Lucene search
K
NvdMost viewed

364797 matches found

NVD
NVD
added 2023/08/10 6:15 p.m.43 views

CVE-2023-39959

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...

5.3CVSS4.5AI score0.00488EPSS
Exploits0References3
NVD
NVD
added 2023/08/10 3:15 p.m.43 views

CVE-2023-39955

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a...

6.1CVSS5AI score0.0048EPSS
Exploits0References3
NVD
NVD
added 2023/08/08 6:15 p.m.43 views

CVE-2023-20562

Insufficient validation in the IOCTL Input Output Control input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution...

7.8CVSS7.5AI score0.0115EPSS
Exploits2References1
NVD
NVD
added 2023/08/06 12:15 a.m.43 views

CVE-2023-4173

A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this...

6.1CVSS4.8AI score0.03336EPSS
Exploits5References3
NVD
NVD
added 2023/08/04 4:15 p.m.43 views

CVE-2023-37896

Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code SDK running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. Ther...

7.5CVSS7.5AI score0.0085EPSS
Exploits0References3
NVD
NVD
added 2023/07/27 3:15 p.m.43 views

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be abused if a Kirby user is logged in on a device or browser th...

7.3CVSS7.3AI score0.0072EPSS
Exploits0References7
NVD
NVD
added 2023/07/25 9:15 p.m.43 views

CVE-2023-37907

Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...

7.8CVSS7.2AI score0.00194EPSS
Exploits1References3
NVD
NVD
added 2023/07/18 7:15 p.m.43 views

CVE-2023-37477

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS0.05354EPSS
Exploits1References2
NVD
NVD
added 2023/07/18 3:15 p.m.43 views

CVE-2023-36384

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodePeople Booking Calendar Contact Form plugin = 1.2.40 versions...

7.1CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2023/07/15 7:15 p.m.43 views

CVE-2023-2507

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. This is possible because the plugin does not correctly validate the data coming from the deeplinks before using them...

9.3CVSS0.00672EPSS
Exploits1References3
NVD
NVD
added 2023/07/14 5:15 p.m.43 views

CVE-2023-36833

A Use After Free vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS. The process 'aftman-bt' will crash after...

6.5CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2023/07/12 4:15 p.m.43 views

CVE-2023-37944

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.3AI score0.00691EPSS
Exploits0References2
NVD
NVD
added 2023/07/03 9:15 p.m.43 views

CVE-2020-22597

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecmabuiltinarrayprototypeobjectslice parameter...

9.8CVSS9.7AI score0.01314EPSS
Exploits1References1
NVD
NVD
added 2023/06/28 6:15 p.m.43 views

CVE-2023-21150

In handlesetparametersctrl of halsocket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

4.4CVSS4.3AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2023/06/28 3:15 p.m.43 views

CVE-2022-44276

In Responsive Filemanager 9.12.0, an attacker can bypass upload restrictions resulting in RCE...

9.8CVSS9.5AI score0.02302EPSS
Exploits2References1
NVD
NVD
added 2023/06/23 8:15 p.m.43 views

CVE-2023-36346

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the nmmember parameter at print.php...

6.1CVSS6AI score0.05295EPSS
Exploits4References3
NVD
NVD
added 2023/06/23 11:15 a.m.43 views

CVE-2023-28060

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

6.7CVSS5.3AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2023/06/19 4:15 p.m.43 views

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

2.4CVSS3.7AI score0.00359EPSS
Exploits0References4
NVD
NVD
added 2023/06/13 9:15 a.m.43 views

CVE-2023-33305

A loop with unreachable exit condition 'infinite loop' in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0....

6.5CVSS5.8AI score0.00827EPSS
Exploits0References1
NVD
NVD
added 2023/06/09 8:15 p.m.43 views

CVE-2023-32312

UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit fl...

5.3CVSS4.7AI score0.00625EPSS
Exploits0References4
NVD
NVD
added 2023/06/07 9:15 p.m.43 views

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

7.8CVSS7.2AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2023/06/05 10:15 p.m.43 views

CVE-2023-3027

The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values instead of the policy apply a static manifest on a managed cluster of taking advantage of cluster scoped access in a created policy. This feature...

