Lucene search
K
NvdMost viewed

364116 matches found

NVD
NVD
added 2023/06/05 10:15 p.m.43 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS7.7AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2023/05/26 5:15 p.m.43 views

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

5.9CVSS5.6AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 11:15 a.m.43 views

CVE-2022-41987

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2023/05/19 12:15 p.m.43 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.5CVSS7.7AI score0.02396EPSS
Exploits2References2
NVD
NVD
added 2023/05/10 3:15 p.m.43 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References3
NVD
NVD
added 2023/05/08 6:15 p.m.43 views

CVE-2023-30844

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

8.8CVSS5.5AI score0.0074EPSS
Exploits0References3
NVD
NVD
added 2023/05/02 9:15 p.m.43 views

CVE-2022-30759

In Nokia One-NDS aka Network Directory Server through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands...

8.8CVSS9AI score0.01137EPSS
Exploits3References2
NVD
NVD
added 2023/04/25 8:15 p.m.43 views

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/24 5:15 p.m.43 views

CVE-2023-26494

lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume th...

6.1CVSS6.2AI score0.00637EPSS
Exploits1References5
NVD
NVD
added 2023/04/19 12:15 a.m.43 views

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

6.5CVSS6.9AI score0.00844EPSS
Exploits1References2
NVD
NVD
added 2023/04/16 3:15 a.m.43 views

CVE-2022-34128

The Cartography aka positions plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php...

9.8CVSS9.8AI score0.07746EPSS
Exploits3References3
NVD
NVD
added 2023/04/11 10:15 a.m.43 views

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

5.3CVSS5.1AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2023/04/09 8:15 p.m.43 views

CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsfunctionframe at src/njsfunction.h...

7.5CVSS7.6AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2023/04/05 2:15 p.m.43 views

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

6.5CVSS6.3AI score0.00705EPSS
Exploits0References4
NVD
NVD
added 2023/04/04 3:15 p.m.43 views

CVE-2020-19278

Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter...

8.8CVSS8.9AI score0.00498EPSS
Exploits1References2
NVD
NVD
added 2023/04/04 1:15 p.m.43 views

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS6.2AI score0.00678EPSS
Exploits1References3
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-43608

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of...

8.8CVSS9AI score0.0083EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-36978

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification...

9.8CVSS9.8AI score0.07334EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28642

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28306

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00897EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of...

8.8CVSS9AI score0.01244EPSS
Exploits0References2
NVD
NVD
added 2023/03/27 4:15 p.m.43 views

CVE-2023-0497

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS4.7AI score0.00281EPSS
Exploits2References1
NVD
NVD
added 2023/03/23 5:15 p.m.43 views

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

7.5CVSS6.1AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2023/03/21 12:15 p.m.43 views

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...

7.8CVSS7.5AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2023/03/14 6:15 a.m.43 views

CVE-2023-27895

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. The attacker could extract the currently views of the OTP and the secret OTP alphanumeric token during the token setup. On successful...

6.5CVSS6AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2023/03/06 4:15 a.m.43 views

CVE-2015-10091

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely...

7.2CVSS6AI score0.00588EPSS
Exploits0References3
NVD
NVD
added 2023/03/02 7:15 p.m.43 views

CVE-2023-26472

XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...

9.9CVSS9.6AI score0.01107EPSS
Exploits1References3
NVD
NVD
added 2023/02/26 1:15 p.m.43 views

CVE-2023-1047

A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may...

7.8CVSS6.2AI score0.00395EPSS
Exploits0References3
NVD
NVD
added 2023/02/20 5:15 p.m.43 views

CVE-2022-46836

PHP code injection in watolib auth.php and hosttags.php in Tribe29's Checkmk = 2.1.0p10, Checkmk = 2.0.0p27, and Checkmk = 1.6.0p29 allows an attacker to inject and execute PHP code which will be executed upon request of the vulnerable component...

9.1CVSS9.5AI score0.01126EPSS
Exploits2References2
NVD
NVD
added 2023/02/16 9:15 p.m.43 views

CVE-2022-41314

Uncontrolled search path in some IntelR Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2023/02/16 7:15 p.m.43 views

CVE-2021-42756

Multiple stack-based buffer overflow vulnerabilities CWE-121 in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically...

9.8CVSS10AI score0.36405EPSS
Exploits1References1
NVD
NVD
added 2023/02/15 2:15 p.m.43 views

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

8.8CVSS8.8AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 2:15 p.m.43 views

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

9.9CVSS9.7AI score0.01095EPSS
Exploits0References2
NVD
NVD
added 2023/02/15 3:15 a.m.43 views

CVE-2022-32473

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7CVSS7.4AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2023/02/14 8:15 p.m.43 views

CVE-2023-21809

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability...

7.8CVSS7.5AI score0.00598EPSS
Exploits0References1
NVD
NVD
added 2023/02/11 1:23 a.m.43 views

CVE-2023-25557

DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store GMS. It has been discovered that the...

9.1CVSS8AI score0.00684EPSS
Exploits0References1
NVD
NVD
added 2023/02/10 8:15 p.m.43 views

CVE-2023-23161

A reflected cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar...

6.1CVSS5.9AI score0.0591EPSS
Exploits4References4
NVD
NVD
added 2023/02/09 5:15 p.m.43 views

CVE-2022-48301

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled...

7.5CVSS7.6AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2023/02/07 11:15 p.m.43 views

CVE-2023-0731

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00521EPSS
Exploits0References3
NVD
NVD
added 2023/02/03 6:15 p.m.43 views

CVE-2021-36426

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inclib/general.inc.php...

8.8CVSS8.8AI score0.01058EPSS
Exploits1References1
NVD
NVD
added 2023/02/02 12:15 p.m.43 views

CVE-2023-0642

Cross-Site Request Forgery CSRF in GitHub repository squidex/squidex prior to 7.4.0...

6.8CVSS6.6AI score0.00412EPSS
Exploits1References2
NVD
NVD
added 2023/02/01 12:15 a.m.43 views

CVE-2023-24956

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php...

8.8CVSS9AI score0.0072EPSS
Exploits1References1
NVD
NVD
added 2023/01/30 9:15 p.m.43 views

CVE-2022-4667

The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.3AI score0.00507EPSS
Exploits2References1
NVD
NVD
added 2023/01/27 3:15 p.m.43 views

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

7.5CVSS7.8AI score0.01358EPSS
Exploits1References1
NVD
NVD
added 2023/01/26 10:15 p.m.43 views

CVE-2023-0455

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta...

8.8CVSS8.2AI score0.05748EPSS
Exploits5References3
NVD
NVD
added 2023/01/26 9:18 p.m.43 views

CVE-2023-24457

A cross-site request forgery CSRF vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account...

6.5CVSS6.5AI score0.01EPSS
Exploits0References1
NVD
NVD
added 2023/01/23 3:15 p.m.43 views

CVE-2022-4627

The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1
NVD
NVD
added 2023/01/20 8:15 a.m.43 views

CVE-2022-40267

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...

9.1CVSS7.6AI score0.01182EPSS
Exploits0References4
NVD
NVD
added 2023/01/18 6:15 p.m.43 views

CVE-2022-45613

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter...

5.4CVSS5.3AI score0.00459EPSS
Exploits1References2
Total number of security vulnerabilities5000