Lucene search
K
NvdMost viewed

364394 matches found

NVD
NVD
added 2022/03/17 9:15 p.m.43 views

CVE-2022-26501

Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control issue 1 of 2...

10CVSS0.04279EPSS
Exploits0References3
NVD
NVD
added 2022/03/17 9:15 p.m.43 views

CVE-2022-24770

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS0.01248EPSS
Exploits0References3
NVD
NVD
added 2022/03/08 12:15 p.m.43 views

CVE-2021-42020

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30,...

7.5CVSS0.0097EPSS
Exploits0References2
NVD
NVD
added 2022/03/07 9:15 a.m.43 views

CVE-2022-0448

The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS0.0632EPSS
Exploits5References1
NVD
NVD
added 2022/02/21 11:15 a.m.43 views

CVE-2021-25082

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via...

8.8CVSS0.05365EPSS
Exploits2References2
NVD
NVD
added 2022/02/15 5:15 p.m.43 views

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

5.4CVSS0.00724EPSS
Exploits0References2
NVD
NVD
added 2022/02/11 8:15 p.m.43 views

CVE-2021-23555

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

10CVSS0.02876EPSS
Exploits1References2
NVD
NVD
added 2022/02/09 2:15 p.m.43 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS0.09183EPSS
Exploits4References2
NVD
NVD
added 2022/02/07 8:15 p.m.43 views

CVE-2022-21814

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service...

6.1CVSS0.00232EPSS
Exploits0References2
NVD
NVD
added 2022/02/03 1:15 p.m.43 views

CVE-2022-21729

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
added 2022/02/01 12:15 p.m.43 views

CVE-2022-21687

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus...

6.8CVSS0.01003EPSS
Exploits0References2
NVD
NVD
added 2022/01/28 8:15 p.m.43 views

CVE-2022-21236

An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability...

8.1CVSS0.01812EPSS
Exploits1References1
NVD
NVD
added 2022/01/18 10:15 p.m.43 views

CVE-2022-21691

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom...

4.3CVSS0.00673EPSS
Exploits0References2
NVD
NVD
added 2022/01/18 3:15 p.m.43 views

CVE-2021-44217

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS0.01626EPSS
Exploits1References5
NVD
NVD
added 2022/01/15 3:17 p.m.43 views

CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

10CVSS0.75711EPSS
Exploits5References1
NVD
NVD
added 2022/01/06 1:15 p.m.43 views

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

6.5CVSS0.01948EPSS
Exploits0References2
NVD
NVD
added 2022/01/06 12:15 a.m.43 views

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

8.2CVSS0.00279EPSS
Exploits0References4
NVD
NVD
added 2022/01/04 8:15 p.m.43 views

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

9.8CVSS0.37671EPSS
Exploits0References2
NVD
NVD
added 2021/12/22 12:15 a.m.43 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS0.01165EPSS
Exploits0References3
NVD
NVD
added 2021/12/17 9:15 p.m.43 views

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS0.01184EPSS
Exploits1References2
NVD
NVD
added 2021/12/06 9:15 p.m.43 views

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

10CVSS0.02407EPSS
Exploits1References1
NVD
NVD
added 2021/12/01 1:15 a.m.43 views

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

8.8CVSS0.01432EPSS
Exploits1References3
NVD
NVD
added 2021/11/23 4:15 p.m.43 views

CVE-2021-22356

There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions...

5.9CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 2021/11/08 4:15 a.m.43 views

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

7.1CVSS0.01307EPSS
Exploits3References2
NVD
NVD
added 2021/11/02 10:15 a.m.43 views

CVE-2021-33611

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

6.1CVSS0.00955EPSS
Exploits1References2
NVD
NVD
added 2021/10/05 11:15 p.m.43 views

CVE-2021-41122

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

4.3CVSS0.00777EPSS
Exploits1References2
NVD
NVD
added 2021/09/20 6:15 p.m.43 views

CVE-2021-32838

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

7.5CVSS0.01804EPSS
Exploits0References7
NVD
NVD
added 2021/09/20 4:15 p.m.43 views

CVE-2021-32289

An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP located in nalutil.cpp. It allows an attacker to cause Denial of Service...

