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function...

8.8CVSS0.01812EPSS
Exploits1References1
NVD
NVD
added 2022/08/23 4:15 p.m.67 views

CVE-2022-37112

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php...

9.8CVSS0.00761EPSS
Exploits1References1
NVD
NVD
added 2022/06/09 8:15 p.m.67 views

CVE-2022-31033

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site...

7.5CVSS0.01392EPSS
Exploits0References4
NVD
NVD
added 2022/01/12 7:15 p.m.67 views

CVE-2021-43960

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title,...

4.8CVSS0.00592EPSS
Exploits1References2
NVD
NVD
added 2021/12/15 7:15 p.m.67 views

CVE-2021-0978

In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed...

3.3CVSS0.00104EPSS
Exploits0References1
NVD
NVD
added 2021/10/11 11:15 a.m.67 views

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

5.4CVSS0.00399EPSS
Exploits2References1
NVD
NVD
added 2021/04/23 7:15 p.m.67 views

CVE-2021-20083

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...

8.8CVSS0.04186EPSS
Exploits2References4
NVD
NVD
added 2009/09/01 6:30 p.m.67 views

CVE-2009-3042

SQL injection vulnerability in machine.php in Open Computer and Software OCS Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040...

7.5CVSS8.2AI score0.02958EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 9:17 p.m.66 views

CVE-2026-54515

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS0.00345EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 a.m.66 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS0.00352EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 9:16 p.m.66 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS0.00406EPSS
Exploits2References1
NVD
NVD
added 2026/05/06 1:16 p.m.66 views

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

7.5CVSS0.00319EPSS
Exploits0References4
NVD
NVD
added 2026/01/07 5:16 p.m.66 views

CVE-2026-20026

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

5.8CVSS0.00634EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 6:15 p.m.66 views

CVE-2025-49736

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS0.0046EPSS
Exploits0References1
NVD
NVD
added 2025/02/25 8:15 p.m.66 views

CVE-2025-27146

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability h...

4.3CVSS0.00354EPSS
Exploits0References2
NVD
NVD
added 2025/01/06 3:15 p.m.66 views

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...

7.5CVSS0.00526EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 6:15 p.m.66 views

CVE-2024-12792

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

9.8CVSS0.00624EPSS
Exploits1References4
NVD
NVD
added 2024/11/22 8:15 p.m.66 views

CVE-2023-52333

Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that...

9.8CVSS0.01854EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 2:15 a.m.66 views

CVE-2024-10038

The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

6.1CVSS0.00345EPSS
Exploits0References2
NVD
NVD
added 2024/10/27 12:15 p.m.66 views

CVE-2024-10415

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /file/accept.php. The manipulation of the argument reqid leads to sql injection. The attack can be initiated remotely. The exploit has...

8.8CVSS0.00563EPSS
Exploits1References5
NVD
NVD
added 2024/09/11 5:15 p.m.66 views

CVE-2024-20483

Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...

7.2CVSS0.01098EPSS
Exploits0References1
NVD
NVD
added 2024/08/26 9:15 p.m.66 views

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

8.8CVSS0.0019EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 8:15 a.m.66 views

CVE-2024-6944

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function getimagebase64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has bee...

7.5CVSS0.0378EPSS
Exploits0References4
NVD
NVD
added 2024/07/15 8:15 p.m.66 views

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

9.8CVSS0.00995EPSS
Exploits0References3
NVD
NVD
added 2024/06/17 8:15 p.m.66 views

CVE-2024-37902

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

10CVSS0.00655EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 5:15 p.m.66 views

CVE-2023-24204

SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php...

5.4CVSS8.2AI score0.00639EPSS
Exploits2References3
NVD
NVD
added 2024/05/07 11:15 p.m.66 views

CVE-2023-37325

D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The...

5.4CVSS5.5AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2023/12/04 11:15 p.m.66 views

CVE-2023-21164

In DevmemIntMapPMR of devicememserver.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00414EPSS
Exploits0References1
NVD
NVD
added 2023/10/03 5:15 a.m.66 views

CVE-2023-26150

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...

7.5CVSS6.8AI score0.00454EPSS
Exploits1References7
NVD
NVD
added 2023/09/27 3:19 p.m.66 views

CVE-2023-4506

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access an...

6.5CVSS4.4AI score0.00721EPSS
Exploits1References4
NVD
NVD
added 2023/09/04 11:15 a.m.66 views

CVE-2023-39988

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 标准云std.Cloud WxSync plugin = 2.7.23 versions...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References1
Total number of security vulnerabilities5000