Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2024/11/29 1:15 p.m.42 views

CVE-2024-11990

A Cross-Site Scripting XSS vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters...

4.6CVSS0.00265EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 3:15 p.m.42 views

CVE-2024-36463

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects...

8.8CVSS0.00797EPSS
Exploits0References1
NVD
NVD
added 2024/11/25 10:15 p.m.42 views

CVE-2024-53102

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
added 2024/11/25 7:15 p.m.42 views

CVE-2024-53255

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...

5.4CVSS0.00865EPSS
Exploits2References2
NVD
NVD
added 2024/11/18 5:15 p.m.42 views

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS0.0076EPSS
Exploits1References4
NVD
NVD
added 2024/11/18 4:15 p.m.42 views

CVE-2020-26073

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application...

7.5CVSS0.12062EPSS
Exploits0References3
NVD
NVD
added 2024/11/16 10:15 p.m.42 views

CVE-2024-52408

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through = 3.0.8...

9.9CVSS0.00478EPSS
Exploits0References1
NVD
NVD
added 2024/11/14 10:15 a.m.42 views

CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible...

4.9CVSS0.00481EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 5:15 a.m.42 views

CVE-2024-10575

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices...

10CVSS0.00624EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 7:15 p.m.42 views

CVE-2023-50176

A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link...

8.8CVSS0.00551EPSS
Exploits0References1
NVD
NVD
added 2024/11/12 7:15 p.m.42 views

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through...

8.8CVSS0.02744EPSS
Exploits1References1
NVD
NVD
added 2024/11/09 10:15 a.m.42 views

CVE-2024-51776

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sam Hotchkiss Daily Image daily-image allows Reflected XSS.This issue affects Daily Image: from n/a through = 1.0...

7.1CVSS0.00259EPSS
Exploits0References1
NVD
NVD
added 2024/11/08 8:15 a.m.42 views

CVE-2024-10999

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the...

7.2CVSS0.00552EPSS
Exploits1References4
NVD
NVD
added 2024/11/04 6:15 p.m.42 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

6.8CVSS0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 10:15 p.m.42 views

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS0.00725EPSS
Exploits0References2
NVD
NVD
added 2024/10/29 10:15 p.m.42 views

CVE-2024-8597

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

7.8CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 2024/10/26 8:15 a.m.42 views

CVE-2024-0117

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure,...

7.8CVSS0.00415EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 1:15 p.m.42 views

CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...

8.3CVSS0.00342EPSS
Exploits0References2
NVD
NVD
added 2024/10/12 3:15 a.m.42 views

CVE-2024-9821

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

8.8CVSS0.01159EPSS
Exploits1References2
NVD
NVD
added 2024/10/08 5:15 a.m.42 views

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

6.5CVSS0.00577EPSS
Exploits0References3
NVD
NVD
added 2024/10/07 9:15 p.m.42 views

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS0.00294EPSS
Exploits0References2
NVD
NVD
added 2024/10/06 11:15 a.m.42 views

CVE-2024-47349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.50...

7.1CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.42 views

CVE-2024-20393

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interfa...

8.8CVSS0.00589EPSS
Exploits0References1
NVD
NVD
added 2024/09/23 4:15 p.m.42 views

CVE-2024-34331

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root...

9.8CVSS0.00997EPSS
Exploits0References2
NVD
NVD
added 2024/09/20 7:15 p.m.42 views

CVE-2024-47061

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

8.3CVSS0.00515EPSS
Exploits0References3
NVD
NVD
added 2024/09/17 6:15 p.m.42 views

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet...

9.8CVSS0.16676EPSS
Exploits0References2
NVD
NVD
added 2024/09/16 7:16 p.m.42 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
NVD
NVD
added 2024/09/11 5:15 p.m.42 views

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

8.4CVSS0.00144EPSS
Exploits0References1
NVD
NVD
added 2024/09/06 5:15 p.m.42 views

CVE-2023-34979

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790...

7.2CVSS0.01073EPSS
Exploits0References1
NVD
NVD
added 2024/09/05 6:15 p.m.42 views

CVE-2024-7591

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

10CVSS0.44069EPSS
Exploits1References2
NVD
NVD
added 2024/09/03 8:15 p.m.42 views

CVE-2024-45390

@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or...

9.8CVSS0.00433EPSS
Exploits0References2
NVD
NVD
added 2024/08/26 12:15 p.m.42 views

CVE-2024-41879

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 2:15 p.m.42 views

CVE-2024-28000

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through = 6.3.0.1...

9.8CVSS0.68266EPSS
Exploits8References4
NVD
NVD
added 2024/08/17 9:15 a.m.42 views

CVE-2024-42274

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...

5.5CVSS0.00169EPSS
Exploits0References6
NVD
NVD
added 2024/08/14 12:15 p.m.42 views

CVE-2024-39397

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file whic...

9CVSS0.01096EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.42 views

CVE-2024-38173

Microsoft Outlook Remote Code Execution Vulnerability...

6.7CVSS0.00664EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 1:15 p.m.42 views

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

5.9CVSS0.00507EPSS
Exploits0References1
NVD
NVD
added 2024/08/12 10:15 p.m.42 views

CVE-2024-43218

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mediavine Mediavine Control Panel mediavine-control-panel.This issue affects Mediavine Control Panel: from n/a through = 2.10.4...

6.5CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2024/08/12 1:38 p.m.42 views

CVE-2024-42469

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...

9.8CVSS0.01211EPSS
Exploits0References2
NVD
NVD
added 2024/08/08 11:15 a.m.42 views

CVE-2024-7610

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...

6.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 10:15 a.m.42 views

CVE-2024-42033

Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

7.1CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 12:15 a.m.42 views

CVE-2024-6893

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...

7.5CVSS0.32916EPSS
Exploits3References2
NVD
NVD
added 2024/08/01 5:15 a.m.42 views

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

6.4CVSS0.0026EPSS
Exploits0References2
NVD
NVD
added 2024/07/31 9:15 p.m.42 views

CVE-2022-4001

An authentication bypass vulnerability could allow an attacker to access API functions without authentication...

7.3CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 8:15 p.m.42 views

CVE-2024-41955

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5...

5.4CVSS0.00924EPSS
Exploits1References2
NVD
NVD
added 2024/07/30 5:15 p.m.42 views

CVE-2024-41944

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the report/data/proofofplayReport API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the...

6.5CVSS0.00442EPSS
Exploits0References3
NVD
NVD
added 2024/07/27 12:15 p.m.42 views

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

4.8CVSS0.00318EPSS
Exploits0References3
NVD
NVD
added 2024/07/27 9:15 a.m.42 views

CVE-2024-6458

The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcptpresetsduplicatepresettotable function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with...

6.4CVSS0.00292EPSS
Exploits0References3
NVD
NVD
added 2024/07/26 10:15 a.m.42 views

CVE-2023-38522

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from...

7.5CVSS0.00987EPSS
Exploits0References2
NVD
NVD
added 2024/07/25 12:15 p.m.42 views

CVE-2024-39671

Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

9.3CVSS0.00122EPSS
Exploits0References1
Total number of security vulnerabilities5000