Lucene search
K
NvdMost viewed

363767 matches found

NVD
NVD
•added 2020/09/25 7:15 p.m.•43 views

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

9CVSS0.01235EPSS
Exploits1References5
NVD
NVD
•added 2020/08/21 9:15 p.m.•43 views

CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

5.4CVSS5.4AI score0.01401EPSS
Exploits1References3
NVD
NVD
•added 2020/08/18 2:15 p.m.•43 views

CVE-2020-14333

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or oth...

6.3CVSS6.1AI score0.0079EPSS
Exploits0References1
NVD
NVD
•added 2020/08/17 7:15 p.m.•43 views

CVE-2020-1591

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS4.9AI score0.01507EPSS
Exploits0References1
NVD
NVD
•added 2020/08/11 4:15 p.m.•43 views

CVE-2020-11552

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An...

10CVSS9.4AI score0.07403EPSS
Exploits4References6
NVD
NVD
•added 2020/07/31 1:15 p.m.•43 views

CVE-2020-10731

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

9.9CVSS9.4AI score0.00889EPSS
Exploits0References1
NVD
NVD
•added 2020/07/15 2:15 a.m.•43 views

CVE-2020-14497

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code...

9.8CVSS0.04922EPSS
Exploits0References37
NVD
NVD
•added 2020/07/01 4:15 p.m.•43 views

CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

7.8CVSS0.02106EPSS
Exploits0References2
NVD
NVD
•added 2020/07/01 2:15 a.m.•43 views

CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by uploading a html file...

4.8CVSS0.0194EPSS
Exploits3References2
NVD
NVD
•added 2020/06/30 9:15 p.m.•43 views

CVE-2020-14947

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in plugins/mainsections/msconfig/mssnmpconfig.php is mishandled in getmiboid...

8.8CVSS0.19481EPSS
Exploits5References5
NVD
NVD
•added 2020/06/22 6:15 p.m.•43 views

CVE-2019-14894

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms...

9CVSS0.04078EPSS
Exploits0References1
NVD
NVD
•added 2020/05/08 1:15 p.m.•43 views

CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code...

7.2CVSS7.2AI score0.72936EPSS
Exploits4References3
NVD
NVD
•added 2020/05/08 12:15 p.m.•43 views

CVE-2020-12018

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data...

7.5CVSS8AI score0.01529EPSS
Exploits0References2
NVD
NVD
•added 2020/04/29 12:15 a.m.•43 views

CVE-2020-8472

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M versions 6.0 and earlier and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl version 6.1 and earlier allow low privileged users to read, modify, add and...

7.8CVSS6.5AI score0.00267EPSS
Exploits0References1
NVD
NVD
•added 2020/04/15 5:15 p.m.•43 views

CVE-2020-10637

Eaton HMiSoft VU3 HMIVU3 runtime not impacted, Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product...

5.5CVSS6AI score0.00832EPSS
Exploits0References1
NVD
NVD
•added 2020/03/30 10:15 p.m.•43 views

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

5.3CVSS5.2AI score0.01534EPSS
Exploits1References1
NVD
NVD
•added 2020/03/14 6:15 p.m.•43 views

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

9.8CVSS9.5AI score0.01736EPSS
Exploits0References2
NVD
NVD
•added 2020/03/06 5:15 p.m.•43 views

CVE-2020-9531

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...

7.3CVSS6.9AI score0.013EPSS
Exploits0References3
NVD
NVD
•added 2020/01/28 5:15 p.m.•43 views

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS7.6AI score0.04511EPSS
Exploits0References12
NVD
NVD
•added 2020/01/15 5:15 p.m.•43 views

CVE-2020-2559

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: UIF Open UI. Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attack...

5.3CVSS4.3AI score0.01694EPSS
Exploits0References1
NVD
NVD
•added 2020/01/15 5:15 p.m.•43 views

CVE-2020-2557

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

4.7CVSS3.8AI score0.01109EPSS
Exploits0References1
NVD
NVD
•added 2019/12/05 3:15 p.m.•43 views

CVE-2019-14910

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...

9.8CVSS9.6AI score0.01054EPSS
Exploits0References1
NVD
NVD
•added 2019/10/29 7:15 p.m.•43 views

CVE-2019-3977

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...

8.5CVSS7.8AI score0.01059EPSS
Exploits0References1
NVD
NVD
•added 2019/09/11 7:15 p.m.•43 views

CVE-2019-13473

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root...

10CVSS9.5AI score0.04448EPSS
Exploits5References4
NVD
NVD
•added 2019/09/08 11:15 p.m.•43 views

CVE-2019-16119

SQL injection in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php albumid parameter...

9.8CVSS9.9AI score0.25438EPSS
Exploits4References4
NVD
NVD
•added 2019/08/27 4:15 p.m.•43 views

CVE-2019-14314

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via...

9.8CVSS9.9AI score0.43353EPSS
Exploits1References3
NVD
NVD
•added 2019/08/27 12:15 p.m.•43 views

CVE-2019-13237

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...

