Lucene search
K
RedhatcveMost viewed

206304 matches found

RedhatCVE
RedhatCVE
•added 2017/07/10 7:19 p.m.•46 views

CVE-2017-9791

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...

9.8CVSS4.3AI score0.98931EPSS
Exploits19References2
RedhatCVE
RedhatCVE
•added 2017/06/30 11:21 a.m.•46 views

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

9.8CVSS1.6AI score0.07511EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2017/05/11 2:51 p.m.•46 views

CVE-2017-7486

It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...

7.5CVSS3.2AI score0.06331EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2017/05/11 2:51 p.m.•46 views

CVE-2016-7048

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software...

9.3CVSS8.5AI score0.04915EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2017/02/13 11:12 a.m.•46 views

CVE-2017-5970

A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4pktinfoprepare function to drop/free the dst. This could result in a system crash or possible privilege escalation...

7.5CVSS2.5AI score0.03915EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2016/11/18 3:47 p.m.•46 views

CVE-2016-9074

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services NSS 3.26.1. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

5.9CVSS2.8AI score0.02452EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2016/11/11 9:17 a.m.•46 views

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

9.8CVSS4.2AI score0.0809EPSS
Exploits2References1
RedhatCVE
RedhatCVE
•added 2016/05/03 3:49 p.m.•46 views

CVE-2016-3714

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

10CVSS7AI score0.97485EPSS
Exploits11References1
RedhatCVE
RedhatCVE
•added 2026/01/22 6:13 a.m.•45 views

CVE-2026-23737

A flaw was found in seroval, a JavaScript library designed to convert complex data into a string format. This vulnerability exists within the library's JSON deserialization process, which is responsible for converting string data back into usable objects. A remote attacker can exploit improper...

7.5CVSS5.8AI score0.00519EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/01/09 11:19 a.m.•45 views

CVE-2021-22388

There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed...

9.8CVSS6.8AI score0.00787EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/01/09 10:48 a.m.•45 views

CVE-2022-31890

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function...

9.8CVSS8AI score0.01503EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/01/09 8:58 a.m.•45 views

CVE-2023-49176

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.This issue affects WP Pocket URLs: from n/a through 1.0.2...

7.1CVSS7.1AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 4:23 a.m.•45 views

CVE-2023-43338

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjsgetptr. This vulnerability allows attackers to execute arbitrary code via a crafted input...

9.8CVSS8.2AI score0.00903EPSS
Exploits1
RedhatCVE
RedhatCVE
•added 2025/05/22 4:22 p.m.•45 views

CVE-2020-27589

Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...

7.5CVSS6.8AI score0.01112EPSS
Exploits1
RedhatCVE
RedhatCVE
•added 2025/04/10 7:54 p.m.•45 views

CVE-2025-27738

Improper access control in Windows Resilient File System ReFS allows an authorized attacker to disclose information over a network...

6.5CVSS6.3AI score0.02848EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2025/04/02 7:33 a.m.•45 views

CVE-2025-32044

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exceptionignoreargs = 1 in the...

7.5CVSS7.1AI score0.00337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2025/01/16 2:26 p.m.•45 views

CVE-2024-7595

An insecure configuration flaw was found in the GRE and GRE6 Protocols. When configured to not require authentication or filtering, this issue could allow a remote unauthenticated attacker to spoof packets or bypass access controls. Mitigation See references section for detailed guidance...

5.4CVSS7.1AI score0.01552EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2024/12/17 9:50 a.m.•45 views

CVE-2023-31355

A flaw was found in the AMD firmware. This vulnerability allows a malicious hypervisor to overwrite a guest's UMC seed, potentially enabling the reading of memory from a decommissioned guest via improper restriction of write operations. Mitigation Mitigation for this issue is either not available...

6CVSS6.5AI score0.00443EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/12/12 8:40 a.m.•45 views

CVE-2024-4109

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests...

4.8AI score
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/07/10 12:52 a.m.•45 views

CVE-2024-39684

A flaw was found in the RapidJSON package. This flaw allows a local attacker to trigger an integer overflow via a specially crafted file, possibly leading to the escalation of privileges. Mitigation Mitigation for this issue is either not available or the currently available options do not meet t...

7.8CVSS8AI score0.00424EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/05/01 5:5 p.m.•45 views

CVE-2024-26942

In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually...

5.5CVSS7AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/17 6:54 p.m.•45 views

CVE-2024-21094

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

3.7CVSS3.2AI score0.00746EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/04/03 11:8 p.m.•45 views

CVE-2024-26698

A vulnerability was found in the hvnetvsc driver in the Linux kernel, where a race condition is present between the netvscprobe and netvscremove functions. This race condition could lead to system hangs during network device removal...

4.1CVSS7.4AI score0.00183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/21 12:28 a.m.•45 views

CVE-2024-22025

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

6.5CVSS5.2AI score0.01309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/03/19 5:26 p.m.•45 views

CVE-2024-27439

A flaw was found in Apache Wicket. Under certain circumstances, this flaw allows an attacker to bypass Cross-Site Request Forgery CSRF protections...

