Lucene search
K
NvdMost viewed

364494 matches found

NVD
NVD
•added 2022/01/04 8:15 p.m.•43 views

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a...

9.8CVSS0.37671EPSS
Exploits0References2
NVD
NVD
•added 2021/12/22 12:15 a.m.•43 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS0.01165EPSS
Exploits0References3
NVD
NVD
•added 2021/12/17 9:15 p.m.•43 views

CVE-2021-41500

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS0.01184EPSS
Exploits1References2
NVD
NVD
•added 2021/12/06 9:15 p.m.•43 views

CVE-2021-36567

ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache...

10CVSS0.02407EPSS
Exploits1References1
NVD
NVD
•added 2021/12/01 1:15 a.m.•43 views

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

8.8CVSS0.01432EPSS
Exploits1References3
NVD
NVD
•added 2021/11/08 4:15 a.m.•43 views

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

7.1CVSS0.01307EPSS
Exploits3References2
NVD
NVD
•added 2021/11/02 10:15 a.m.•43 views

CVE-2021-33611

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

6.1CVSS0.00955EPSS
Exploits1References2
NVD
NVD
•added 2021/10/05 11:15 p.m.•43 views

CVE-2021-41122

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

4.3CVSS0.00777EPSS
Exploits1References2
NVD
NVD
•added 2021/09/20 6:15 p.m.•43 views

CVE-2021-32838

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

7.5CVSS0.01804EPSS
Exploits0References7
NVD
NVD
•added 2021/09/20 4:15 p.m.•43 views

CVE-2021-32289

An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP located in nalutil.cpp. It allows an attacker to cause Denial of Service...

5.5CVSS0.00621EPSS
Exploits1References1
NVD
NVD
•added 2021/09/14 11:15 a.m.•43 views

CVE-2021-37186

A vulnerability has been identified in LOGO! CMR2020 All versions V2.2, LOGO! CMR2040 All versions V2.2, SIMATIC RTU3010C All versions V4.0.9, SIMATIC RTU3030C All versions V4.0.9, SIMATIC RTU3031C All versions V4.0.9, SIMATIC RTU3041C All versions V4.0.9. The underlying TCP/IP stack does not...

5.4CVSS0.00356EPSS
Exploits0References1
NVD
NVD
•added 2021/08/31 4:15 a.m.•43 views

CVE-2021-36356

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...

10CVSS0.54393EPSS
Exploits5References2
NVD
NVD
•added 2021/08/30 7:15 p.m.•43 views

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

5.4CVSS0.00468EPSS
Exploits0References1
NVD
NVD
•added 2021/08/24 4:15 p.m.•43 views

CVE-2021-39137

go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Further details about the vulnerability will be disclosed at a late...

7.5CVSS0.01527EPSS
Exploits0References2
NVD
NVD
•added 2021/08/18 8:15 p.m.•43 views

CVE-2021-34715

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

9CVSS0.01056EPSS
Exploits0References1
NVD
NVD
•added 2021/08/17 10:15 p.m.•43 views

CVE-2020-23332

A heap-based buffer overflow exists in the AP4StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service DOS...

7.5CVSS0.01325EPSS
Exploits1References2
NVD
NVD
•added 2021/07/16 11:15 a.m.•43 views

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

9.6CVSS0.14115EPSS
Exploits1References1
NVD
NVD
•added 2021/07/09 7:15 p.m.•43 views

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...

9.8CVSS0.00616EPSS
Exploits0References1
NVD
NVD
•added 2021/07/09 2:15 p.m.•43 views

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

9.8CVSS0.72054EPSS
Exploits0References2
NVD
NVD
•added 2021/07/07 3:15 p.m.•43 views

CVE-2021-33218

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access...

10CVSS0.02304EPSS
Exploits4References2
NVD
NVD
•added 2021/07/06 12:15 p.m.•43 views

CVE-2021-32559

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry ACE to an access control list ACL that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process...

6.5CVSS0.01729EPSS
Exploits0References4
NVD
NVD
•added 2021/06/17 11:15 p.m.•43 views

CVE-2021-32693

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the...

