Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
•added 2025/04/29 6:15 p.m.•42 views

CVE-2025-46347

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

9.8CVSS0.00821EPSS
Exploits1References2
NVD
NVD
•added 2025/04/24 9:15 a.m.•42 views

CVE-2025-3776

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvrajaxhandler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for...

8.3CVSS0.00745EPSS
Exploits1References3
NVD
NVD
•added 2025/04/23 5:16 p.m.•42 views

CVE-2025-1045

Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the...

7.8CVSS0.00296EPSS
Exploits0References2
NVD
NVD
•added 2025/04/21 4:15 p.m.•42 views

CVE-2024-12543

User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes...

5.9CVSS0.00274EPSS
Exploits0References1
NVD
NVD
•added 2025/04/13 6:15 a.m.•42 views

CVE-2025-3532

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The...

6.1CVSS0.00403EPSS
Exploits1References4
NVD
NVD
•added 2025/04/10 3:16 p.m.•42 views

CVE-2025-32027

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...

6.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
•added 2025/04/02 3:16 p.m.•42 views

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

5.5CVSS0.00276EPSS
Exploits0References1
NVD
NVD
•added 2025/03/21 6:15 a.m.•42 views

CVE-2025-30342

An XSS issue was discovered in OpenSlides before 4.2.5. When submitting descriptions such as Moderator Notes or Agenda Topics, an editor is shown that allows one to format the submitted text. This allows insertion of various HTML elements. When trying to insert a SCRIPT element, it is properly...

6.1CVSS0.00238EPSS
Exploits1References1
NVD
NVD
•added 2025/03/20 10:15 a.m.•42 views

CVE-2024-12886

An Out-Of-Memory OOM vulnerability exists in the ollama server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the ollama server crashing. The vulnerability is present in the makeRequestWithRetry and...

7.5CVSS0.00672EPSS
Exploits2References1
NVD
NVD
•added 2025/03/18 3:15 p.m.•42 views

CVE-2024-44314

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...

6.5CVSS0.0027EPSS
Exploits0References2
NVD
NVD
•added 2025/03/17 11:15 p.m.•42 views

CVE-2025-29913

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. A critical heap buffer overflow vulnerability was identified in the...

9.8CVSS0.00657EPSS
Exploits1References1
NVD
NVD
•added 2025/03/17 2:15 p.m.•42 views

CVE-2021-22126

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded...

6.7CVSS0.00156EPSS
Exploits0References1
NVD
NVD
•added 2025/03/12 4:15 p.m.•42 views

CVE-2025-25565

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line...

9.8CVSS0.00582EPSS
Exploits1References2
NVD
NVD
•added 2025/02/25 7:15 p.m.•42 views

CVE-2025-27135

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available...

9.8CVSS0.00574EPSS
Exploits1References4
NVD
NVD
•added 2025/02/21 10:15 p.m.•42 views

CVE-2025-27108

dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...

7.3CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2025/02/21 10:15 p.m.•42 views

CVE-2019-8900

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the...

6.8CVSS0.67089EPSS
Exploits1References1
NVD
NVD
•added 2025/02/14 1:15 p.m.•42 views

CVE-2025-24699

Cross-Site Request Forgery CSRF vulnerability in Wow-Company WP Coder wp-coder allows Cross-Site Scripting XSS.This issue affects WP Coder: from n/a through = 3.6...

7.1CVSS0.00138EPSS
Exploits0References1
NVD
NVD
•added 2025/02/12 12:15 p.m.•42 views

CVE-2025-1196

A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to launch the attack...

5.4CVSS0.00344EPSS
Exploits1References5
NVD
NVD
•added 2025/02/06 8:15 a.m.•42 views

CVE-2025-22894

Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a...

8.8CVSS0.00139EPSS
Exploits0References2
NVD
NVD
•added 2025/02/03 4:15 a.m.•42 views

CVE-2025-20634

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Pat...

9.8CVSS0.00737EPSS
Exploits0References1
NVD
NVD
•added 2025/01/31 9:15 a.m.•42 views

CVE-2025-22757

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard Help Desk codebard-help-desk allows Stored XSS.This issue affects CodeBard Help Desk: from n/a through = 1.1.2...

6.5CVSS0.00248EPSS
Exploits0References1
NVD
NVD
•added 2025/01/30 8:15 p.m.•42 views

CVE-2024-10604

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

6.9CVSS0.00223EPSS
Exploits1References3
NVD
NVD
•added 2025/01/28 5:15 p.m.•42 views

CVE-2024-8401

CWE-79: Improper Neutralization of Input During Web Page Generation ‘Cross-site Scripting’ vulnerability exists when an authenticated attacker modifies folder names within the context of the product...

