Lucene search
K
NvdMost viewed

364228 matches found

NVD
NVD
added 2024/03/13 9:15 p.m.43 views

CVE-2024-27102

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

9.9CVSS9.5AI score0.0055EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 7:15 p.m.43 views

CVE-2024-28194

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...

9.8CVSS9.3AI score0.00823EPSS
Exploits1References1
NVD
NVD
added 2024/03/13 3:15 p.m.43 views

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

9.8CVSS9.6AI score0.41741EPSS
Exploits4References3
NVD
NVD
added 2024/03/12 5:15 p.m.43 views

CVE-2024-26204

Outlook for Android Information Disclosure Vulnerability...

7.5CVSS7.4AI score0.02136EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 3:15 p.m.43 views

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

6.7CVSS6.8AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2024/03/09 1:15 a.m.43 views

CVE-2024-28122

JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

6.8CVSS6.4AI score0.0057EPSS
Exploits1References3
NVD
NVD
added 2024/03/01 9:15 a.m.43 views

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...

9.1CVSS6.4AI score0.00485EPSS
Exploits0References2
NVD
NVD
added 2024/02/29 6:15 a.m.43 views

CVE-2023-1841

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Honeywell MPA2 Access Panel Web server modules allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05. Honeywell released firmware update package...

8.1CVSS7.9AI score0.00372EPSS
Exploits0References2
NVD
NVD
added 2024/02/21 6:15 p.m.43 views

CVE-2024-25896

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection Time-based via the EID POST parameter...

5.3CVSS7.7AI score0.00427EPSS
Exploits1References1
NVD
NVD
added 2024/02/20 3:15 p.m.43 views

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.8AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2024/02/19 8:15 p.m.43 views

CVE-2024-25626

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 before and included Yocto Project 4.3.1, with the Toaster server included in bitbake running, missing input...

9.8CVSS9.1AI score0.01211EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 2:15 p.m.43 views

CVE-2023-27300

Improper buffer restrictions in some IntelR ThunderboltTM DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access...

3.8CVSS4.5AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2024/02/13 7:15 p.m.43 views

CVE-2024-1372

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise...

9.1CVSS9.6AI score0.02275EPSS
Exploits0References4
NVD
NVD
added 2024/02/08 9:15 p.m.43 views

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

7.5CVSS7.7AI score0.00602EPSS
Exploits1References1
NVD
NVD
added 2024/02/07 9:15 p.m.43 views

CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

7.5CVSS6.5AI score0.01448EPSS
Exploits0References13
NVD
NVD
added 2024/02/06 11:15 p.m.43 views

CVE-2024-22388

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys...

7.8CVSS6.5AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2024/02/06 4:15 a.m.43 views

CVE-2024-24808

pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the getredirecturl function when redirecting users at login. This vulnerability h...

6.1CVSS5.1AI score0.00545EPSS
Exploits1References2
NVD
NVD
added 2024/02/04 10:15 p.m.43 views

CVE-2024-25089

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes...

9.8CVSS9.8AI score0.01796EPSS
Exploits0References2
NVD
NVD
added 2024/01/31 5:15 p.m.43 views

CVE-2024-24579

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

9.8CVSS7.3AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2024/01/30 10:15 a.m.43 views

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

6.8CVSS7.2AI score0.00731EPSS
Exploits1References2
NVD
NVD
added 2024/01/26 6:15 p.m.43 views

CVE-2024-0937

A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...

9.8CVSS7.1AI score0.00678EPSS
Exploits0References4
NVD
NVD
added 2024/01/25 9:15 p.m.43 views

CVE-2023-52251

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages...

8.8CVSS9AI score0.85025EPSS
Exploits5References2
NVD
NVD
added 2024/01/24 1:15 a.m.43 views

CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set...

5.5CVSS5.4AI score0.00279EPSS
Exploits1References4
NVD
NVD
added 2024/01/22 5:15 a.m.43 views

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

7.5CVSS7.5AI score0.0096EPSS
Exploits1References7
NVD
NVD
added 2024/01/21 5:15 p.m.43 views

CVE-2024-23732

The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...

