Lucene search
+L
VeracodeMost viewed

38468 matches found

Veracode
Veracode
•added 2026/03/04 11:4 a.m.•63 views

Open Redirect

Volo.Abp.Account.Web is vulnerable to Open Redirect. The vulnerability is due to improper validation of the returnUrl parameter in the register function, where an attacker can redirect users to arbitrary external domains by exploiting this vulnerability...

5.3CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2024/01/31 7:28 a.m.•63 views

Cross-Site WebSocket Hijacking (CSWSH)

jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenkins controller...

8.8CVSS6.8AI score0.66921EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2024/01/10 10:1 a.m.•63 views

Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service DoS. The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web EncryptionJWE token. Successful exploitation...

6.8CVSS7AI score0.02868EPSS
Exploits0References2Affected Software6
Veracode
Veracode
•added 2023/08/05 8:12 p.m.•63 views

Type Confusion

modsecurity-crs is vulnerable to Type Confusion. coreruleset does not block multiple Content-Type headers, which allows an attacker to bypass a WAF with a crafted payload, which occurs when the web application relies on only the last Content-Type headers...

9.8CVSS6.8AI score0.00754EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2023/03/12 12:40 p.m.•63 views

Server-side Request Forgery (SSRF)

directus is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists when importing a file from a remote web server POST to /files/import, allowing an attacker to bypass the security controls that were implemented to patch the CVE-2022-23080 vulnerability by performing a DNS...

7.5CVSS6.1AI score0.0096EPSS
Exploits2References3Affected Software1
Veracode
Veracode
•added 2023/01/10 7:4 a.m.•63 views

Regular Expression Denial Of Service

debug is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in useColors function of node.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...

7.5CVSS7.1AI score0.02046EPSS
Exploits0References6Affected Software1
Veracode
Veracode
•added 2021/07/16 12:12 p.m.•63 views

Privilege Escalation

openjdk7 is vulnerable to privilege escalation. An attacker is able to have unauthorised creation, deletion or modification access to critical data of the system...

5.9CVSS4.2AI score0.03125EPSS
Exploits0References20Affected Software1
Veracode
Veracode
•added 2021/04/05 5:36 a.m.•63 views

Directory Traversal

jetty-deploy is vulnerable to directory traversal. The vulnerability exists through the WebAppProvider filter as it does not canonicalize files passed in from the scanner, allowing access to files outside of its working directory...

2.7CVSS3.7AI score0.0418EPSS
Exploits1References48Affected Software6
Veracode
Veracode
•added 2020/04/10 1:0 a.m.•63 views

Privilege Escalation

kernel is vulnerable to privilege escalation. An integer overflow flaw in ibuverbspollcq could allow a local, unprivileged user to cause a denial of service or escalate their privileges...

6.9CVSS4.2AI score0.00352EPSS
Exploits2References9Affected Software2
Veracode
Veracode
•added 2020/04/10 12:59 a.m.•63 views

Access Control Bypass

ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...

5CVSS3.1AI score0.02814EPSS
Exploits2References23Affected Software1
Veracode
Veracode
•added 2020/01/31 12:35 a.m.•63 views

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...

7.5CVSS0.9AI score0.08415EPSS
Exploits2References24Affected Software244
Veracode
Veracode
•added 2019/12/23 4:57 a.m.•63 views

Arbitrary Code Execution

log4j-core is vulnerable to arbitrary code execution. Deserialization of untrusted data in TcpSocketServer and UdpSocketServer when listening for log data allows an attacker to execute arbitrary code via a malicious deserialization gadget...

9.8CVSS5.6AI score0.6906EPSS
Exploits3References217Affected Software8
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•63 views

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as vhostnet has an infinite loop while receiving packets leads to DoS...

7.7CVSS3AI score0.04425EPSS
Exploits0References55Affected Software2
Veracode
Veracode
•added 2019/05/16 1:22 a.m.•63 views

Access Controls Bypass

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDPCORK option when the UDP Fragmentation Offload UFO...

6.9CVSS6.1AI score0.00661EPSS
Exploits3References19Affected Software1
Veracode
Veracode
•added 2019/05/02 4:41 a.m.•63 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS9.4AI score0.04899EPSS
Exploits1References14Affected Software3
Veracode
Veracode
•added 2019/03/12 2:7 a.m.•63 views

Remote Code Execution

tomcat-catalina is vulnerable to remote code execution. With HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS8.2AI score0.99988EPSS
Exploits23References45Affected Software87
Veracode
Veracode
•added 2019/01/15 9:2 a.m.•63 views

Arbitrary File Overwrite

bash is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have...

9.8CVSS9.6AI score0.99999EPSS
Exploits142References163Affected Software1
Veracode
Veracode
•added 2017/07/07 9:38 p.m.•63 views

Remote Code Execution (RCE)

struts2-struts1-plugin is vulnerable to remote code execution RCE attacks. These attacks are possible because the user input are not sanitized and are directly passed through messages.add to be used as a part of an error message in the ActionMessage class. This doesn't affect users of the Struts...

