Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2024/05/14 3:38 p.m.42 views

CVE-2024-34349

Sylius is an open source eCommerce platform. Prior to 1.12.16 and 1.13.1, there is a possibility to execute javascript code in the Admin panel. In order to perform an XSS attack input a script into Name field in which of the resources: Taxons, Products, Product Options or Product Variants. The co...

4.8CVSS6.1AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2024/05/07 4:15 p.m.42 views

CVE-2024-33144

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml...

8.8CVSS7.8AI score0.00536EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 3:15 p.m.42 views

CVE-2024-34342

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

7.1CVSS6.7AI score0.01064EPSS
Exploits1References6
NVD
NVD
added 2024/05/07 2:15 p.m.42 views

CVE-2024-33783

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message...

6.5CVSS6.7AI score0.0052EPSS
Exploits1References1
NVD
NVD
added 2024/05/03 3:15 a.m.42 views

CVE-2023-44423

D-Link DIR-X3260 SetTriggerPPPoEValidate Password Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

8CVSS8.4AI score0.01114EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.42 views

CVE-2023-41189

D-Link DAP-1325 HNAP SetAPLanSettings Gateway Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. T...

8.8CVSS9.1AI score0.01187EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 7:15 a.m.42 views

CVE-2024-32962

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

10CVSS9.4AI score0.00833EPSS
Exploits1References7
NVD
NVD
added 2024/05/01 11:15 a.m.42 views

CVE-2024-32984

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

7.5CVSS7.4AI score0.00761EPSS
Exploits0References3
NVD
NVD
added 2024/04/23 9:15 p.m.42 views

CVE-2024-32866

Conform, a type-safe form validation library, allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature in versions prior to 1.1.1, an attacker can exploit the feature to trigger prototype pollution by passing a crafted input to...

8.6CVSS8.5AI score0.00725EPSS
Exploits0References3
NVD
NVD
added 2024/04/19 5:15 p.m.42 views

CVE-2023-51793

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in imagecopyplane...

7.8CVSS9.2AI score0.00324EPSS
Exploits0References7
NVD
NVD
added 2024/04/09 5:15 p.m.42 views

CVE-2024-26229

Windows CSC Service Elevation of Privilege Vulnerability...

7.8CVSS8.1AI score0.09375EPSS
Exploits4References1
NVD
NVD
added 2024/04/09 4:15 p.m.42 views

CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

9.8CVSS6.8AI score0.01439EPSS
Exploits0References3
NVD
NVD
added 2024/04/06 9:15 a.m.42 views

CVE-2024-2296

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.5CVSS5.1AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2024/04/04 11:15 p.m.42 views

CVE-2024-31206

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

8.2CVSS8AI score0.00332EPSS
Exploits0References5
NVD
NVD
added 2024/04/04 6:15 p.m.42 views

CVE-2024-2660

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7...

6.8CVSS6.4AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2024/03/21 10:15 p.m.42 views

CVE-2024-28118

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages ca...

8.8CVSS9.2AI score0.0122EPSS
Exploits1References2
NVD
NVD
added 2024/03/18 7:15 p.m.42 views

CVE-2024-21662

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combine...

9.1CVSS8AI score0.00838EPSS
Exploits1References5
NVD
NVD
added 2024/03/18 6:15 p.m.42 views

CVE-2024-21652

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute forc...

9.8CVSS9.4AI score0.00751EPSS
Exploits0References1
NVD
NVD
added 2024/03/15 5:15 p.m.42 views

CVE-2023-7009

Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be...

8.2CVSS6.7AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 9:15 p.m.42 views

CVE-2024-27102

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside o...

9.9CVSS9.5AI score0.0055EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 3:15 p.m.42 views

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

9.8CVSS9.6AI score0.41741EPSS
Exploits4References3
NVD
NVD
added 2024/03/01 9:15 a.m.42 views

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...

9.1CVSS6.4AI score0.00485EPSS
Exploits0References2
NVD
NVD
added 2024/02/21 8:15 a.m.42 views

CVE-2023-52442

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request smb2getmsg in smb2getksmbdtcon and smb2checkusersession will always return the first request smb2 header in a compound request. if SMB2TREECONNECTHE is the first command ...

5.5CVSS9.3AI score0.17442EPSS
Exploits0References4
NVD
NVD
added 2024/02/20 3:15 p.m.42 views

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.8AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2024/02/19 8:15 p.m.42 views

CVE-2024-25626

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 before and included Yocto Project 4.3.1, with the Toaster server included in bitbake running, missing input...

9.8CVSS9.1AI score0.01211EPSS
Exploits0References1
NVD
NVD
added 2024/02/14 2:15 p.m.42 views

CVE-2023-27300

Improper buffer restrictions in some IntelR ThunderboltTM DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access...