4.3CVSS4.6AI score0.07346EPSS
Exploits5References3
NVD
NVD
•added 2019/07/18 6:15 p.m.•43 views

CVE-2019-1010250

The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...

5.5CVSS5.2AI score0.01059EPSS
Exploits1References2
NVD
NVD
•added 2019/07/02 7:15 p.m.•43 views

CVE-2019-7257

Linear eMerge E3-Series devices allow Unrestricted File Upload...

10CVSS9.6AI score0.69992EPSS
Exploits5References3
NVD
NVD
•added 2019/07/01 7:15 p.m.•43 views

CVE-2019-7670

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

9CVSS7.7AI score0.18306EPSS
Exploits5References4
NVD
NVD
•added 2019/06/17 6:15 p.m.•43 views

CVE-2019-10997

An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...

7.1CVSS6AI score0.01002EPSS
Exploits0References1
NVD
NVD
•added 2019/06/11 2:29 p.m.•43 views

CVE-2019-10338

A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfigurationdoValidateClient allowed attackers to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials...

8.8CVSS8.6AI score0.01036EPSS
Exploits0References3
NVD
NVD
•added 2019/06/11 2:29 p.m.•43 views

CVE-2019-10332

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.5AI score0.01829EPSS
Exploits0References3
NVD
NVD
•added 2019/06/07 5:29 p.m.•43 views

CVE-2018-19999

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability,...

7.8CVSS7.8AI score0.00605EPSS
Exploits2References2
NVD
NVD
•added 2019/05/31 3:29 p.m.•43 views

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

7.5CVSS7.5AI score0.02135EPSS
Exploits0References3
NVD
NVD
•added 2019/05/22 4:29 p.m.•43 views

CVE-2019-11880

CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...

7.5CVSS7.9AI score0.02031EPSS
Exploits4References2
NVD
NVD
•added 2019/04/22 3:29 p.m.•43 views

CVE-2019-11243

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig method returns a copy of the provided config, with credentials removed bearer token, username/password, and client certificate/key data. In the affected versions, rest.AnonymousClientConfig did not effectively clear service...

8.1CVSS5.1AI score0.01492EPSS
Exploits0References3
NVD
NVD
•added 2019/04/04 4:29 p.m.•43 views

CVE-2019-1003081

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.3AI score0.01536EPSS
Exploits0References3
NVD
NVD
•added 2019/04/02 6:30 p.m.•43 views

CVE-2019-10692

In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement...

9.8CVSS9.4AI score0.78699EPSS
Exploits6References4
NVD
NVD
•added 2019/03/26 5:29 p.m.•43 views

CVE-2019-9055

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible reach an unserialize call with a crafted value in the m1allparms parameter, and...

8.8CVSS8.7AI score0.12503EPSS
Exploits3References4
NVD
NVD
•added 2019/01/15 12:29 a.m.•43 views

CVE-2019-6290

An infinite recursion issue was discovered in eval.c in Netwide Assembler NASM through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '' characters. Remote attackers could leverage...

5.5CVSS5.2AI score0.01261EPSS
Exploits1References1
NVD
NVD
•added 2018/12/26 9:29 p.m.•43 views

CVE-2018-11741

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=&GOTO8 URIs...

9.8CVSS9.3AI score0.17886EPSS
Exploits5References4
NVD
NVD
•added 2018/11/25 8:29 p.m.•43 views

CVE-2018-19520

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...

8.8CVSS8.9AI score0.02917EPSS
Exploits1References2
NVD
NVD
•added 2018/09/21 7:29 a.m.•43 views

CVE-2018-17297

The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive...

7.5CVSS7.5AI score0.02674EPSS
Exploits0References1
NVD
NVD
•added 2018/08/13 9:47 p.m.•43 views

CVE-2018-10636

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remot...

9.3CVSS9.5AI score0.09536EPSS
Exploits0References2
NVD
NVD
•added 2018/07/27 3:29 p.m.•43 views

CVE-2017-15125

A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CS...

6.5CVSS6.2AI score0.00934EPSS
Exploits0References3
NVD
NVD
•added 2018/07/01 10:29 p.m.•43 views

CVE-2018-13043

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing...

9.8CVSS9.7AI score0.02476EPSS
Exploits0References2
NVD
NVD
•added 2018/06/28 2:29 p.m.•43 views

CVE-2018-12930

ntfsendbufferasyncread in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service kernel oops or panic or possibly have unspecified other impact via a crafted ntfs filesystem...

7.8CVSS7.9AI score0.00427EPSS
Exploits0References4
NVD
NVD
•added 2018/06/13 4:29 p.m.•43 views

CVE-2018-11688

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

6.1CVSS6.2AI score0.0242EPSS
Exploits2References7
NVD
NVD
•added 2018/06/04 7:29 p.m.•43 views

CVE-2017-16012

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-9251. Reason: This candidate is a duplicate of CVE-2015-9251. Notes: All CVE users should reference CVE-2015-9251 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.8AI score
Exploits2
Total number of security vulnerabilities5000