Lucene search
+L
VeracodeMost viewed

38468 matches found

Veracode
Veracode
•added 2020/10/07 12:22 a.m.•70 views

Top-Level Navigation Restrictions Bypass

electron allows bypass of top-level navigation restrictions. The vulnerability exists as sub-frames can bypass the top-level navigation prevention through the will-navigate event...

7.5CVSS3.6AI score0.01351EPSS
Exploits0References3Affected Software1
Veracode
Veracode
•added 2019/08/06 1:38 a.m.•70 views

Directory Traversal

github.com/kubernetes/kubernetes is vulnerable to directory traversal. The vulnerability exists as a malicious container can replace or create files on a user's workstation. The vulnerability is due to incomplete fixes of CVE-2019-1002101 and CVE-2019-11246...

6.5CVSS4AI score0.13164EPSS
Exploits2References11Affected Software23
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•70 views

Information Disclosure

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on...

7.8CVSS6.6AI score0.37233EPSS
Exploits24References16Affected Software1
Veracode
Veracode
•added 2017/02/03 9:14 a.m.•70 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious DSA private key to the system, causing a double-free in the system that can lead to the application to crash...

10CVSS8.9AI score0.26335EPSS
Exploits1References58Affected Software3
Veracode
Veracode
•added 2025/12/13 7:8 a.m.•69 views

Denial Of Service (DoS)

getgrav/grav is vulnerable to a Denial of Service DoS. The vulnerability is due to insufficient sanitization of the scheduledat parameter, which allows an attacker to inject malicious cron expressions e.g., a single quote and disrupt the admin panel functionality, leading to a denial of service...

4.9CVSS5.9AI score0.00339EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2023/04/17 12:6 p.m.•69 views

Privilege Escalation

github.com/etcd-io/etcd is vulnerable to Privilege Escalation. The vulnerability exists due to improper authentication in v3server.go which allows an attacker to gain escalated privilege when the log level is set to debug...

9.8CVSS9.2AI score0.01605EPSS
Exploits0References7Affected Software2
Veracode
Veracode
•added 2023/01/08 1:3 p.m.•69 views

SQL Injection

php is vulnerable to SQL Injection attacks. The vulnerability exists due to an integer overflow when processing untrusted input within the PDO::quote in PDOSQLite, which allows a remote attacker to pass a specially crafted input to the application that after being processed by the affected...

9.1CVSS4.7AI score0.02212EPSS
Exploits0References5Affected Software8
Veracode
Veracode
•added 2022/10/16 11:29 p.m.•69 views

Authentication Bypass

erlang is vulnerable to Authentication Bypass. The vulnerability exists in due to improper authentication which allows an attacker to access client certifications via the external database authentication...

9.8CVSS9AI score0.01167EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2022/10/14 6:57 p.m.•69 views

Arbitrary Code Execution

Apache Commons Text is vulnerable to Arbitrary Code Execution. The vulnerability exists in the lookup module due to insecure interpolation defaults when untrusted configuration values are used which allows an attacker to inject arbitrary code into the system...

9.8CVSS9.4AI score0.99931EPSS
Exploits42References10Affected Software4
Veracode
Veracode
•added 2022/05/23 2:6 a.m.•69 views

Prototype Pollution

Mozilla is vulnerable to prototype pollution. An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution...

8.8CVSS8.5AI score0.17103EPSS
Exploits0References4Affected Software5
Veracode
Veracode
•added 2022/01/29 5:17 p.m.•69 views

Denial Of Service (DoS)

Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries is vulnerable to denial of service. It allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of...

5.3CVSS3.6AI score0.03782EPSS
Exploits0References11Affected Software8
Veracode
Veracode
•added 2021/10/27 5:26 p.m.•69 views

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...

6.5CVSS2.3AI score0.07948EPSS
Exploits1References24Affected Software3
Veracode
Veracode
•added 2019/05/02 5:3 a.m.•69 views

Denial Of Service (DoS)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a...