7.8CVSS7.7AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 2023/05/30 10:15 p.m.43 views

CVE-2023-33961

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

8.9CVSS8.8AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2023/05/26 5:15 p.m.43 views

CVE-2023-20882

In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected...

5.9CVSS5.6AI score0.00586EPSS
Exploits0References1
NVD
NVD
added 2023/05/25 11:15 a.m.43 views

CVE-2022-41987

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2023/05/19 3:15 p.m.43 views

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

8.1CVSS8.1AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 2023/05/19 12:15 p.m.43 views

CVE-2022-30114

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482FW230FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462FW261DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS...

7.5CVSS7.7AI score0.02396EPSS
Exploits2References2
NVD
NVD
added 2023/05/10 3:15 p.m.43 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS7.6AI score0.01214EPSS
Exploits2References3
NVD
NVD
added 2023/05/02 9:15 p.m.43 views

CVE-2022-30759

In Nokia One-NDS aka Network Directory Server through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands...

8.8CVSS9AI score0.01137EPSS
Exploits3References2
NVD
NVD
added 2023/04/25 8:15 p.m.43 views

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/04/24 5:15 p.m.43 views

CVE-2023-26494

lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume th...

6.1CVSS6.2AI score0.00637EPSS
Exploits1References5
NVD
NVD
added 2023/04/19 12:15 a.m.43 views

CVE-2023-30605

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the variablename and variablevalue parameter value in the sql/instance.py paramedit endpoint is...

6.5CVSS6.9AI score0.00844EPSS
Exploits1References2
NVD
NVD
added 2023/04/16 3:15 a.m.43 views

CVE-2022-34128

The Cartography aka positions plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php...

9.8CVSS9.8AI score0.07746EPSS
Exploits3References3
NVD
NVD
added 2023/04/11 10:15 a.m.43 views

CVE-2023-27464

A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...

5.3CVSS5.1AI score0.00458EPSS
Exploits0References1
NVD
NVD
added 2023/04/09 8:15 p.m.43 views

CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njsfunctionframe at src/njsfunction.h...

7.5CVSS7.6AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2023/04/05 2:15 p.m.43 views

CVE-2023-1865

The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrcnuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels...

6.5CVSS6.3AI score0.00705EPSS
Exploits0References4
NVD
NVD
added 2023/04/04 3:15 p.m.43 views

CVE-2023-26991

SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swfReadSWF2 function in lib/rfxswf.c...

7.8CVSS7.6AI score0.00308EPSS
Exploits1References1
NVD
NVD
added 2023/04/04 3:15 p.m.43 views

CVE-2020-19278

Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter...

8.8CVSS8.9AI score0.00498EPSS
Exploits1References2
NVD
NVD
added 2023/04/04 1:15 p.m.43 views

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS6.2AI score0.00678EPSS
Exploits1References3
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-43608

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of...

8.8CVSS9AI score0.0083EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-36978

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification...

9.8CVSS9.8AI score0.07334EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28319

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28642

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-28306

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

7.8CVSS7.8AI score0.00897EPSS
Exploits0References2
NVD
NVD
added 2023/03/29 7:15 p.m.43 views

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of...

8.8CVSS9AI score0.01244EPSS
Exploits0References2
NVD
NVD
added 2023/03/27 4:15 p.m.43 views

CVE-2023-0497

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS4.7AI score0.00281EPSS
Exploits2References1
NVD
NVD
added 2023/03/23 5:15 p.m.43 views

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

7.5CVSS6.1AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2023/03/21 12:15 p.m.43 views

CVE-2023-1314

A vulnerability has been discovered in cloudflared's installer = 2023.3.0 for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied...

7.8CVSS7.5AI score0.00259EPSS
Exploits0References2
NVD
NVD
added 2023/03/20 4:15 p.m.43 views

CVE-2023-0340

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.8CVSS8.7AI score0.01047EPSS
Exploits1References1
NVD
NVD
added 2023/03/06 4:15 a.m.43 views

CVE-2015-10091

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely...

7.2CVSS6AI score0.00588EPSS
Exploits0References3
Total number of security vulnerabilities5000