Lucene search
K
NvdMost viewed

364799 matches found

NVD
NVD
added 2023/12/21 11:15 p.m.43 views

CVE-2023-49677

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS0.00671EPSS
Exploits1References2
NVD
NVD
added 2023/12/14 10:15 p.m.43 views

CVE-2023-6134

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting XSS or further attacks. This flaw is the result of an incomple...

5.4CVSS0.00912EPSS
Exploits1References14
NVD
NVD
added 2023/12/14 5:15 p.m.43 views

CVE-2023-42801

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

7.6CVSS0.00793EPSS
Exploits1References4
NVD
NVD
added 2023/12/14 5:15 a.m.43 views

CVE-2023-49935

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

8.8CVSS0.0104EPSS
Exploits0References6
NVD
NVD
added 2023/12/12 9:15 p.m.43 views

CVE-2023-48225

Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another...

9.1CVSS0.00796EPSS
Exploits1References3
NVD
NVD
added 2023/12/12 7:15 p.m.43 views

CVE-2023-49273

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges Editor, etc. are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue...

5.4CVSS0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/12/08 3:15 p.m.43 views

CVE-2023-6245

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

7.5CVSS0.01212EPSS
Exploits0References5
NVD
NVD
added 2023/12/05 3:15 a.m.43 views

CVE-2023-42581

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data...

7.5CVSS0.01173EPSS
Exploits0References1
NVD
NVD
added 2023/11/30 2:15 p.m.43 views

CVE-2023-34030

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Complianz, Really Simple Plugins Complianz Premium allows Cross-Site Request Forgery.This issue affects Complianz: from n/a through 6.4.5; Complianz Premium: from n/a through 6.4.7...

8.8CVSS0.00338EPSS
Exploits0References2
NVD
NVD
added 2023/11/29 2:15 p.m.43 views

CVE-2023-49673

A cross-site request forgery CSRF vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password...

8.8CVSS0.00447EPSS
Exploits0References2
NVD
NVD
added 2023/11/23 12:15 a.m.43 views

CVE-2023-47839

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin = 3.3.26 versions...

6.5CVSS0.00409EPSS
Exploits0References1
NVD
NVD
added 2023/11/20 11:15 p.m.43 views

CVE-2023-48051

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding...

7.5CVSS0.00248EPSS
Exploits1References1
NVD
NVD
added 2023/11/20 7:15 p.m.43 views

CVE-2023-38881

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...

6.1CVSS0.00623EPSS
Exploits0References3
NVD
NVD
added 2023/11/20 5:15 p.m.43 views

CVE-2023-48218

The Strapi Protected Populate Plugin protects get endpoints from revealing too much information. Prior to version 1.3.4, users were able to bypass the field level security. Users who tried to populate something that they didn't have access to could populate those fields anyway. This issue has bee...

5.3CVSS0.00601EPSS
Exploits0References3
NVD
NVD
added 2023/11/15 11:15 p.m.43 views

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

5.4CVSS0.00298EPSS
Exploits0References3
NVD
NVD
added 2023/11/14 11:15 p.m.43 views

CVE-2023-45626

An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles...

7.2CVSS0.00942EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 10:15 a.m.43 views

CVE-2023-28379

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability...

9.8CVSS0.01672EPSS
Exploits1References2
NVD
NVD
added 2023/11/10 10:15 p.m.43 views

CVE-2023-47122

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...

5.3CVSS0.00369EPSS
Exploits0References4
NVD
NVD
added 2023/11/09 10:15 p.m.43 views

CVE-2023-32587

Cross-Site Request Forgery CSRF vulnerability in WP Reactions, LLC WP Reactions Lite plugin = 1.3.8 versions...

8.8CVSS0.00322EPSS
Exploits0References1
NVD
NVD
added 2023/11/08 10:15 p.m.43 views

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

6.1CVSS0.00609EPSS
Exploits0References3
NVD
NVD
added 2023/11/07 7:15 p.m.43 views

CVE-2023-46242

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have programming privileges in order to exploit this vulnerability. This issue...

9.6CVSS0.00381EPSS
Exploits0References3
NVD
NVD
added 2023/11/07 3:9 a.m.43 views

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

6.1CVSS6.2AI score0.00508EPSS
Exploits0References2
NVD
NVD
added 2023/11/06 12:15 a.m.43 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.3CVSS5.3AI score0.00618EPSS
Exploits2References3
NVD
NVD
added 2023/11/03 7:15 a.m.43 views

CVE-2023-5763

In Eclipse Glassfish 5 or 6, running with old versions of JDK lower than 6u211, or 7u201, or 8u191, allows remote attackers to load malicious code on the server via access to insecure ORB listeners...

