Lucene search
K
NvdMost viewed

363816 matches found

NVD
NVD
•added 2022/09/16 11:15 p.m.•43 views

CVE-2022-35999

TensorFlow is an open source platform for machine learning. When Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack. We have patched the issue in...

7.5CVSS0.00396EPSS
Exploits0References2
NVD
NVD
•added 2022/09/14 11:15 p.m.•43 views

CVE-2022-40734

UniSharp laravel-filemanager aka Laravel Filemanager before 2.6.4 allows download?workingdir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0...

6.5CVSS0.04056EPSS
Exploits1References3
NVD
NVD
•added 2022/09/12 2:15 p.m.•43 views

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

9.8CVSS0.01093EPSS
Exploits1References2
NVD
NVD
•added 2022/08/25 11:15 p.m.•43 views

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

9.8CVSS0.64589EPSS
Exploits3References3
NVD
NVD
•added 2022/08/25 11:15 p.m.•43 views

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

6.1CVSS0.06652EPSS
Exploits2References3
NVD
NVD
•added 2022/08/18 8:15 a.m.•43 views

CVE-2022-2876

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

9.8CVSS0.00635EPSS
Exploits1References2
NVD
NVD
•added 2022/08/12 4:15 p.m.•43 views

CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

4.8CVSS0.00631EPSS
Exploits1References1
NVD
NVD
•added 2022/08/08 3:15 p.m.•43 views

CVE-2022-35493

A Cross-site scripting XSS vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the getproducts?search parameter...

6.1CVSS0.01422EPSS
Exploits1References1
NVD
NVD
•added 2022/08/08 2:15 p.m.•43 views

CVE-2022-2395

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00493EPSS
Exploits2References1
NVD
NVD
•added 2022/08/05 10:15 p.m.•43 views

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

9.8CVSS0.00993EPSS
Exploits1References1
NVD
NVD
•added 2022/07/15 6:15 p.m.•43 views

CVE-2022-31157

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

7.5CVSS0.00387EPSS
Exploits0References1
NVD
NVD
•added 2022/07/11 7:15 p.m.•43 views

CVE-2022-31139

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

7.5CVSS0.00936EPSS
Exploits0References3
NVD
NVD
•added 2022/07/11 1:15 p.m.•43 views

CVE-2022-1626

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of...

5.4CVSS0.00261EPSS
Exploits2References1
NVD
NVD
•added 2022/07/06 5:15 p.m.•43 views

CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands...

9.8CVSS0.06833EPSS
Exploits1References1
NVD
NVD
•added 2022/06/30 6:15 p.m.•43 views

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

5.4CVSS0.00567EPSS
Exploits0References1
NVD
NVD
•added 2022/06/28 6:15 p.m.•43 views

CVE-2022-31056

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms Ticket/Change/Problem permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and...

9.8CVSS0.0858EPSS
Exploits3References2
NVD
NVD
•added 2022/06/28 5:15 p.m.•43 views

CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

6.5CVSS0.01107EPSS
Exploits1References1
NVD
NVD
•added 2022/06/27 10:15 p.m.•43 views

CVE-2022-31092

Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting i...

8.1CVSS0.01315EPSS
Exploits1References3
NVD
NVD
•added 2022/06/27 8:15 p.m.•43 views

CVE-2022-31064

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker with xss in the name starts a chat. in the victim's client the JavaScript will be executed...

6.5CVSS0.01179EPSS
Exploits3References6
NVD
NVD
•added 2022/06/15 3:15 p.m.•43 views

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS0.03674EPSS
Exploits0References2
NVD
NVD
•added 2022/06/13 10:15 p.m.•43 views

CVE-2022-29257

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafte...

7.2CVSS0.0085EPSS
Exploits0References1
NVD
NVD
•added 2022/06/13 8:15 p.m.•43 views

CVE-2022-31054

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

7.5CVSS0.01492EPSS
Exploits0References4
NVD
NVD
•added 2022/06/10 12:15 p.m.•43 views

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS0.00763EPSS
Exploits0References2
NVD
NVD
•added 2022/06/08 10:15 a.m.•43 views

CVE-2022-1598

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

5.3CVSS0.05076EPSS
Exploits2References1
NVD
NVD
•added 2022/06/02 2:15 p.m.•43 views

CVE-2019-12351

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dlprint.php via an id parameter value with a trailing comma...