6.8CVSS6.2AI score0.85744EPSS
Exploits5References76Affected Software141
Veracode
Veracode
•added 2025/12/13 6:8 a.m.•68 views

Stored Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...

6.2CVSS6AI score0.00182EPSS
Exploits1References2Affected Software1
Veracode
Veracode
•added 2022/02/17 8:28 a.m.•68 views

Cross-Site Scripting (XSS)

libexpat.so is vulnerable to cross-site scripting. The vulnerability exists in CHECKNAMECASE and CHECKNMSTRTCASES functions of xmltokimpl.c because the conditions are not properly validated which allows an attacker to inject and execute javascript...

9.8CVSS2.6AI score0.04955EPSS
Exploits0References15Affected Software23
Veracode
Veracode
•added 2022/01/15 12:29 a.m.•68 views

Privilege Escalation

linux is vulnerable to privilege escalation. The vulnerability exists due to a memory leak flaw in shmget which are aligned to PUD alignment with the fault of some of the memory pages...

4.4CVSS3.2AI score0.00515EPSS
Exploits1References9Affected Software5
Veracode
Veracode
•added 2021/09/20 5:4 a.m.•68 views

Denial Of Service (DoS)

apache2:sid is vulnerable to denial of service DoS. A malicious request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS...

7.5CVSS2.6AI score0.62887EPSS
Exploits0References40Affected Software21
Veracode
Veracode
•added 2020/04/10 12:50 a.m.•68 views

Privilege Escalation

The kernel is vulnerable to privilege escalation. A flaw in the IA32 system call emulation provided in 64-bit Linux kernels could allow a local user to escalate their privileges...

7.2CVSS3.9AI score0.03818EPSS
Exploits1References23Affected Software1
Veracode
Veracode
•added 2020/02/12 5:26 a.m.•68 views

Remote Code Execution (RCE)

chakracore is vulnerable to remote code execution. The vulnerability exists in lib/Backend/Lower.cpp through an issue with interpreting the intermediate representation IR. This CVE ID is different from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713...

7.5CVSS4AI score0.86863EPSS
Exploits17References4Affected Software2
Veracode
Veracode
•added 2018/08/16 4:17 a.m.•68 views

Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE. The library does not merge block data properly for loops, leading to an invalid pointer read that can crash the application or cause arbitrary code to be executed...

7.5CVSS8.1AI score0.1425EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2017/02/10 1:42 a.m.•68 views

Access Bypass

OpenSSL is vulnerable to access bypass. OpenSSL accepts client authentication with a Diffie-Helman certificate without receiving a CertificateValue message. This allows attacks to gain access without the knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that...

5CVSS6.2AI score0.24626EPSS
Exploits0References72Affected Software1
Veracode
Veracode
•added 2024/02/18 6:35 a.m.•67 views

Denial Of Service

dnsmasq is vulnerable to Denial of Service. The vulnerability due to KeyTrap issue when dealing with a zone that contains numerous DNSKEY DNS Key and RRSIG Resource Record Signature records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG...

7.5CVSS6.6AI score0.99995EPSS
Exploits0References31Affected Software7
Veracode
Veracode
•added 2023/09/21 11:12 a.m.•67 views

Arbitrary File Overwrite

org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...

8.8CVSS6.8AI score0.01884EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2023/05/04 2:21 a.m.•67 views

Password Disclosure

akka-stream-kafka is vulnerable to Password Disclosure. The vulnerability exists because it does not redact the Consumer or Producer properties in logs, which allows an attacker to read credentials as plaintext through the akka.kafka.internal.KafkaConsumerActor when debug logging is enabled...

5.5CVSS5.5AI score0.00152EPSS
Exploits0References4Affected Software3
Veracode
Veracode
•added 2023/02/16 2:24 a.m.•67 views

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library does not properly validate the debugging symbols, allowing an attacker to inject and execute malicious code while reading a malicious symbols file...

