Lucene search
K
NvdMost viewed

363836 matches found

NVD
NVD
added 2024/07/23 6:15 p.m.42 views

CVE-2024-41661

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-50094. Reason: This candidate is a duplicate of CVE-2023-50094. Notes: All CVE users should reference CVE-2023-50094 instead of this candidate...

Exploits1
NVD
NVD
added 2024/07/21 11:15 p.m.42 views

CVE-2024-37449

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.7.13...

5.9CVSS0.0026EPSS
Exploits0References1
NVD
NVD
added 2024/07/21 8:15 a.m.42 views

CVE-2024-37495

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through = 1.9.7...

6.5CVSS0.00279EPSS
Exploits0References2
NVD
NVD
added 2024/07/20 8:15 a.m.42 views

CVE-2024-38738

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1...

5.9CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2024/07/20 7:15 a.m.42 views

CVE-2024-6491

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00378EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 9:15 a.m.42 views

CVE-2024-31979

Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...

7.5CVSS0.00738EPSS
Exploits0References2
NVD
NVD
added 2024/07/16 4:15 p.m.42 views

CVE-2024-22442

The vulnerability could be remotely exploited to bypass authentication...

9.8CVSS0.00624EPSS
Exploits0References1
NVD
NVD
added 2024/07/16 1:15 p.m.42 views

CVE-2022-48853

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMAFROMDEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1 The test case issues a command code 00 TEST UNIT READY...

5.5CVSS0.00265EPSS
Exploits0References17
NVD
NVD
added 2024/07/11 10:15 p.m.42 views

CVE-2024-6392

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-lev...

5.4CVSS0.0031EPSS
Exploits0References3
NVD
NVD
added 2024/07/11 5:15 p.m.42 views

CVE-2024-6681

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

9.8CVSS0.00473EPSS
Exploits0References3
NVD
NVD
added 2024/07/10 7:15 p.m.42 views

CVE-2024-37147

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16...

4.3CVSS0.00685EPSS
Exploits1References1
NVD
NVD
added 2024/07/10 8:15 a.m.42 views

CVE-2024-6422

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data...

9.8CVSS0.00581EPSS
Exploits0References1
NVD
NVD
added 2024/07/10 1:15 a.m.42 views

CVE-2024-25023

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429...

5.5CVSS0.00115EPSS
Exploits0References2
NVD
NVD
added 2024/07/02 4:15 p.m.42 views

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

6.5CVSS0.00856EPSS
Exploits0References3
NVD
NVD
added 2024/07/01 3:15 p.m.42 views

CVE-2024-6376

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2...

9.8CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 3:15 p.m.42 views

CVE-2024-21456

Information Disclosure while parsing beacon frame in STA...

9.1CVSS0.00273EPSS
Exploits0References1
NVD
NVD
added 2024/06/27 8:15 p.m.42 views

CVE-2024-6127

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...

9.8CVSS0.10263EPSS
Exploits1References4
NVD
NVD
added 2024/06/27 7:15 p.m.42 views

CVE-2024-6139

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in...

7.3CVSS0.0052EPSS
Exploits0References1
NVD
NVD
added 2024/06/27 7:15 p.m.42 views

CVE-2023-30998

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254649...

7.8CVSS0.00231EPSS
Exploits1References3
NVD
NVD
added 2024/06/27 7:15 p.m.42 views

CVE-2023-30997

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254638...

7.8CVSS0.00231EPSS
Exploits1References3
NVD
NVD
added 2024/06/27 12:15 p.m.42 views

CVE-2024-6369

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LVReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible t...

5.4CVSS0.00412EPSS
Exploits1References4
NVD
NVD
added 2024/06/25 2:15 a.m.42 views

CVE-2024-23143

A maliciously crafted 3DM, MODEL and XB file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary co...

7.8CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 11:15 p.m.42 views

CVE-2024-22168

A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...

5.9CVSS0.00324EPSS
Exploits0References1
NVD
NVD
added 2024/06/24 6:15 a.m.42 views

CVE-2024-4900

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post...