9.8CVSS0.01385EPSS
Exploits1References1
NVD
NVD
•added 2022/05/25 9:15 p.m.•43 views

CVE-2022-29252

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions...

7.4CVSS0.00921EPSS
Exploits0References3
NVD
NVD
•added 2022/05/05 5:15 p.m.•43 views

CVE-2022-29474

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

4.3CVSS0.01469EPSS
Exploits0References1
NVD
NVD
•added 2022/03/29 7:15 a.m.•43 views

CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

9.1CVSS0.00777EPSS
Exploits1References1
NVD
NVD
•added 2022/03/21 7:15 p.m.•43 views

CVE-2022-24766

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS0.01582EPSS
Exploits0References3
NVD
NVD
•added 2022/03/17 9:15 p.m.•43 views

CVE-2022-26501

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control issue 1 of 2...

10CVSS0.04279EPSS
Exploits0References3
NVD
NVD
•added 2022/03/17 9:15 p.m.•43 views

CVE-2022-24770

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS0.01248EPSS
Exploits0References3
NVD
NVD
•added 2022/03/04 9:15 a.m.•43 views

CVE-2022-0848

OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11...

10CVSS0.35436EPSS
Exploits5References3
NVD
NVD
•added 2022/02/15 5:15 p.m.•43 views

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

5.4CVSS0.00724EPSS
Exploits0References2
NVD
NVD
•added 2022/02/11 6:15 p.m.•43 views

CVE-2021-39672

In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701...

7.8CVSS0.00133EPSS
Exploits0References1
NVD
NVD
•added 2022/02/09 2:15 p.m.•43 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS0.09183EPSS
Exploits4References2
NVD
NVD
•added 2022/02/07 8:15 p.m.•43 views

CVE-2022-21814

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service...

6.1CVSS0.00232EPSS
Exploits0References2
NVD
NVD
•added 2022/02/04 11:15 p.m.•43 views

CVE-2022-23570

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

6.5CVSS0.00992EPSS
Exploits1References3
NVD
NVD
•added 2022/02/03 1:15 p.m.•43 views

CVE-2022-21729

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
•added 2022/02/01 12:15 p.m.•43 views

CVE-2022-21687

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...

6.8CVSS0.01003EPSS
Exploits0References2
NVD
NVD
•added 2022/01/18 10:15 p.m.•43 views

CVE-2022-21691

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...

4.3CVSS0.00673EPSS
Exploits0References2
NVD
NVD
•added 2022/01/15 3:17 p.m.•43 views

CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS0.75711EPSS
Exploits5References1
NVD
NVD
•added 2022/01/06 1:15 p.m.•43 views

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

6.5CVSS0.01948EPSS
Exploits0References2
NVD
NVD
•added 2022/01/06 12:15 a.m.•43 views

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

8.2CVSS0.00279EPSS
Exploits0References4
NVD
NVD
•added 2022/01/04 8:15 p.m.•43 views

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

9.8CVSS0.37671EPSS
Exploits0References2
NVD
NVD
•added 2021/12/22 12:15 a.m.•43 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS0.01165EPSS
Exploits0References3
NVD
NVD
•added 2021/12/17 9:15 p.m.•43 views

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS0.01184EPSS
Exploits1References2
NVD
NVD
•added 2021/12/06 9:15 p.m.•43 views

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

10CVSS0.02407EPSS
Exploits1References1
NVD
NVD
•added 2021/12/01 1:15 a.m.•43 views

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

8.8CVSS0.01432EPSS
Exploits1References3
NVD
NVD
•added 2021/11/23 4:15 p.m.•43 views

CVE-2021-22356

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions...

5.9CVSS0.00403EPSS
Exploits0References1
NVD
NVD
•added 2021/11/02 10:15 a.m.•43 views

CVE-2021-33611

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

6.1CVSS0.00955EPSS
Exploits1References2
Total number of security vulnerabilities5000