Lucene search
K
NvdMost viewed

364837 matches found

NVD
NVD
•added 2021/06/10 12:15 p.m.•43 views

CVE-2021-20293

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

6.1CVSS0.00856EPSS
Exploits0References2
NVD
NVD
•added 2021/06/04 9:15 p.m.•43 views

CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...

8.1CVSS0.01539EPSS
Exploits1References3
NVD
NVD
•added 2021/06/03 10:15 a.m.•43 views

CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

6.5CVSS0.00636EPSS
Exploits0References1
NVD
NVD
•added 2021/05/14 8:15 p.m.•43 views

CVE-2021-29578

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS0.00211EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 8:15 p.m.•43 views

CVE-2021-29559

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

7.1CVSS0.00198EPSS
Exploits1References2
NVD
NVD
•added 2021/05/14 12:15 p.m.•43 views

CVE-2021-24291

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting XSS issues via the galleryid, tag, albumid and id GET parameters passed to the bwgfrontenddata AJAX action available to both unauthenticated and authenticated...

6.1CVSS0.1445EPSS
Exploits2References2
NVD
NVD
•added 2021/04/23 4:15 p.m.•43 views

CVE-2019-25027

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 Vaadin 10.0.0 through 10.0.13, and 1.1.0 through 1.4.2 Vaadin 11.0.0 through 13.0.5 allows attacker to execute malicious JavaScript via crafted URL...

6.1CVSS0.00668EPSS
Exploits0References2
NVD
NVD
•added 2021/04/13 8:15 p.m.•43 views

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

8.4CVSS0.30623EPSS
Exploits5References4
NVD
NVD
•added 2021/04/09 1:15 p.m.•43 views

CVE-2021-25327

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...

6.5CVSS0.00899EPSS
Exploits3References3
NVD
NVD
•added 2021/03/18 3:15 p.m.•43 views

CVE-2021-24130

Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged user admin+...

7.2CVSS0.01416EPSS
Exploits2References1
NVD
NVD
•added 2021/03/07 10:15 a.m.•43 views

CVE-2020-28466

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

7.5CVSS0.03658EPSS
Exploits0References4
NVD
NVD
•added 2021/03/05 9:15 p.m.•43 views

CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

6.1CVSS0.08EPSS
Exploits1References3
NVD
NVD
•added 2021/02/09 9:15 p.m.•43 views

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

9.1CVSS0.09993EPSS
Exploits0References1
NVD
NVD
•added 2021/02/09 5:15 p.m.•43 views

CVE-2020-26998

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

5.5CVSS0.00646EPSS
Exploits0References4
NVD
NVD
•added 2020/12/31 9:15 a.m.•43 views

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

5.5CVSS5.4AI score0.00388EPSS
Exploits1References1
NVD
NVD
•added 2020/12/24 8:15 p.m.•43 views

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

7.5CVSS7.5AI score0.00933EPSS
Exploits1References4
NVD
NVD
•added 2020/12/11 1:15 a.m.•43 views

CVE-2020-7560

A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxureâ„¢ Control Expert all versions and Unity Pro former name of EcoStruxureâ„¢ Control Expert all versions, that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxureâ„¢ Control...

8.6CVSS8.7AI score0.01387EPSS
Exploits0References1
NVD
NVD
•added 2020/12/03 5:15 p.m.•43 views

CVE-2020-28923

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

4CVSS3.6AI score0.00957EPSS
Exploits0References2
NVD
NVD
•added 2020/12/02 8:15 p.m.•43 views

CVE-2020-26244

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

6.8CVSS6.5AI score0.00815EPSS
Exploits0References4
NVD
NVD
•added 2020/11/25 2:15 a.m.•43 views

CVE-2020-26242

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service crash during block processing. This is fixed in 1.9.18...

7.5CVSS6.5AI score0.01462EPSS
Exploits0References2
NVD
NVD
•added 2020/11/18 10:15 p.m.•43 views

CVE-2020-26226

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a U...

8.1CVSS7.8AI score0.01384EPSS
Exploits0References2
NVD
NVD
•added 2020/11/02 7:15 a.m.•43 views

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

9.8CVSS6.8AI score0.00702EPSS
Exploits0References2
NVD
NVD
•added 2020/10/21 3:15 p.m.•43 views

CVE-2020-14787

Vulnerability in the Oracle Communications Diameter Signaling Router DSR product of Oracle Communications component: User Interface. Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

5.4CVSS0.00718EPSS
Exploits0References1
NVD
NVD
•added 2020/10/12 2:15 p.m.•43 views

CVE-2020-13341

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions...

4.9CVSS0.01183EPSS
Exploits0References3
NVD
NVD
•added 2020/10/02 9:15 a.m.•43 views

CVE-2020-26134

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode...

6.1CVSS0.01082EPSS
Exploits0References3
NVD
NVD
•added 2020/09/25 7:15 p.m.•43 views

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

9CVSS0.01235EPSS
Exploits1References5
NVD
NVD
•added 2020/09/11 5:15 p.m.•43 views

CVE-2020-16881

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS0.05365EPSS
Exploits0References1
NVD
NVD
•added 2020/08/21 9:15 p.m.•43 views

CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

5.4CVSS5.4AI score0.01401EPSS
Exploits1References3
NVD
NVD
•added 2020/08/18 2:15 p.m.•43 views

CVE-2020-14333

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or oth...

