Lucene search
K
NvdMost viewed

363761 matches found

NVD
NVD
added 2023/10/19 9:15 p.m.42 views

CVE-2023-30131

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls...

9.8CVSS9.7AI score0.00785EPSS
Exploits1References1
NVD
NVD
added 2023/10/17 4:15 p.m.42 views

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

9.8CVSS9.5AI score0.00797EPSS
Exploits1References1
NVD
NVD
added 2023/10/17 8:15 a.m.42 views

CVE-2023-4399

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts. However, the restriction can be bypassed used punycode encoding of the...

7.2CVSS6.7AI score0.01082EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 6:15 a.m.42 views

CVE-2023-36950

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the httphost parameter in the function loginAuth...

9.8CVSS9.7AI score0.00817EPSS
Exploits1References1
NVD
NVD
added 2023/10/09 2:15 p.m.42 views

CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...

7.1CVSS6.9AI score0.00224EPSS
Exploits0References3
NVD
NVD
added 2023/10/03 12:15 a.m.42 views

CVE-2023-28373

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode...

4.4CVSS4.6AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2023/09/25 7:15 p.m.42 views

CVE-2023-42817

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” from “%suggest% is parsed by sprintf even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access...

5.4CVSS5.4AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2023/09/07 11:15 p.m.42 views

CVE-2023-40029

Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...

9.9CVSS9.4AI score0.00975EPSS
Exploits1References3
NVD
NVD
added 2023/09/01 11:15 a.m.42 views

CVE-2022-46527

ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser...

7.5CVSS7.8AI score0.00701EPSS
Exploits1References2
NVD
NVD
added 2023/08/18 10:15 p.m.42 views

CVE-2023-40037

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

6.5CVSS6.4AI score0.01536EPSS
Exploits0References3
NVD
NVD
added 2023/08/17 7:15 a.m.42 views

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

4.8CVSS5AI score0.00362EPSS
Exploits0References2
NVD
NVD
added 2023/08/16 10:15 p.m.42 views

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based management interface of an affected...

6.5CVSS6.7AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2023/08/16 8:15 p.m.42 views

CVE-2023-4382

A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be...

5.4CVSS4.1AI score0.01131EPSS
Exploits4References3
NVD
NVD
added 2023/08/14 9:15 p.m.42 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS9.4AI score0.00439EPSS
Exploits0References2
NVD
NVD
added 2023/08/10 3:15 p.m.42 views

CVE-2023-39955

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a...

6.1CVSS5AI score0.0048EPSS
Exploits0References3
NVD
NVD
added 2023/08/07 2:15 p.m.42 views

CVE-2023-4194

A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits -...

5.5CVSS6.4AI score0.00274EPSS
Exploits0References12
NVD
NVD
added 2023/08/04 9:15 p.m.42 views

CVE-2020-26064

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...

8.1CVSS6.9AI score0.00734EPSS
Exploits0References1
NVD
NVD
added 2023/07/31 3:15 p.m.42 views

CVE-2023-38310

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting XSS vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in...

5.4CVSS5.2AI score0.00489EPSS
Exploits1References2
NVD
NVD
added 2023/07/27 3:15 p.m.42 views

CVE-2023-38489

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be abused if a Kirby user is logged in on a device or browser th...

7.3CVSS7.3AI score0.0072EPSS
Exploits0References7
NVD
NVD
added 2023/07/27 3:15 p.m.42 views

CVE-2023-38490

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

10CVSS7.3AI score0.01526EPSS
Exploits0References7
NVD
NVD
added 2023/07/21 9:15 p.m.42 views

CVE-2022-41793

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.7AI score0.00816EPSS
Exploits1References2
NVD
NVD
added 2023/07/21 9:15 p.m.42 views

CVE-2022-44451

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS9.6AI score0.00816EPSS
Exploits1References2
NVD
NVD
added 2023/07/19 4:15 p.m.42 views

CVE-2023-32262

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details:...

6.5CVSS5.3AI score0.0083EPSS
Exploits0References3
NVD
NVD
added 2023/07/18 7:15 p.m.42 views

CVE-2023-37477

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS0.05354EPSS
Exploits1References2
NVD
NVD
added 2023/07/13 2:15 a.m.42 views

CVE-2023-37561

Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12...

6.1CVSS0.00395EPSS
Exploits0References2
NVD
NVD
added 2023/07/12 5:15 a.m.42 views

CVE-2023-3092

The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.46 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated...

