Lucene search
K
NvdMost viewed

364305 matches found

NVD
NVD
added 2023/08/30 10:15 p.m.43 views

CVE-2023-31714

Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities...

9.8CVSS10AI score0.03278EPSS
Exploits1References4
NVD
NVD
added 2023/08/29 10:15 p.m.43 views

CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

8.8CVSS8.7AI score0.00613EPSS
Exploits1References4
NVD
NVD
added 2023/08/25 9:15 p.m.43 views

CVE-2023-40166

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

5.5CVSS5.9AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2023/08/23 9:15 p.m.43 views

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

9.9CVSS9.6AI score0.00983EPSS
Exploits0References3
NVD
NVD
added 2023/08/22 7:16 p.m.43 views

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

10CVSS9.6AI score0.01401EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 11:15 a.m.43 views

CVE-2023-4321

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3...

8.3CVSS6.4AI score0.00555EPSS
Exploits1References2
NVD
NVD
added 2023/08/10 6:15 p.m.43 views

CVE-2023-39959

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...

5.3CVSS4.5AI score0.00488EPSS
Exploits0References3
NVD
NVD
added 2023/08/08 6:15 p.m.43 views

CVE-2023-20562

Insufficient validation in the IOCTL Input Output Control input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution...

7.8CVSS7.5AI score0.0115EPSS
Exploits2References1
NVD
NVD
added 2023/08/06 12:15 a.m.43 views

CVE-2023-4173

A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this...

6.1CVSS4.8AI score0.03336EPSS
Exploits5References3
NVD
NVD
added 2023/08/04 4:15 p.m.43 views

CVE-2023-37896

Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code SDK running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. Ther...

7.5CVSS7.5AI score0.0085EPSS
Exploits0References3
NVD
NVD
added 2023/07/31 3:15 p.m.43 views

CVE-2023-38310

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in...

5.4CVSS5.2AI score0.00489EPSS
Exploits1References2
NVD
NVD
added 2023/07/27 3:15 p.m.43 views

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be abused if a Kirby user is logged in on a device or browser th...

7.3CVSS7.3AI score0.0072EPSS
Exploits0References7
NVD
NVD
added 2023/07/25 9:15 p.m.43 views

CVE-2023-37907

Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...

7.8CVSS7.2AI score0.00194EPSS
Exploits1References3
NVD
NVD
added 2023/07/18 7:15 p.m.43 views

CVE-2023-37477

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS0.05354EPSS
Exploits1References2
NVD
NVD
added 2023/07/18 3:15 p.m.43 views

CVE-2023-36384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...

7.1CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2023/07/18 12:15 p.m.43 views

CVE-2022-45828

Cross-Site Request Forgery CSRF vulnerability in NooTheme Noo Timetable plugin = 2.1.3 versions...

8.8CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2023/07/15 7:15 p.m.43 views

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

9.3CVSS0.00672EPSS
Exploits1References3
NVD
NVD
added 2023/07/14 5:15 p.m.43 views

CVE-2023-36833

A Use After Free vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. The process 'aftman-bt' will crash after...

6.5CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2023/07/12 4:15 p.m.43 views

CVE-2023-37944

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.3AI score0.00691EPSS
Exploits0References2
NVD
NVD
added 2023/07/03 9:15 p.m.43 views

CVE-2020-22597

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecmabuiltinarrayprototypeobjectslice parameter...

9.8CVSS9.7AI score0.01314EPSS
Exploits1References1
NVD
NVD
added 2023/06/28 3:15 p.m.43 views

CVE-2022-44276

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

9.8CVSS9.5AI score0.02302EPSS
Exploits2References1
NVD
NVD
added 2023/06/23 8:15 p.m.43 views

CVE-2023-36346

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the nmmember parameter at print.php...

6.1CVSS6AI score0.05295EPSS
Exploits4References3
NVD
NVD
added 2023/06/19 4:15 p.m.43 views

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

2.4CVSS3.7AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2023/06/13 9:15 a.m.43 views

CVE-2023-33305

A loop with unreachable exit condition 'infinite loop' in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0....

6.5CVSS5.8AI score0.00827EPSS
Exploits0References1
NVD
NVD
added 2023/06/09 8:15 p.m.43 views

CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

5.3CVSS4.7AI score0.00625EPSS
Exploits0References4
NVD
NVD
added 2023/06/09 7:15 a.m.43 views

CVE-2023-2897

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mo...

5.3CVSS4.4AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2023/06/07 9:15 p.m.43 views

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

7.8CVSS7.2AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2023/06/05 10:15 p.m.43 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS7.7AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2023/05/26 5:15 p.m.43 views

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

5.9CVSS5.6AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 11:15 a.m.43 views

CVE-2022-41987

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2023/05/19 12:15 p.m.43 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.5CVSS7.7AI score0.02396EPSS
Exploits2References2
NVD
NVD
added 2023/05/10 3:15 p.m.43 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References3
NVD
NVD
added 2023/05/02 9:15 p.m.43 views

CVE-2022-30759

In Nokia One-NDS aka Network Directory Server through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands...

8.8CVSS9AI score0.01137EPSS
Exploits3References2
NVD
NVD
added 2023/04/25 8:15 p.m.43 views

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/24 5:15 p.m.43 views

CVE-2023-26494

lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume th...

6.1CVSS6.2AI score0.00637EPSS
Exploits1References5
NVD
NVD
added 2023/04/19 12:15 a.m.43 views

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

6.5CVSS6.9AI score0.00844EPSS
Exploits1References2
NVD
NVD
added 2023/04/16 3:15 a.m.43 views

CVE-2022-34128

The Cartography aka positions plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php...

9.8CVSS9.8AI score0.07746EPSS
Exploits3References3
NVD
NVD
added 2023/04/11 10:15 a.m.43 views

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

5.3CVSS5.1AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2023/04/09 8:15 p.m.43 views

CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsfunctionframe at src/njsfunction.h...

7.5CVSS7.6AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2023/04/05 2:15 p.m.43 views

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

6.5CVSS6.3AI score0.00705EPSS
Exploits0References4
NVD
NVD
added 2023/04/04 3:15 p.m.43 views

CVE-2020-19278

Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter...

8.8CVSS8.9AI score0.00498EPSS
Exploits1References2
NVD
NVD
added 2023/04/04 1:15 p.m.43 views

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS6.2AI score0.00678EPSS
Exploits1References3
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-43608

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of...

8.8CVSS9AI score0.0083EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-36978

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification...

9.8CVSS9.8AI score0.07334EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28642

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28306

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00897EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of...

8.8CVSS9AI score0.01244EPSS
Exploits0References2
NVD
NVD
added 2023/03/27 4:15 p.m.43 views

CVE-2023-0497

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS4.7AI score0.00281EPSS
Exploits2References1
NVD
NVD
added 2023/03/23 5:15 p.m.43 views

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

7.5CVSS6.1AI score0.00717EPSS
Exploits0References1
Total number of security vulnerabilities5000