6.3CVSS6.1AI score0.0079EPSS
Exploits0References1
NVD
NVD
•added 2020/08/17 7:15 p.m.•43 views

CVE-2020-1591

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

5.4CVSS4.9AI score0.01507EPSS
Exploits0References1
NVD
NVD
•added 2020/08/11 4:15 p.m.•43 views

CVE-2020-11552

An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An...

10CVSS9.4AI score0.07403EPSS
Exploits4References6
NVD
NVD
•added 2020/07/31 1:15 p.m.•43 views

CVE-2020-10731

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

9.9CVSS9.4AI score0.00889EPSS
Exploits0References1
NVD
NVD
•added 2020/07/15 2:15 a.m.•43 views

CVE-2020-14497

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code...

9.8CVSS0.04922EPSS
Exploits0References37
NVD
NVD
•added 2020/07/01 4:15 p.m.•43 views

CVE-2020-12498

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation...

7.8CVSS0.02106EPSS
Exploits0References2
NVD
NVD
•added 2020/07/01 2:15 a.m.•43 views

CVE-2020-14166

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting XSS vulnerability by uploading a html file...

4.8CVSS0.0194EPSS
Exploits3References2
NVD
NVD
•added 2020/06/30 9:15 p.m.•43 views

CVE-2020-14947

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in plugins/mainsections/msconfig/mssnmpconfig.php is mishandled in getmiboid...

8.8CVSS0.19481EPSS
Exploits5References5
NVD
NVD
•added 2020/06/22 6:15 p.m.•43 views

CVE-2019-14894

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms...

9CVSS0.04078EPSS
Exploits0References1
NVD
NVD
•added 2020/05/08 12:15 p.m.•43 views

CVE-2020-12018

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data...

7.5CVSS8AI score0.01529EPSS
Exploits0References2
NVD
NVD
•added 2020/05/07 12:15 a.m.•43 views

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

8.8CVSS8.7AI score0.01896EPSS
Exploits0References7
NVD
NVD
•added 2020/04/29 12:15 a.m.•43 views

CVE-2020-8472

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M versions 6.0 and earlier and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl version 6.1 and earlier allow low privileged users to read, modify, add and...

7.8CVSS6.5AI score0.00267EPSS
Exploits0References1
NVD
NVD
•added 2020/04/15 5:15 p.m.•43 views

CVE-2020-10637

Eaton HMiSoft VU3 HMIVU3 runtime not impacted, Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product...

5.5CVSS6AI score0.00832EPSS
Exploits0References1
NVD
NVD
•added 2020/04/12 10:15 p.m.•43 views

CVE-2020-11725

sndctlelemadd in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-owner line, which later affects a privatesizecount multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were...

7.8CVSS7.5AI score0.00511EPSS
Exploits1References3
NVD
NVD
•added 2020/03/30 10:15 p.m.•43 views

CVE-2020-11104

An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an initialized C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information such as memory layout or private keys can be gleaned if...

5.3CVSS5.2AI score0.01534EPSS
Exploits1References1
NVD
NVD
•added 2020/03/14 6:15 p.m.•43 views

CVE-2020-10571

An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data...

9.8CVSS9.5AI score0.01736EPSS
Exploits0References2
NVD
NVD
•added 2020/03/10 8:15 p.m.•43 views

CVE-2019-18336

A vulnerability has been identified in SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions V3.X.17, SIMATIC TDC CP51M1 All versions V1.1.8, SIMATIC TDC CPU555 All versions V1.1.1, SINUMERIK 840D sl All versions V4.8.6, SINUMERIK 840D sl All versions V4.94. Speciall...

7.8CVSS7.3AI score0.01674EPSS
Exploits0References1
NVD
NVD
•added 2020/03/06 5:15 p.m.•43 views

CVE-2020-9531

An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In the Web resources of GetAppscom.xiaomi.mipicks, the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass...

7.3CVSS6.9AI score0.013EPSS
Exploits0References3
NVD
NVD
•added 2020/02/12 3:15 p.m.•43 views

CVE-2020-2109

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

8.8CVSS8.7AI score0.01267EPSS
Exploits0References2
NVD
NVD
•added 2020/01/15 5:15 p.m.•43 views

CVE-2020-2559

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM component: UIF Open UI. Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attack...

5.3CVSS4.3AI score0.01694EPSS
Exploits0References1
NVD
NVD
•added 2020/01/15 5:15 p.m.•43 views

CVE-2020-2557

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain component: Security. Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

4.7CVSS3.8AI score0.01109EPSS
Exploits0References1
NVD
NVD
•added 2019/09/23 3:15 p.m.•43 views

CVE-2019-10089

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the...

6.1CVSS6AI score0.02898EPSS
Exploits0References1
Total number of security vulnerabilities5000