7.5CVSS7.3AI score0.00768EPSS
Exploits0References2
NVD
NVD
added 2024/01/19 9:15 p.m.43 views

CVE-2024-23684

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

7.5CVSS7.3AI score0.00912EPSS
Exploits0References3
NVD
NVD
added 2024/01/19 9:15 p.m.43 views

CVE-2024-23689

Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...

8.8CVSS8.7AI score0.0067EPSS
Exploits1References6
NVD
NVD
added 2024/01/19 9:15 p.m.43 views

CVE-2024-23683

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

8.2CVSS8.5AI score0.00355EPSS
Exploits1References6
NVD
NVD
added 2024/01/18 10:15 p.m.43 views

CVE-2023-5130

A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution...

8.8CVSS8.5AI score0.00649EPSS
Exploits0References1
NVD
NVD
added 2024/01/18 9:15 p.m.43 views

CVE-2024-22415

jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters + autocompletion + rename using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control on the operating system level, and with...

9.8CVSS8.4AI score0.00491EPSS
Exploits0References2
NVD
NVD
added 2024/01/18 8:15 p.m.43 views

CVE-2024-22400

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no...

6.1CVSS4.6AI score0.00454EPSS
Exploits0References4
NVD
NVD
added 2024/01/16 10:15 p.m.43 views

CVE-2022-31021

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

5.3CVSS4.4AI score0.00428EPSS
Exploits1References2
NVD
NVD
added 2024/01/16 1:15 a.m.43 views

CVE-2023-51810

SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module...

7.5CVSS7.5AI score0.01313EPSS
Exploits2References1
NVD
NVD
added 2024/01/12 7:15 p.m.43 views

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

7.5CVSS7.3AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2024/01/11 6:15 a.m.43 views

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

9.9CVSS9.4AI score0.00627EPSS
Exploits1References5
NVD
NVD
added 2024/01/10 10:15 p.m.43 views

CVE-2023-32424

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

5.5CVSS4.9AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2024/01/10 9:15 p.m.43 views

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

5.7CVSS5.8AI score0.00306EPSS
Exploits0References3
NVD
NVD
added 2024/01/10 4:15 p.m.43 views

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

8.5CVSS8.1AI score0.00581EPSS
Exploits0References2
NVD
NVD
added 2024/01/08 9:15 p.m.43 views

CVE-2022-45354

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60...

7.5CVSS6.2AI score0.38083EPSS
Exploits0References1
NVD
NVD
added 2024/01/08 2:15 p.m.43 views

CVE-2024-21644

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

7.5CVSS7.5AI score0.42173EPSS
Exploits1References2
NVD
NVD
added 2024/01/04 9:15 p.m.43 views

CVE-2024-22051

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker...

9.8CVSS9.8AI score0.0145EPSS
Exploits0References5
NVD
NVD
added 2024/01/03 5:15 p.m.43 views

CVE-2023-46742

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

6.5CVSS5.2AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2024/01/03 4:15 p.m.43 views

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

6.1CVSS6.2AI score0.00956EPSS
Exploits1References6
NVD
NVD
added 2024/01/02 6:15 a.m.43 views

CVE-2023-33094

Memory corruption while running VK synchronization with KASAN enabled...

8.4CVSS8.7AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2023/12/29 10:15 a.m.43 views

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...

7.5CVSS0.01006EPSS
Exploits1References6
NVD
NVD
added 2023/12/29 3:15 a.m.43 views

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

8.1CVSS0.007EPSS
Exploits1References3
NVD
NVD
added 2023/12/23 8:15 p.m.43 views

CVE-2023-49594

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

6.5CVSS0.01243EPSS
Exploits1References3
NVD
NVD
added 2023/12/21 11:15 p.m.43 views

CVE-2023-49677

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS0.00671EPSS
Exploits1References2
NVD
NVD
added 2023/12/14 10:15 p.m.43 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

5.4CVSS0.00912EPSS
Exploits1References14
NVD
NVD
added 2023/12/14 5:15 p.m.43 views

CVE-2023-42801

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

7.6CVSS0.00793EPSS
Exploits1References4
Total number of security vulnerabilities5000