8.1CVSS7AI score0.00681EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/03/04 6:27 p.m.•45 views

CVE-2023-52581

A use-after-free flaw was found in the Linux kernel’s nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system. This flaw is similar to the previous CVE-2023-4244 but for a different part of the sour...

7CVSS6.6AI score0.00255EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/28 9:39 p.m.•45 views

CVE-2024-26462

A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion...

7.5CVSS7AI score0.00437EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2024/02/26 11:31 a.m.•45 views

CVE-2024-22371

A flaw was found in Apache Camel. This issue may allow an attacker to expose sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat...

2.9CVSS3.5AI score0.00695EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2024/02/23 2:2 p.m.•45 views

CVE-2023-52451

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlparmemoryremovebyindex may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC index. When the search fails,...

4.4CVSS7.6AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/22 3:2 p.m.•45 views

CVE-2024-26584

A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...

5.5CVSS6.7AI score0.00246EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/20 7:49 p.m.•45 views

CVE-2024-22234

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

7.4CVSS7.6AI score0.00682EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/02/14 9:38 p.m.•45 views

CVE-2024-1459

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. Mitigation Mitigation for thi...

5.3CVSS5.2AI score0.01714EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2024/01/31 11:49 p.m.•45 views

CVE-2024-0853

A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the verify status chec...

3.8CVSS7AI score0.01102EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2024/01/17 12:4 p.m.•45 views

CVE-2024-20970

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server...

4.9CVSS7.9AI score0.01096EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2024/01/16 11:41 a.m.•45 views

CVE-2024-0582

A memory leak flaw was found in the Linux kernel’s iouring functionality in how a user registers a buffer ring with IORINGREGISTERPBUFRING, mmap it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation Mitigation for this iss...

7.8CVSS7.3AI score0.12836EPSS
Exploits9References5
RedhatCVE
RedhatCVE
•added 2023/12/11 1:58 p.m.•45 views

CVE-2023-6186

An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...

8.3CVSS8.4AI score0.00772EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/12/06 5:27 a.m.•45 views

CVE-2023-6393

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

5.3CVSS6.9AI score0.00631EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/12/04 5:54 p.m.•45 views

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

6.8CVSS7.4AI score0.0072EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/11/17 12:50 p.m.•45 views

CVE-2023-48234

A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations. Mitigation Mitigation for this issu...

4.3CVSS4.7AI score0.00749EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2023/11/16 1:29 a.m.•45 views

CVE-2023-44441

A parsing vulnerability was found in the GNU Image Manipulation Program GIMP. This flaw allows an unauthenticated, remote attacker to trick a GIMP user into opening a malicious DDS file, possibly enabling the execution of unauthorized code within the GIMP process. Mitigation Mitigation for this...

7.8CVSS6.8AI score0.27307EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/09 1:58 a.m.•45 views

CVE-2023-6039

A use-after-free flaw was found in lan78xxdisconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Mitigation Mitigation for this issue is to skip loading...

5.5CVSS6.3AI score0.00258EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2023/11/07 2:56 p.m.•45 views

CVE-2023-38407

An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

7.5CVSS6.2AI score0.00931EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2023/11/03 2:57 p.m.•45 views

CVE-2023-45360

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers...

5.4CVSS6.3AI score0.00567EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/10/30 11:28 a.m.•45 views

CVE-2023-46813

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

7CVSS7.8AI score0.00693EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2023/10/21 1:51 a.m.•45 views

CVE-2023-5590

A null pointer dereference flaw was found in Selenium IEDriver. This issue causes the driver to crash when selenium gets the cookies from an attacker controlled page, which could leave the application unavailable. Mitigation No mitigation is currently known for the IE Driver. If possible, opt for...

7.5CVSS6.7AI score0.00852EPSS
Exploits1References4
RedhatCVE
RedhatCVE
•added 2023/10/09 6:54 p.m.•45 views

CVE-2023-5441

A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash. Mitigation Do not run untrusted vim scripts as it's not recommended...

5.5CVSS6AI score0.00431EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/09/26 5:54 a.m.•45 views

CVE-2023-5189

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten...

6.3CVSS6.7AI score0.00834EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/09/20 5:25 p.m.•45 views

CVE-2023-38427

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemblenegcontexts...

9.8CVSS6.6AI score0.01129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2023/09/05 3:13 p.m.•45 views

CVE-2023-4751

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331...

7.8CVSS7.1AI score0.00598EPSS
Exploits1References3
RedhatCVE
RedhatCVE
•added 2023/08/16 10:19 a.m.•45 views

CVE-2023-4380

A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability...

6.3CVSS6.3AI score0.00518EPSS
Exploits0References3
Total number of security vulnerabilities5000