7.2CVSS6.2AI score0.00491EPSS
Exploits0References4
NVD
NVD
added 2023/07/11 3:15 a.m.42 views

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

9.1CVSS9.2AI score0.007EPSS
Exploits0References2
NVD
NVD
added 2023/07/06 3:15 p.m.42 views

CVE-2023-25091

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.0146EPSS
Exploits1References2
NVD
NVD
added 2023/07/06 3:15 p.m.42 views

CVE-2023-22844

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

9.8CVSS8.5AI score0.00759EPSS
Exploits1References2
NVD
NVD
added 2023/06/29 10:15 a.m.42 views

CVE-2023-22886

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.8CVSS8.6AI score0.01518EPSS
Exploits0References1
NVD
NVD
added 2023/06/26 4:15 p.m.42 views

CVE-2023-28485

A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...

5.4CVSS5AI score0.00965EPSS
Exploits2References3
NVD
NVD
added 2023/06/23 11:15 a.m.42 views

CVE-2023-28060

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

6.7CVSS5.3AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2023/06/18 9:15 a.m.42 views

CVE-2023-3308

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

8.8CVSS6.5AI score0.01115EPSS
Exploits1References3
NVD
NVD
added 2023/06/14 4:15 p.m.42 views

CVE-2023-34868

Jerryscript 3.0 commit 05dbbd1 was discovered to contain an Assertion Failure via the parserparseforstatementstart at jerry-core/parser/js/js-parser-statm.c...

7.5CVSS7.5AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2023/06/13 9:15 a.m.42 views

CVE-2023-25910

A vulnerability has been identified in SIMATIC PCS 7 All versions V9.1 SP2 UC04, SIMATIC S7-PM All versions V5.7 SP1 HF1, SIMATIC S7-PM All versions V5.7 SP2 HF1, SIMATIC STEP 7 V5 All versions V5.7. The affected product contains a database management system that could allow remote users with low...

10CVSS9.4AI score0.01EPSS
Exploits0References2
NVD
NVD
added 2023/06/09 9:15 p.m.42 views

CVE-2023-3187

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to...

6.5CVSS6.4AI score0.02556EPSS
Exploits4References3
NVD
NVD
added 2023/06/09 6:15 p.m.42 views

CVE-2023-34245

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

8.1CVSS8AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2023/05/28 11:15 p.m.42 views

CVE-2023-31873

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require'childprocess'...

7.8CVSS7.8AI score0.01349EPSS
Exploits4References1
NVD
NVD
added 2023/05/25 9:15 a.m.42 views

CVE-2023-2881

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10...

6.7CVSS5.4AI score0.00547EPSS
Exploits0References2
NVD
NVD
added 2023/05/21 9:15 p.m.42 views

CVE-2023-33251

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

5.5CVSS6AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2023/05/15 8:15 p.m.42 views

CVE-2023-32313

vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This...

5.3CVSS5.7AI score0.0079EPSS
Exploits0References4
NVD
NVD
added 2023/05/12 4:15 p.m.42 views

CVE-2023-25958

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Justin Saad Simple Tooltips plugin = 2.1.4 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/05/12 1:15 a.m.42 views

CVE-2023-2666

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16...

7.5CVSS6.8AI score0.00681EPSS
Exploits0References2
NVD
NVD
added 2023/05/11 9:15 p.m.42 views

CVE-2023-32058

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of...

7.5CVSS7.6AI score0.00913EPSS
Exploits1References2
NVD
NVD
added 2023/05/02 3:15 p.m.42 views

CVE-2023-2479

OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...

9.8CVSS9.8AI score0.22014EPSS
Exploits2References2
NVD
NVD
added 2023/04/27 9:15 a.m.42 views

CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

9.8CVSS9.9AI score0.0542EPSS
Exploits1References1
NVD
NVD
added 2023/04/19 12:15 a.m.42 views

CVE-2023-29517

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user...

7.5CVSS7.5AI score0.0101EPSS
Exploits1References4
NVD
NVD
added 2023/04/18 1:15 p.m.42 views

CVE-2022-45838

Unauth. Stored Cross-Site Scripting XSS vulnerability in Repute InfoSystems ARForms Form Builder plugin = 1.5.5 versions...

6.1CVSS5.8AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2023/04/17 10:15 p.m.42 views

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS5.2AI score0.00812EPSS
Exploits0References3
NVD
NVD
added 2023/04/05 2:15 p.m.42 views

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...

5.4CVSS5.1AI score0.00302EPSS
Exploits0References4
Total number of security vulnerabilities5000