9.8CVSS9.6AI score0.99461EPSS
Exploits42References11Affected Software1
Veracode
Veracode
•added 2023/12/20 10:6 a.m.•62 views

Path Traversal

org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...

7.5CVSS7.1AI score0.01345EPSS
Exploits0References2Affected Software1
Veracode
Veracode
•added 2022/05/09 6:11 a.m.•62 views

Arbitrary File Upload

WSO2 Carbon Services is vulnerable to arbitrary file upload. The vulnerability exists because the file upload permissions and validations are not properly handled which allows an attacker to upload arbitrary files...

9.8CVSS3AI score0.99999EPSS
Exploits22References12Affected Software3
Veracode
Veracode
•added 2022/04/21 12:42 a.m.•62 views

Privilege Escalation

jenkins-2-plugins is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the path allowing an attacker to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

6.5CVSS3.4AI score0.01742EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2022/01/19 8:50 a.m.•62 views

Deserialisation Of Untrusted Object

JMSSink in log4j is vulnerable to deserialization of untrusted object. The insecure use of JNDI in JMSSink allows an attacker to send malicious object in LDAP store if it is accessible by an attacker or is configured to use an untrusted site, leading to a remote code execution. Note: this...

8.8CVSS4.2AI score0.61785EPSS
Exploits0References6Affected Software93
Veracode
Veracode
•added 2021/09/02 12:39 a.m.•62 views

Remote Code Execution (RCE)

kernel is vulnerable to remote code execution. The vulnerability exists due to incorrect computation of branch displacements...

7.8CVSS3.3AI score0.00931EPSS
Exploits0References14Affected Software6
Veracode
Veracode
•added 2021/06/16 4:24 p.m.•62 views

Denial Of Service (DoS)

mariadb is vulnerable to denial of service. An easily exploitable vulnerability allows a high privileged attacker with network access to cause a hang or frequently repeatable crash...

4.9CVSS3.9AI score0.02481EPSS
Exploits0References14Affected Software5
Veracode
Veracode
•added 2021/04/17 12:38 a.m.•62 views

Use After Free

kernel is vulnerable to use after free. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system...

7.8CVSS5AI score0.01377EPSS
Exploits1References24Affected Software2
Veracode
Veracode
•added 2021/03/30 7:34 a.m.•62 views

Arbitrary Code Execution

underscore is vulnerable to arbitrary code execution. An attacker is able to inject and execute arbitrary OS commands via the template function when a variable property is passed as an argument due to lack of validation...

7.2CVSS6.4AI score0.04087EPSS
Exploits2References20Affected Software4
Veracode
Veracode
•added 2021/03/03 6:37 p.m.•62 views

Arbitrary Code Execution (RCE)

wpasupplicant is vulnerable to arbitrary code execution RCE. The vulnerability exists in the way p2p/p2ppd.c processes P2P Wi-Fi Direct provision discovery requests...

7.5CVSS4.5AI score0.01179EPSS
Exploits0References16Affected Software1
Veracode
Veracode
•added 2021/02/17 4:3 p.m.•62 views

Use-after-free

kernel is vulnerable to use-after-free. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt...

7.8CVSS3.1AI score0.01129EPSS
Exploits2References16Affected Software6
Veracode
Veracode
•added 2021/01/20 4:41 p.m.•62 views

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A buffer overflow in the rfc1035.c:extractname function allows an attacker to execute arbitrary code on the host OS...

8.1CVSS4.1AI score0.70754EPSS
Exploits0References10Affected Software6
Veracode
Veracode
•added 2021/01/04 2:37 a.m.•62 views

Remote Code Execution (RCE)

nukeviet/nukeviet is vulnerable to remote code execution. The vulnerability exists due to the lack of verification and sanitization of an untrusted nvloginhash cookie...

9.8CVSS3.2AI score0.02535EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2020/11/05 3:9 a.m.•62 views

Out Of Bound Writes (OOB)

kernel-rt is vulnerable to out of bound writes attacks. A user or process able to access the /dev/kvm device could use this flaw to crash the system, resulting in a denial of service...

6.1CVSS6.9AI score0.00679EPSS
Exploits1References23Affected Software2
Veracode
Veracode
•added 2020/09/21 6:21 a.m.•62 views

Denial Of Service (DoS)

kernel is vulnerble to denial of service. A local user with the ability to read the /sys/class/zram-control/hotadd file can create ZRAM device nodes in the /dev/ directory and causes the kernel to allocate memory that is not accounted for. With this vulnerability, continual reading of the device...

5.5CVSS4AI score0.00311EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2020/04/10 12:28 a.m.•62 views

Privilege Escalation

openssh is vulnerable privilege escalation. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application run on the remote server, to gain unintended access to a users local X...

7.5CVSS4.7AI score0.02374EPSS
Exploits0References33Affected Software1
Veracode
Veracode
•added 2020/04/10 12:12 a.m.•62 views

Cross-site Scripting (XSS)

Mozilla Thunderbird is vulnerable to Cross-site Scripting XSS. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird;...