8.8CVSS0.01388EPSS
Exploits0References4
NVD
NVD
•added 2021/06/12 4:15 a.m.•43 views

CVE-2021-32548

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
NVD
NVD
•added 2021/06/10 4:15 p.m.•43 views

CVE-2021-23022

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.8CVSS0.00228EPSS
Exploits0References1
NVD
NVD
•added 2021/06/10 12:15 p.m.•43 views

CVE-2021-20293

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

6.1CVSS0.00856EPSS
Exploits0References2
NVD
NVD
•added 2021/06/04 9:15 p.m.•43 views

CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...

8.1CVSS0.01539EPSS
Exploits1References3
NVD
NVD
•added 2021/06/03 10:15 a.m.•43 views

CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

6.5CVSS0.00636EPSS
Exploits0References1
NVD
NVD
•added 2021/05/20 1:15 p.m.•43 views

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

6.5CVSS0.01327EPSS
Exploits0References2
NVD
NVD
•added 2021/05/14 8:15 p.m.•43 views

CVE-2021-29578

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS0.00211EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 8:15 p.m.•43 views

CVE-2021-29559

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

7.1CVSS0.00198EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 12:15 p.m.•43 views

CVE-2021-24291

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and id GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticated...

6.1CVSS0.1445EPSS
Exploits2References2
NVD
NVD
•added 2021/04/23 4:15 p.m.•43 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS0.00668EPSS
Exploits0References2
NVD
NVD
•added 2021/04/13 8:15 p.m.•43 views

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

8.4CVSS0.30623EPSS
Exploits5References4
NVD
NVD
•added 2021/04/09 1:15 p.m.•43 views

CVE-2021-25327

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...

6.5CVSS0.00899EPSS
Exploits3References3
NVD
NVD
•added 2021/03/18 3:15 p.m.•43 views

CVE-2021-24130

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+...

7.2CVSS0.01416EPSS
Exploits2References1
NVD
NVD
•added 2021/03/07 10:15 a.m.•43 views

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

7.5CVSS0.03658EPSS
Exploits0References4
NVD
NVD
•added 2021/02/09 9:15 p.m.•43 views

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

9.1CVSS0.09993EPSS
Exploits0References1
NVD
NVD
•added 2021/02/09 5:15 p.m.•43 views

CVE-2020-26998

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

5.5CVSS0.00646EPSS
Exploits0References4
NVD
NVD
•added 2021/01/21 10:15 a.m.•43 views

CVE-2020-11179

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

7CVSS6.9AI score0.00316EPSS
Exploits0References2
NVD
NVD
•added 2020/12/24 8:15 p.m.•43 views

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

7.5CVSS7.5AI score0.00933EPSS
Exploits1References4
NVD
NVD
•added 2020/12/02 8:15 p.m.•43 views

CVE-2020-26244

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

6.8CVSS6.5AI score0.00815EPSS
Exploits0References4
NVD
NVD
•added 2020/11/25 2:15 a.m.•43 views

CVE-2020-26242

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service crash during block processing. This is fixed in 1.9.18...

7.5CVSS6.5AI score0.01462EPSS
Exploits0References2
NVD
NVD
•added 2020/11/18 10:15 p.m.•43 views

CVE-2020-26226

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...

8.1CVSS7.8AI score0.01384EPSS
Exploits0References2
NVD
NVD
•added 2020/11/02 7:15 a.m.•43 views

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

9.8CVSS6.8AI score0.00702EPSS
Exploits0References2
NVD
NVD
•added 2020/10/21 3:15 p.m.•43 views

CVE-2020-14787

Vulnerability in the Oracle Communications Diameter Signaling Router DSR product of Oracle Communications component: User Interface. Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

5.4CVSS0.00718EPSS
Exploits0References1
NVD
NVD
•added 2020/09/25 7:15 p.m.•43 views

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

9CVSS0.01235EPSS
Exploits1References5
NVD
NVD
•added 2020/09/11 5:15 p.m.•43 views

CVE-2020-16881

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS0.05365EPSS
Exploits0References1
NVD
NVD
•added 2020/08/21 9:15 p.m.•43 views

CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

5.4CVSS5.4AI score0.01401EPSS
Exploits1References3
NVD
NVD
•added 2020/08/18 2:15 p.m.•43 views

CVE-2020-14333

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or oth...

6.3CVSS6.1AI score0.0079EPSS
Exploits0References1
NVD
NVD
•added 2020/08/17 7:15 p.m.•43 views

CVE-2020-1591

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS4.9AI score0.01507EPSS
Exploits0References1
Total number of security vulnerabilities5000