7.8CVSS8AI score0.01148EPSS
Exploits0References5Affected Software8
Veracode
Veracode
•added 2023/01/10 5:20 a.m.•67 views

Server-Side Request Forgery (SSRF)

com.amazonaws:aws-android-sdk-core is vulnerable to server-side request forgery. The vulnerability exists due to the the XML Parser component located in the XpathUtils function in aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java which allows a remote attacker to abuse server...

9.8CVSS8.8AI score0.00669EPSS
Exploits0References5Affected Software1
Veracode
Veracode
•added 2022/12/31 12:45 a.m.•67 views

Denial Of Service

poppler is vulnerable to denial of service attacks. A logical error in the Hints::Hints function in the Hints.cc file allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service...

6.5CVSS6.1AI score0.01547EPSS
Exploits1References9Affected Software1
Veracode
Veracode
•added 2022/08/30 7:7 a.m.•67 views

Cross-site Scripting (XSS)

jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS6.8AI score0.01208EPSS
Exploits1References5Affected Software1
Veracode
Veracode
•added 2022/04/26 7:38 a.m.•67 views

Server-Side Template Injection

ejs is vulnerable to server side template injection. Lack of protection against server-side template injection in outputFunctionName allows an attacker to inject arbitrary OS commands which are executed upon template compilation...

9.8CVSS4.2AI score0.32808EPSS
Exploits7References6Affected Software2
Veracode
Veracode
•added 2022/03/23 4:19 a.m.•67 views

Privilege Escalation

electron is vulnerable to privilege escalation. An attacker can obtain access to a bluetooth device via the web bluetooth API if the application has not configured a custom select-bluetooth-device event handler...

5CVSS3.4AI score0.00909EPSS
Exploits0References14Affected Software1
Veracode
Veracode
•added 2022/03/18 5:13 a.m.•67 views

Clickjacking

swagger-ui, is vulnerable to clickjacking. It was possible to perform a clickjacking attack due to the lack of validation in the SwaggerUI function allowing a remote attacker to exploit and hijack victim click actions...

6.1CVSS3.6AI score0.01472EPSS
Exploits0References6Affected Software2
Veracode
Veracode
•added 2022/03/02 8:46 a.m.•67 views

Code Injection

spring-cloud-gateway is vulnerable to code injection. With Gateway Actuator endpoint setting enabled, an attacker is able to inject malicious code through the exposed actuator endpoint...

10CVSS3.1AI score0.98253EPSS
Exploits54References6Affected Software1
Veracode
Veracode
•added 2022/01/06 4:31 a.m.•67 views

Path Traversal

django is vulnerable to path traversal. The vulnerability exists in the save function in storage.py as it does not properly validate the filenames, allowing an attacker to access files outside the expected directory through the crafted filenames...

5.3CVSS5.1AI score0.02388EPSS
Exploits0References8Affected Software4
Veracode
Veracode
•added 2021/11/17 10:38 p.m.•67 views

Packet Injection

kernel is vulnerable to packet injection. The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext...

5.4CVSS2.1AI score0.07604EPSS
Exploits0References13Affected Software2
Veracode
Veracode
•added 2021/07/22 5:50 a.m.•67 views

Information Disclosure

Curl:Edge is vulnerable to information disclosure due to an incomplete fix for CVE-2021-22898...

5.3CVSS1AI score0.04929EPSS
Exploits2References14Affected Software5
Veracode
Veracode
•added 2021/05/20 3:27 p.m.•67 views

Privilege Escalation

bash is vulnerable to privilege escalation. The way privileges are dropped when started with an effective user ID not equal to the real user ID. If the setuid permission is set and the owner of the bash program is a non-root user, a local attacker is able to abuse the vulnerability to escalate...

7.8CVSS3.6AI score0.02608EPSS
Exploits5References12Affected Software3
Veracode
Veracode
•added 2021/03/17 4:37 a.m.•67 views

Directory Traversal

Linux kernel is vulnerable to directory traversal. An attacker is able to send a malicious LIO block requests to the Linux system to overwrite data on the backing store...

