Lucene search
K
NvdMost viewed

363813 matches found

NVD
NVD
added 2024/10/26 8:15 a.m.42 views

CVE-2024-0117

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure,...

7.8CVSS0.00415EPSS
Exploits0References2
NVD
NVD
added 2024/10/16 1:15 p.m.42 views

CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...

8.3CVSS0.00342EPSS
Exploits0References2
NVD
NVD
added 2024/10/12 3:15 a.m.42 views

CVE-2024-9821

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stmwpcftogetsettings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with...

8.8CVSS0.01159EPSS
Exploits1References2
NVD
NVD
added 2024/10/08 5:15 a.m.42 views

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

6.5CVSS0.00577EPSS
Exploits0References3
NVD
NVD
added 2024/10/07 9:15 p.m.42 views

CVE-2024-47610

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS0.00294EPSS
Exploits0References2
NVD
NVD
added 2024/10/06 11:15 a.m.42 views

CVE-2024-47349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through = 11.50...

7.1CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 2024/10/02 5:15 p.m.42 views

CVE-2024-20393

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interfa...

8.8CVSS0.00589EPSS
Exploits0References1
NVD
NVD
added 2024/09/23 4:15 p.m.42 views

CVE-2024-34331

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root...

9.8CVSS0.00997EPSS
Exploits0References2
NVD
NVD
added 2024/09/20 7:15 p.m.42 views

CVE-2024-47061

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

8.3CVSS0.00515EPSS
Exploits0References3
NVD
NVD
added 2024/09/17 6:15 p.m.42 views

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet...

9.8CVSS0.16676EPSS
Exploits0References2
NVD
NVD
added 2024/09/16 7:16 p.m.42 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
NVD
NVD
added 2024/09/11 5:15 p.m.42 views

CVE-2024-20489

A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running...

8.4CVSS0.00144EPSS
Exploits0References1
NVD
NVD
added 2024/09/06 5:15 p.m.42 views

CVE-2023-34979

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790...

7.2CVSS0.01073EPSS
Exploits0References1
NVD
NVD
added 2024/09/05 6:15 p.m.42 views

CVE-2024-7591

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above ECS: All versions Multi-Tenancy: 7.1.35.4 and above...

10CVSS0.44069EPSS
Exploits1References2
NVD
NVD
added 2024/09/03 8:15 p.m.42 views

CVE-2024-45390

@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or...

9.8CVSS0.00433EPSS
Exploits0References2
NVD
NVD
added 2024/08/26 12:15 p.m.42 views

CVE-2024-41879

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 2:15 p.m.42 views

CVE-2024-28000

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through = 6.3.0.1...

9.8CVSS0.68266EPSS
Exploits8References4
NVD
NVD
added 2024/08/17 9:15 a.m.42 views

CVE-2024-42274

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e "ALSA: firewire-lib: operate for period elapse event in process context" removed the process context workqueue from...

5.5CVSS0.00169EPSS
Exploits0References6
NVD
NVD
added 2024/08/14 12:15 p.m.42 views

CVE-2024-39397

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file whic...

9CVSS0.01096EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 6:15 p.m.42 views

CVE-2024-38173

Microsoft Outlook Remote Code Execution Vulnerability...

6.7CVSS0.00664EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 1:15 p.m.42 views

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

5.9CVSS0.00507EPSS
Exploits0References1
NVD
NVD
added 2024/08/12 1:38 p.m.42 views

CVE-2024-42469

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...

9.8CVSS0.01211EPSS
Exploits0References2
NVD
NVD
added 2024/08/08 11:15 a.m.42 views

CVE-2024-7610

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch...

6.5CVSS0.00448EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 10:15 a.m.42 views

CVE-2024-42033

Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

7.1CVSS0.00099EPSS
Exploits0References1
NVD
NVD
added 2024/08/08 12:15 a.m.42 views

CVE-2024-6893

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...