6.1CVSS0.00329EPSS
Exploits2References1
NVD
NVD
added 2024/06/20 12:15 p.m.42 views

CVE-2022-48766

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap dcn301calculatewmanddlg for FPU. Mirrors the logic for dcn30. Cue lots of WARNs and some kernel panics without this fix...

5.5CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2024/06/18 6:15 a.m.42 views

CVE-2024-34024

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not...

6.3CVSS0.00359EPSS
Exploits0References2
NVD
NVD
added 2024/06/17 9:15 p.m.42 views

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "savesettings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability...

9.8CVSS0.01923EPSS
Exploits4References2
NVD
NVD
added 2024/06/16 9:15 p.m.42 views

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor...

6.5CVSS0.01302EPSS
Exploits4References2
NVD
NVD
added 2024/06/14 6:15 p.m.42 views

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function...

8.8CVSS0.04019EPSS
Exploits1References1
NVD
NVD
added 2024/06/14 6:15 a.m.42 views

CVE-2024-3965

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS0.00198EPSS
Exploits2References1
NVD
NVD
added 2024/06/13 6:15 a.m.42 views

CVE-2024-2098

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected fil...

7.5CVSS0.00454EPSS
Exploits0References2
NVD
NVD
added 2024/06/12 10:15 a.m.42 views

CVE-2023-51524

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18...

8.8CVSS0.00335EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 10:15 a.m.42 views

CVE-2023-38395

Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1...

5.4CVSS0.00256EPSS
Exploits0References1
NVD
NVD
added 2024/06/12 7:15 a.m.42 views

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

6.1CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 9:15 p.m.42 views

CVE-2024-5830

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00924EPSS
Exploits0References4
NVD
NVD
added 2024/06/10 12:15 p.m.42 views

CVE-2024-1228

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 from that version...

9.8CVSS0.00409EPSS
Exploits0References3
NVD
NVD
added 2024/06/10 8:15 a.m.42 views

CVE-2024-35721

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5...

8.8CVSS0.00356EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 7:15 p.m.42 views

CVE-2024-35662

Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2...

8.8CVSS0.00351EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 6:15 p.m.42 views

CVE-2024-32703

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

8.1CVSS0.00577EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 6:15 p.m.42 views

CVE-2024-3033

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specifi...

9.4CVSS0.00552EPSS
Exploits1References2
NVD
NVD
added 2024/06/06 4:15 p.m.42 views

CVE-2024-36399

Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser. The users permission to add users to a project only get checked on the URL parameter projectid. If the user is authorized to add users to...

8.2CVSS0.00353EPSS
Exploits1References2
NVD
NVD
added 2024/06/06 4:15 p.m.42 views

CVE-2024-35178

The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows...

7.5CVSS0.00699EPSS
Exploits0References2
NVD
NVD
added 2024/06/03 6:15 a.m.42 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.1CVSS5.7AI score0.00349EPSS
Exploits0References3
NVD
NVD
added 2024/05/30 4:15 p.m.42 views

CVE-2024-36911

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...

5.5CVSS6.5AI score0.00225EPSS
Exploits0References3
NVD
NVD
added 2024/05/27 7:15 p.m.42 views

CVE-2024-35182

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

8.1CVSS5.9AI score0.01552EPSS
Exploits1References5
NVD
NVD
added 2024/05/22 6:15 a.m.42 views

CVE-2024-4443

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

9.8CVSS9.7AI score0.10272EPSS
Exploits1References3
NVD
NVD
added 2024/05/21 4:15 p.m.42 views

CVE-2023-52761

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

5.5CVSS6.7AI score0.00254EPSS
Exploits0References3
NVD
NVD
added 2024/05/16 9:16 p.m.42 views

CVE-2024-21835

Insecure inherited permissions in some IntelR XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.1AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2024/05/15 5:15 p.m.42 views

CVE-2024-3967

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

9.8CVSS8AI score0.00635EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 4:17 p.m.42 views

CVE-2024-34356

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...

5.4CVSS5.1AI score0.00502EPSS
Exploits0References5
Total number of security vulnerabilities5000