Lucene search
K
NvdMost viewed

363781 matches found

NVD
NVD
•added 2022/12/30 11:15 p.m.•43 views

CVE-2022-34671

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service...

8.8CVSS0.01387EPSS
Exploits0References5
NVD
NVD
•added 2022/12/27 3:15 p.m.•43 views

CVE-2022-4767

Denial of Service in GitHub repository usememos/memos prior to 0.9.1...

7.6CVSS0.00678EPSS
Exploits1References2
NVD
NVD
•added 2022/12/27 3:15 p.m.•43 views

CVE-2022-4722

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5...

7.2CVSS0.0113EPSS
Exploits1References2
NVD
NVD
•added 2022/12/20 3:15 p.m.•43 views

CVE-2022-46536

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState...

7.5CVSS0.00815EPSS
Exploits1References1
NVD
NVD
•added 2022/12/13 8:15 a.m.•43 views

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

7.5CVSS0.00751EPSS
Exploits0References1
NVD
NVD
•added 2022/12/09 9:15 p.m.•43 views

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

9.8CVSS0.01437EPSS
Exploits0References2
NVD
NVD
•added 2022/12/07 9:15 p.m.•43 views

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

7.5CVSS0.00689EPSS
Exploits0References1
NVD
NVD
•added 2022/12/05 10:15 p.m.•43 views

CVE-2022-40242

MegaRAC Default Credentials Vulnerability...

9.8CVSS0.00655EPSS
Exploits0References1
NVD
NVD
•added 2022/11/22 7:15 p.m.•43 views

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS0.32516EPSS
Exploits0References1
NVD
NVD
•added 2022/11/22 3:15 p.m.•43 views

CVE-2022-44807

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString...

9.8CVSS0.01224EPSS
Exploits1References2
NVD
NVD
•added 2022/11/21 10:15 p.m.•43 views

CVE-2022-30258

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

9.8CVSS0.00671EPSS
Exploits0References1
NVD
NVD
•added 2022/11/15 1:15 a.m.•43 views

CVE-2022-42122

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...

9.8CVSS0.00806EPSS
Exploits0References3
NVD
NVD
•added 2022/10/24 2:15 p.m.•43 views

CVE-2021-26731

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware...

9.8CVSS0.02308EPSS
Exploits0References2
NVD
NVD
•added 2022/10/24 2:15 p.m.•43 views

CVE-2021-26732

A broken access control vulnerability in the Firstnetworkfunc function of spxrestservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

6.5CVSS0.00443EPSS
Exploits0References2
NVD
NVD
•added 2022/10/19 4:15 p.m.•43 views

CVE-2022-43403

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary...

9.9CVSS0.01428EPSS
Exploits0References3
NVD
NVD
•added 2022/10/18 7:15 p.m.•43 views

CVE-2022-39198

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

9.8CVSS0.02351EPSS
Exploits0References1
NVD
NVD
•added 2022/10/14 8:15 p.m.•43 views

CVE-2022-39311

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...

9.1CVSS0.01579EPSS
Exploits0References3
NVD
NVD
•added 2022/10/14 8:15 p.m.•43 views

CVE-2022-39309

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...

6.5CVSS0.0077EPSS
Exploits0References4
NVD
NVD
•added 2022/10/14 12:15 a.m.•43 views

CVE-2022-39302

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

5.5CVSS0.00377EPSS
Exploits0References2
NVD
NVD
•added 2022/10/12 11:15 p.m.•43 views

CVE-2022-39298

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

9.8CVSS0.0094EPSS
Exploits0References2
NVD
NVD
•added 2022/10/11 9:15 p.m.•43 views

CVE-2022-39808

Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object .obj, ObjTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

7.8CVSS0.00342EPSS
Exploits0References2
NVD
NVD
•added 2022/09/29 3:15 p.m.•43 views

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS0.00485EPSS
Exploits0References4
NVD
NVD
•added 2022/09/21 8:15 a.m.•43 views

CVE-2022-40604

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction...