8.1CVSS4.4AI score0.06563EPSS
Exploits0References21Affected Software2
Veracode
Veracode
•added 2021/01/05 6:5 a.m.•67 views

Arbitrary Code Execution

djv is vulnerable to Arbitrary Code Execution. An attacker is able to execute arbitrary Javascript code on the host OS by controlling the schema file...

9.8CVSS9.8AI score0.02996EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2020/08/11 5:29 a.m.•67 views

Cross-Site Scripting (XSS)

prismjs is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript via the easing preview of the Previewers plugin...

7.5CVSS5.7AI score0.02041EPSS
Exploits0References4Affected Software1
Veracode
Veracode
•added 2019/05/02 5:29 a.m.•67 views

Privilege Escalation

openssh is vulnerable to privilege escalation. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw, could us...

1.9CVSS6.9AI score0.00378EPSS
Exploits0References25Affected Software1
Veracode
Veracode
•added 2019/05/02 5:4 a.m.•67 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code...

7.5CVSS9.5AI score0.30128EPSS
Exploits16References8Affected Software1
Veracode
Veracode
•added 2019/05/02 4:56 a.m.•67 views

Stack-based Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

10CVSS9.8AI score0.06493EPSS
Exploits0References15Affected Software3
Veracode
Veracode
•added 2019/01/15 9:19 a.m.•67 views

Unrestricted File Upload

tomcat-catalina is vulnerable to remote code execution RCE attacks. On a Windows system with HTTP PUTs enabled a malicious user can upload a JSP file to the server which would then be executed...

8.1CVSS8.4AI score0.99607EPSS
Exploits18References21Affected Software10
Veracode
Veracode
•added 2023/09/15 1:45 p.m.•66 views

Heap Buffer Overflow

libwebp.so is vulnerable to Out Of Bounds Memory Write. The vulnerability is due to the BuildHuffmanTable function in src/dec/vp8ldec.c improperly allocating memory to the table when parsing a stream, which results in an application crash or Arbitrary Code Execution when reading a crafted webp...

8.8CVSS8.7AI score0.99735EPSS
Exploits9References50Affected Software16
Veracode
Veracode
•added 2023/01/06 8:19 a.m.•66 views

Improper Locking

openssl is vulnerable to denial of service DoS attacks. When an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems this results in a denial of service when the affected process han...

7.5CVSS7.2AI score0.0123EPSS
Exploits0References5Affected Software2
Veracode
Veracode
•added 2022/10/28 5:35 a.m.•66 views

Regular Expression Denial Of Service (ReDoS)

shescape is vulnerable to denial of service. The vulnerability is due to insecure regex in the escapeArgBash function of unix.js which allows an attacker to crash the application by providing a malicious user input...

7.5CVSS7AI score0.01246EPSS
Exploits1References4Affected Software1
Veracode
Veracode
•added 2022/03/30 6:13 a.m.•66 views

Validation Bypass

firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in decode and verify functions in JWT.php because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations...

9.1CVSS2.4AI score0.00777EPSS
Exploits1References3Affected Software1
Veracode
Veracode
•added 2021/07/27 6:48 a.m.•66 views

Regular Expression Denial Of Service (ReDoS)

glob-parent is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an incorrect regex implementation on the enclosure variable. This vulnerability is caused by an incomplete fix of CVE-2020-28469...

7.5CVSS8.5AI score0.04579EPSS
Exploits2References4Affected Software8
Veracode
Veracode
•added 2021/05/06 4:1 a.m.•66 views

Remote Code Execution (RCE)

redis is vulnerable to remote code execution. The vulnerability exists due to an integer overflow bug which could corrupt the memory heap...

8.8CVSS3.1AI score0.03628EPSS
Exploits0References8Affected Software1
Veracode
Veracode
•added 2021/04/16 2:59 a.m.•66 views

Email Spoofing

matrixsydent allows email spoofing. Sending arbitrary emails from the Sydent email address is not handled to block, allowing a malicious user to take control of the content of invitation emails...

5.7CVSS2.4AI score0.00934EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities5000