5.5CVSS0.00621EPSS
Exploits1References1
NVD
NVD
added 2021/09/14 11:15 a.m.43 views

CVE-2021-37186

A vulnerability has been identified in LOGO! CMR2020 All versions V2.2, LOGO! CMR2040 All versions V2.2, SIMATIC RTU3010C All versions V4.0.9, SIMATIC RTU3030C All versions V4.0.9, SIMATIC RTU3031C All versions V4.0.9, SIMATIC RTU3041C All versions V4.0.9. The underlying TCP/IP stack does not...

5.4CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added 2021/08/31 4:15 a.m.43 views

CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...

10CVSS0.54393EPSS
Exploits5References2
NVD
NVD
added 2021/08/30 7:15 p.m.43 views

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

5.4CVSS0.00468EPSS
Exploits0References1
NVD
NVD
added 2021/08/24 4:15 p.m.43 views

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

7.5CVSS0.01527EPSS
Exploits0References2
NVD
NVD
added 2021/08/18 8:15 p.m.43 views

CVE-2021-34715

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

9CVSS0.01056EPSS
Exploits0References1
NVD
NVD
added 2021/08/17 10:15 p.m.43 views

CVE-2020-23332

A heap-based buffer overflow exists in the AP4StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service DOS...

7.5CVSS0.01325EPSS
Exploits1References2
NVD
NVD
added 2021/08/08 6:15 a.m.43 views

CVE-2020-36461

An issue was discovered in the noisesearch crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock...

8.1CVSS0.0124EPSS
Exploits1References2
NVD
NVD
added 2021/07/16 11:15 a.m.43 views

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

9.6CVSS0.14115EPSS
Exploits1References1
NVD
NVD
added 2021/07/09 7:15 p.m.43 views

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...

9.8CVSS0.00616EPSS
Exploits0References1
NVD
NVD
added 2021/07/09 2:15 p.m.43 views

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

9.8CVSS0.72054EPSS
Exploits0References2
NVD
NVD
added 2021/07/07 3:15 p.m.43 views

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

10CVSS0.02304EPSS
Exploits4References2
NVD
NVD
added 2021/07/06 12:15 p.m.43 views

CVE-2021-32559

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry ACE to an access control list ACL that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process...

6.5CVSS0.01729EPSS
Exploits0References4
NVD
NVD
added 2021/06/17 11:15 p.m.43 views

CVE-2021-32693

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the...

8.8CVSS0.01388EPSS
Exploits0References4
NVD
NVD
added 2021/06/12 4:15 a.m.43 views

CVE-2021-32548

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2021/06/10 4:15 p.m.43 views

CVE-2021-23022

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.8CVSS0.00228EPSS
Exploits0References1
NVD
NVD
added 2021/06/10 12:15 p.m.43 views

CVE-2021-20293

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

6.1CVSS0.00856EPSS
Exploits0References2
NVD
NVD
added 2021/06/03 10:15 a.m.43 views

CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

6.5CVSS0.00636EPSS
Exploits0References1
NVD
NVD
added 2021/05/20 1:15 p.m.43 views

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

6.5CVSS0.01327EPSS
Exploits0References2
NVD
NVD
added 2021/05/14 8:15 p.m.43 views

CVE-2021-29578

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS0.00211EPSS
Exploits1References2
NVD
NVD
added 2021/05/14 8:15 p.m.43 views

CVE-2021-29559

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

7.1CVSS0.00198EPSS
Exploits1References2
NVD
NVD
added 2021/05/14 12:15 p.m.43 views

CVE-2021-24291

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and id GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticated...

6.1CVSS0.1445EPSS
Exploits2References2
NVD
NVD
added 2021/04/23 4:15 p.m.43 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS0.00668EPSS
Exploits0References2
Total number of security vulnerabilities5000