3.8CVSS4.5AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2024/02/13 7:15 p.m.42 views

CVE-2024-1372

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise...

9.1CVSS9.6AI score0.02275EPSS
Exploits0References4
NVD
NVD
added 2024/02/04 10:15 p.m.42 views

CVE-2024-25089

Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes...

9.8CVSS9.8AI score0.01796EPSS
Exploits0References2
NVD
NVD
added 2024/01/31 5:15 p.m.42 views

CVE-2024-24579

stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...

9.8CVSS7.3AI score0.00393EPSS
Exploits0References2
NVD
NVD
added 2024/01/30 10:15 a.m.42 views

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

6.8CVSS7.2AI score0.00731EPSS
Exploits1References2
NVD
NVD
added 2024/01/29 8:15 p.m.42 views

CVE-2024-24141

Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter...

9.8CVSS10AI score0.01101EPSS
Exploits3References1
NVD
NVD
added 2024/01/24 1:15 a.m.42 views

CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set...

5.5CVSS5.4AI score0.00279EPSS
Exploits1References4
NVD
NVD
added 2024/01/23 2:15 p.m.42 views

CVE-2023-48714

Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a GridField using the GridFieldAddExistingAutocompleter component, the...

4.3CVSS4.4AI score0.00355EPSS
Exploits0References2
NVD
NVD
added 2024/01/21 5:15 p.m.42 views

CVE-2024-23732

The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...

7.5CVSS7.3AI score0.00768EPSS
Exploits0References2
NVD
NVD
added 2024/01/19 9:15 p.m.42 views

CVE-2024-23689

Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...

8.8CVSS8.7AI score0.0067EPSS
Exploits1References6
NVD
NVD
added 2024/01/19 9:15 p.m.42 views

CVE-2024-23684

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation CBOR versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use...

7.5CVSS7.3AI score0.00912EPSS
Exploits0References3
NVD
NVD
added 2024/01/19 9:15 p.m.42 views

CVE-2024-23683

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code...

8.2CVSS8.5AI score0.00355EPSS
Exploits1References6
NVD
NVD
added 2024/01/18 10:15 p.m.42 views

CVE-2023-5130

A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution...

8.8CVSS8.5AI score0.00649EPSS
Exploits0References1
NVD
NVD
added 2024/01/16 10:15 p.m.42 views

CVE-2024-22191

Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...

7.3CVSS6.6AI score0.00745EPSS
Exploits1References3
NVD
NVD
added 2024/01/10 4:15 p.m.42 views

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

8.5CVSS8.1AI score0.00581EPSS
Exploits0References2
NVD
NVD
added 2024/01/09 2:15 a.m.42 views

CVE-2024-22124

Under certain conditions, Internet Communication Manager ICM or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, WEBDISP 7.22EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access...

7.5CVSS5.1AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2024/01/08 2:15 p.m.42 views

CVE-2024-21644

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77...

7.5CVSS7.5AI score0.42173EPSS
Exploits1References2
NVD
NVD
added 2024/01/04 9:15 p.m.42 views

CVE-2024-22051

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker...

9.8CVSS9.8AI score0.0145EPSS
Exploits0References5
NVD
NVD
added 2024/01/04 8:15 p.m.42 views

CVE-2024-21636

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...

6.1CVSS6.2AI score0.00495EPSS
Exploits1References5
NVD
NVD
added 2024/01/02 6:15 a.m.42 views

CVE-2023-33094

Memory corruption while running VK synchronization with KASAN enabled...

8.4CVSS8.7AI score0.00119EPSS
Exploits0References1
NVD
NVD
added 2023/12/29 5:15 p.m.42 views

CVE-2020-17163

Visual Studio Code Python Extension Remote Code Execution Vulnerability...

7.8CVSS0.00584EPSS
Exploits0References1
NVD
NVD
added 2023/12/27 4:15 p.m.42 views

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...

7.5CVSS0.00851EPSS
Exploits0References6
NVD
NVD
added 2023/12/21 11:15 p.m.42 views

CVE-2023-49677

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS0.00671EPSS
Exploits1References2
NVD
NVD
added 2023/12/14 5:15 p.m.42 views

CVE-2023-42801

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Moonlight-common-c is vulnerable to buffer overflow starting in commit f57bd745b4cbed577ea654fad4701bea4d38b44c. A malicious game streaming server could exploit a buffer overflow vulnerability to crash a...

7.6CVSS0.00793EPSS
Exploits1References4
NVD
NVD
added 2023/12/14 5:15 a.m.42 views

CVE-2023-49935

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

8.8CVSS0.0104EPSS
Exploits0References6
Total number of security vulnerabilities5000