9.8CVSS7.3AI score0.0065EPSS
Exploits0References2
NVD
NVD
added 2023/11/01 3:15 a.m.43 views

CVE-2023-2621

The McFeeder server distributed as part of SSW package, is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References1
NVD
NVD
added 2023/10/26 10:15 p.m.43 views

CVE-2023-42406

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component...

9.8CVSS9.7AI score0.01947EPSS
Exploits1References2
NVD
NVD
added 2023/10/23 7:15 a.m.43 views

CVE-2023-45802

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS8AI score0.03024EPSS
Exploits1References6
NVD
NVD
added 2023/10/18 10:15 p.m.43 views

CVE-2023-45814

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.2AI score0.00449EPSS
Exploits0References2
NVD
NVD
added 2023/10/17 4:15 p.m.43 views

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

9.8CVSS9.5AI score0.00797EPSS
Exploits1References1
NVD
NVD
added 2023/10/16 7:15 p.m.43 views

CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...

4.3CVSS4.5AI score0.00699EPSS
Exploits0References3
NVD
NVD
added 2023/10/13 12:15 a.m.43 views

CVE-2023-44177

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service DoS condition. This...

5.5CVSS5.8AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2023/10/11 4:15 p.m.43 views

CVE-2023-34346

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability...

9.8CVSS9.8AI score0.01292EPSS
Exploits0References2
NVD
NVD
added 2023/10/10 5:15 a.m.43 views

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

8.8CVSS8.7AI score0.01457EPSS
Exploits1References1
NVD
NVD
added 2023/10/09 4:15 p.m.43 views

CVE-2023-41047

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

6.5CVSS6.9AI score0.00568EPSS
Exploits1References3
NVD
NVD
added 2023/10/06 1:15 p.m.43 views

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

5.4CVSS5.3AI score0.00559EPSS
Exploits1References2
NVD
NVD
added 2023/09/25 8:15 p.m.43 views

CVE-2022-4137

A reflected cross-site scripting XSS vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be...

8.1CVSS7.2AI score0.01149EPSS
Exploits0References6
NVD
NVD
added 2023/09/13 3:15 p.m.43 views

CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

7.5CVSS7.4AI score0.00592EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 2:15 p.m.43 views

CVE-2023-4701

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the vendor eventually states that this issue is identical to CVE-2023-3935...

9.3AI score
Exploits0
NVD
NVD
added 2023/09/12 9:15 p.m.43 views

CVE-2023-41885

Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of BaseUser.login leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not...

5.3CVSS5.2AI score0.00459EPSS
Exploits0References2
NVD
NVD
added 2023/09/11 7:15 p.m.43 views

CVE-2023-31067

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\Clients\www...

9.8CVSS9.6AI score0.02884EPSS
Exploits4References2
NVD
NVD
added 2023/09/05 11:15 p.m.43 views

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...

7.8CVSS7.8AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2023/09/01 6:15 p.m.43 views

CVE-2023-4708

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely...

9.8CVSS7.3AI score0.45639EPSS
Exploits3References3
NVD
NVD
added 2023/09/01 11:15 a.m.43 views

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...

7.5CVSS7.8AI score0.00701EPSS
Exploits1References2
NVD
NVD
added 2023/08/30 10:15 p.m.43 views

CVE-2023-31714

Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities...

9.8CVSS10AI score0.03278EPSS
Exploits1References4
NVD
NVD
added 2023/08/29 10:15 p.m.43 views

CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device...

8.8CVSS8.7AI score0.00613EPSS
Exploits1References4
NVD
NVD
added 2023/08/25 9:15 p.m.43 views

CVE-2023-40166

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. ...

5.5CVSS5.9AI score0.00471EPSS
Exploits1References1
NVD
NVD
added 2023/08/23 9:15 p.m.43 views

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

9.9CVSS9.6AI score0.00983EPSS
Exploits0References3
NVD
NVD
added 2023/08/22 7:16 p.m.43 views

CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

10CVSS9.6AI score0.01401EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 9:15 p.m.43 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS9.4AI score0.00439EPSS
Exploits0References2
NVD
NVD
added 2023/08/14 11:15 a.m.43 views

CVE-2023-4321

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3...

8.3CVSS6.4AI score0.00555EPSS
Exploits1References2
Total number of security vulnerabilities5000