5.4CVSS0.00287EPSS
Exploits0References1
NVD
NVD
•added 2025/01/28 4:15 p.m.•42 views

CVE-2025-23212

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28...

7.7CVSS0.00502EPSS
Exploits1References2
NVD
NVD
•added 2025/01/28 12:15 a.m.•42 views

CVE-2022-31749

An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM...

6.5CVSS0.01242EPSS
Exploits2References2
NVD
NVD
•added 2025/01/23 10:15 p.m.•42 views

CVE-2023-46401

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...

9.8CVSS0.00471EPSS
Exploits1References1
NVD
NVD
•added 2025/01/23 6:15 p.m.•42 views

CVE-2025-23227

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

6.4CVSS0.00218EPSS
Exploits0References1
NVD
NVD
•added 2025/01/21 10:15 p.m.•42 views

CVE-2024-45479

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...

9.1CVSS0.00617EPSS
Exploits0References2
NVD
NVD
•added 2025/01/20 4:15 p.m.•42 views

CVE-2025-23220

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarraca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in...

10CVSS0.00579EPSS
Exploits1References2
NVD
NVD
•added 2025/01/15 7:15 p.m.•42 views

CVE-2025-0500

An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...

7.7CVSS0.00494EPSS
Exploits0References6
NVD
NVD
•added 2025/01/14 1:15 a.m.•42 views

CVE-2025-23038

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the remuneracao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into th...

6.4CVSS0.00273EPSS
Exploits1References2
NVD
NVD
•added 2025/01/14 1:15 a.m.•42 views

CVE-2025-23031

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

6.4CVSS0.00273EPSS
Exploits1References2
NVD
NVD
•added 2025/01/10 4:15 p.m.•42 views

CVE-2025-22597

WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the localrecepcao parameter. The injected script...

8.3CVSS0.00339EPSS
Exploits1References1
NVD
NVD
•added 2025/01/08 6:15 a.m.•42 views

CVE-2024-10585

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...

5.3CVSS0.00628EPSS
Exploits0References3
NVD
NVD
•added 2025/01/06 11:15 a.m.•42 views

CVE-2024-45555

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image...

8.4CVSS0.00142EPSS
Exploits0References1
NVD
NVD
•added 2024/12/30 3:15 p.m.•42 views

CVE-2024-50702

TeamPass before 3.1.3.1 does not properly check whether a mailme aka actionmail operation is on behalf of an administrator or manager...

5.4CVSS0.00295EPSS
Exploits0References3
NVD
NVD
•added 2024/12/29 7:15 a.m.•42 views

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS0.00414EPSS
Exploits0References2
NVD
NVD
•added 2024/12/20 9:15 p.m.•42 views

CVE-2024-56335

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

7.6CVSS0.00333EPSS
Exploits0References1
NVD
NVD
•added 2024/12/19 5:15 p.m.•42 views

CVE-2024-12789

A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has...

9.8CVSS0.00518EPSS
Exploits0References4
NVD
NVD
•added 2024/12/04 7:15 a.m.•42 views

CVE-2023-52943

Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors...

4.3CVSS0.0039EPSS
Exploits0References1
NVD
NVD
•added 2024/12/03 6:15 p.m.•42 views

CVE-2024-52547

An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service TCP port 80. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

7.2CVSS0.00699EPSS
Exploits1References2
NVD
NVD
•added 2024/12/02 9:15 p.m.•42 views

CVE-2024-53989

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS0.00463EPSS
Exploits0References2
NVD
NVD
•added 2024/11/29 7:15 p.m.•42 views

CVE-2024-52810

@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the globa...

6.9CVSS0.00735EPSS
Exploits0References2
NVD
NVD
•added 2024/11/29 1:15 p.m.•42 views

CVE-2024-11990

A Cross-Site Scripting XSS vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters...

4.6CVSS0.00265EPSS
Exploits0References1
NVD
NVD
•added 2024/11/26 3:15 p.m.•42 views

CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects...

8.8CVSS0.00797EPSS
Exploits0References1
NVD
NVD
•added 2024/11/25 10:15 p.m.•42 views

CVE-2024-53102

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2024/11/25 7:15 p.m.•42 views

CVE-2024-53255

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...

5.4CVSS0.00865EPSS
Exploits2References2
NVD
NVD
•added 2024/11/19 6:15 p.m.•42 views

CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...

5.5CVSS0.00238EPSS
Exploits0References5
NVD
NVD
•added 2024/11/18 5:15 p.m.•42 views

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS0.0076EPSS
Exploits1References4
NVD
NVD
•added 2024/11/18 4:15 p.m.•42 views

CVE-2020-26073

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application...

7.5CVSS0.12062EPSS
Exploits0References3
Total number of security vulnerabilities5000