7.5CVSS0.01573EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 11:15 p.m.•43 views

CVE-2022-35994

TensorFlow is an open source platform for machine learning. When CollectiveGather receives an scalar input input, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c1f491817dec39a26be3c574e86a88c30f3c4770. The fix will be...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/16 11:15 p.m.•43 views

CVE-2022-35999

TensorFlow is an open source platform for machine learning. When Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack. We have patched the issue in...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/15 2:15 a.m.•43 views

CVE-2022-38352

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

9.8CVSS0.20199EPSS
Exploits1References1
NVD
NVD
•added 2022/09/14 11:15 p.m.•43 views

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

6.5CVSS0.04056EPSS
Exploits1References3
NVD
NVD
•added 2022/09/12 2:15 p.m.•43 views

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

9.8CVSS0.01093EPSS
Exploits1References2
NVD
NVD
•added 2022/08/25 11:15 p.m.•43 views

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

9.8CVSS0.64589EPSS
Exploits3References3
NVD
NVD
•added 2022/08/25 11:15 p.m.•43 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

6.1CVSS0.06652EPSS
Exploits2References3
NVD
NVD
•added 2022/08/18 8:15 a.m.•43 views

CVE-2022-2876

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

9.8CVSS0.00635EPSS
Exploits1References2
NVD
NVD
•added 2022/08/12 4:15 p.m.•43 views

CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

4.8CVSS0.00631EPSS
Exploits1References1
NVD
NVD
•added 2022/08/08 3:15 p.m.•43 views

CVE-2022-35493

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

6.1CVSS0.01422EPSS
Exploits1References1
NVD
NVD
•added 2022/08/08 2:15 p.m.•43 views

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00493EPSS
Exploits2References1
NVD
NVD
•added 2022/08/05 10:15 p.m.•43 views

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

9.8CVSS0.00993EPSS
Exploits1References1
NVD
NVD
•added 2022/07/15 6:15 p.m.•43 views

CVE-2022-31157

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

7.5CVSS0.00387EPSS
Exploits0References1
NVD
NVD
•added 2022/07/11 7:15 p.m.•43 views

CVE-2022-31139

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

7.5CVSS0.00936EPSS
Exploits0References3
NVD
NVD
•added 2022/07/11 1:15 p.m.•43 views

CVE-2022-1626

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of...

5.4CVSS0.00261EPSS
Exploits2References1
NVD
NVD
•added 2022/07/06 5:15 p.m.•43 views

CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands...

9.8CVSS0.06833EPSS
Exploits1References1
NVD
NVD
•added 2022/06/30 6:15 p.m.•43 views

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

5.4CVSS0.00567EPSS
Exploits0References1
NVD
NVD
•added 2022/06/28 6:15 p.m.•43 views

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...

9.8CVSS0.0858EPSS
Exploits3References2
NVD
NVD
•added 2022/06/28 5:15 p.m.•43 views

CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

6.5CVSS0.01107EPSS
Exploits1References1
NVD
NVD
•added 2022/06/27 10:15 p.m.•43 views

CVE-2022-31092

Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting i...

8.1CVSS0.01315EPSS
Exploits1References3
NVD
NVD
•added 2022/06/27 8:15 p.m.•43 views

CVE-2022-31064

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

6.5CVSS0.01179EPSS
Exploits3References6
NVD
NVD
•added 2022/06/15 3:15 p.m.•43 views

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS0.03674EPSS
Exploits0References2
NVD
NVD
•added 2022/06/13 10:15 p.m.•43 views

CVE-2022-29257

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...

7.2CVSS0.0085EPSS
Exploits0References1
NVD
NVD
•added 2022/06/13 8:15 p.m.•43 views

CVE-2022-31054

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

7.5CVSS0.01492EPSS
Exploits0References4
NVD
NVD
•added 2022/06/10 12:15 p.m.•43 views

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS0.00763EPSS
Exploits0References2
NVD
NVD
•added 2022/06/08 10:15 a.m.•43 views

CVE-2022-1598

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

5.3CVSS0.05076EPSS
Exploits2References1
NVD
NVD
•added 2022/06/02 2:15 p.m.•43 views

CVE-2019-12351

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dlprint.php via an id parameter value with a trailing comma...

9.8CVSS0.01385EPSS
Exploits1References1
Total number of security vulnerabilities5000