6.8CVSS1.5AI score0.04097EPSS
Exploits0References56Affected Software4
Veracode
Veracode
•added 2019/11/19 3:15 a.m.•62 views

XML External Entities (XXE)

jackson-mapper-asl is vulnerable to XML external entity attacks. This vulnerability is similar to CVE-2016-3720 whereby the external DTD is not disabled, allowing an attacker to retrieve system files, or perform requests on behalf of the server using malicious XML documents...

9.8CVSS3.1AI score0.17044EPSS
Exploits0References72Affected Software83
Veracode
Veracode
•added 2019/08/20 12:10 a.m.•62 views

Information Disclosure

php is vulnerable to information disclosire. File rename across filesystems may allow unintended access to the file being renamed while the process is on-going...

7.5CVSS2.4AI score0.07347EPSS
Exploits0References16Affected Software2
Veracode
Veracode
•added 2019/08/08 12:7 a.m.•62 views

Information Disclsoure

kernel is vulnerable to information disclosure. The vulnerability exists as KVM leaks uninitialized stack contents to guest...

5.5CVSS1.9AI score0.00678EPSS
Exploits1References48Affected Software2
Veracode
Veracode
•added 2019/05/02 6:9 a.m.•62 views

Unauthenticated Access

oracle java SE is vulnerable to unauthenticated access vulnerability. This exists due to not validating the length of the object identifier read from the DER input in Libraries component of OpenJDK before allocating memory to store the OID. An attacker able to make a Java application decode a...

5.3CVSS7AI score0.03533EPSS
Exploits0References18Affected Software4
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•62 views

Arbitrary Code Execution

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

9.8CVSS9.3AI score0.53166EPSS
Exploits43References23Affected Software6
Veracode
Veracode
•added 2019/05/02 5:39 a.m.•62 views

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

7.5CVSS9.2AI score0.53166EPSS
Exploits32References32Affected Software6
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•62 views

Denial Of Service (DoS)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a...

6.8CVSS6.2AI score0.85744EPSS
Exploits5References70Affected Software141
Veracode
Veracode
•added 2019/05/02 4:44 a.m.•62 views

Arbitrary Code Injection

The Apache HTTP Server is a popular web server. Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitra...

5.1CVSS6.2AI score0.24886EPSS
Exploits4References58Affected Software108
Veracode
Veracode
•added 2019/01/15 8:57 a.m.•62 views

Remote Code Execution (RCE)

samba4 is vulnerable to remote code execution RCE attacks. The vulnerability exists as the RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation,...

10CVSS9AI score0.74034EPSS
Exploits9References43Affected Software5
Veracode
Veracode
•added 2018/11/20 5:23 a.m.•62 views

Denial Of Service (DoS)

node is vulnerable to denial of service. A use-after-free UAF bug in the TLS implementation allows a remote attacker to cause a denial of service condition in the HTTP server by sending duplicate or unexpected messages during the SSL handshake...

7.5CVSS7.1AI score0.06974EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2018/07/11 9:49 a.m.•62 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution RCE attacks. The application contains a use-after-free bug in JavascriptArray.cpp, allowing arbitrary code to be executed. This CVE is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301...

7.5CVSS8AI score0.71043EPSS
Exploits3References5Affected Software2
Veracode
Veracode
•added 2017/08/22 3:7 a.m.•62 views

Integer Overflow

github.com/kubernetes/minikube is vulnerable to integer overflows. The library uses a vulnerable version of nginx ingress controller that can cause sensitive information to leak when handling a malicious request. This is related to CVE-2017-7529...

7.5CVSS8.2AI score0.62597EPSS
Exploits6
Veracode
Veracode
•added 2023/03/09 10:25 a.m.•61 views

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. The vulnerability exists due to the special characters in the origin response header can truncate/split the response forwarded to the client through the modproxyuwsgi...

7.5CVSS8.4AI score0.02134EPSS
Exploits0References8Affected Software3
Veracode
Veracode
•added 2023/01/25 2:38 a.m.•61 views

Information Disclosure

opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security FLS with .keyword fields , allowing an attacker to gain read access to indexes through the restricted fields...

6.5CVSS6.2AI score0.00821EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/10/28 10:11 a.m.•61 views

Denial Of Service (DoS)

php, Python, sha3 and pysha3 are vulnerable to Denial Of Service DoS. The vulnerability exists through the integer overflow and resultant buffer overflow in the sponge function interface due to the improper implementation of Keccak XKCP SHA-3 reference, allowing an attacker to crash the applicati...

9.8CVSS9.7AI score0.05193EPSS
Exploits1References18Affected Software15
Veracode
Veracode
•added 2022/06/12 5:52 p.m.•61 views

HTTP Request Smuggling (HRS)

Apache HTTP Server is vulnerable to http request smuggling . The vulnerability exists due to inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp which allows an attacker to smuggle requests to the AJP server it forwards requests...

7.5CVSS8.6AI score0.19008EPSS
Exploits1References10Affected Software18
Total number of security vulnerabilities5000