7.5CVSS0.32916EPSS
Exploits3References2
NVD
NVD
added 2024/07/31 9:15 p.m.42 views

CVE-2022-4001

An authentication bypass vulnerability could allow an attacker to access API functions without authentication...

7.3CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2024/07/31 8:15 p.m.42 views

CVE-2024-41955

Mobile Security Framework MobSF is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5...

5.4CVSS0.00924EPSS
Exploits1References2
NVD
NVD
added 2024/07/30 5:15 p.m.42 views

CVE-2024-41944

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the report/data/proofofplayReport API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the...

6.5CVSS0.00442EPSS
Exploits0References3
NVD
NVD
added 2024/07/27 12:15 p.m.42 views

CVE-2024-6520

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom error message in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes ...

4.8CVSS0.00318EPSS
Exploits0References3
NVD
NVD
added 2024/07/27 9:15 a.m.42 views

CVE-2024-6458

The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcptpresetsduplicatepresettotable function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with...

6.4CVSS0.00292EPSS
Exploits0References3
NVD
NVD
added 2024/07/25 12:15 p.m.42 views

CVE-2024-39671

Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

9.3CVSS0.00122EPSS
Exploits0References1
NVD
NVD
added 2024/07/24 3:15 a.m.42 views

CVE-2024-6754

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS0.00264EPSS
Exploits0References2
NVD
NVD
added 2024/07/23 9:15 p.m.42 views

CVE-2024-0981

Okta Browser Plugin versions 6.5.0 through 6.31.0 Chrome/Edge/Firefox/Safari are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to properly escape these fields, addressing the...

7.1CVSS0.0036EPSS
Exploits0References1
NVD
NVD
added 2024/07/23 6:15 p.m.42 views

CVE-2024-41661

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate...

Exploits1
NVD
NVD
added 2024/07/21 11:15 p.m.42 views

CVE-2024-37449

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13...

5.9CVSS0.0026EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 8:15 a.m.42 views

CVE-2024-37495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through = 1.9.7...

6.5CVSS0.00279EPSS
Exploits0References2
NVD
NVD
added 2024/07/20 8:15 a.m.42 views

CVE-2024-38738

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1...

5.9CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/07/20 7:15 a.m.42 views

CVE-2024-6491

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00378EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 9:15 a.m.42 views

CVE-2024-31979

Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...

7.5CVSS0.00738EPSS
Exploits0References2
NVD
NVD
added 2024/07/16 4:15 p.m.42 views

CVE-2024-22442

The vulnerability could be remotely exploited to bypass authentication...

9.8CVSS0.00624EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 1:15 p.m.42 views

CVE-2022-48853

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

5.5CVSS0.00265EPSS
Exploits0References17
NVD
NVD
added 2024/07/11 10:15 p.m.42 views

CVE-2024-6392

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-lev...

5.4CVSS0.0031EPSS
Exploits0References3
NVD
NVD
added 2024/07/11 5:15 p.m.42 views

CVE-2024-6681

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

9.8CVSS0.00473EPSS
Exploits0References3
NVD
NVD
added 2024/07/10 7:15 p.m.42 views

CVE-2024-37147

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...

4.3CVSS0.00685EPSS
Exploits1References1
NVD
NVD
added 2024/07/10 8:15 a.m.42 views

CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...

9.8CVSS0.00581EPSS
Exploits0References1
NVD
NVD
added 2024/07/10 1:15 a.m.42 views

CVE-2024-25023

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429...

5.5CVSS0.00115EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 5:15 p.m.42 views

CVE-2024-38080

Windows Hyper-V Elevation of Privilege Vulnerability...

7.8CVSS0.07115EPSS
Exploits0References2
NVD
NVD
added 2024/07/08 6:15 p.m.42 views

CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

7CVSS0.27935EPSS
Exploits1References23
NVD
NVD
added 2024/07/02 4:15 p.m.42 views

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

6.5CVSS0.00856EPSS
Exploits0References3
NVD
NVD
added 2024/07/01 3:15 p.m.42 views

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS0.0042EPSS
Exploits0References1
Total number of security vulnerabilities5000