Lucene search
K
VulnrichmentMost viewed

160114 matches found

Vulnrichment
Vulnrichment
added 2024/04/02 7:1 a.m.574 views

CVE-2024-26678 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

6.8AI score0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/09 7:55 p.m.432 views

CVE-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

6.7AI score0.01158EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/10 9:3 a.m.389 views

CVE-2024-36971 net: fix __dst_negative_advice() race

In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...

6.8AI score0.02701EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/08/14 11:57 a.m.382 views

CVE-2024-39397 Adobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file whic...

9CVSS9.3AI score0.01096EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/28 8:57 p.m.379 views

CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

5.9CVSS6.5AI score0.00605EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/08 5:57 p.m.374 views

CVE-2024-6409 Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

7CVSS7.8AI score0.27935EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/05/10 3:21 p.m.358 views

CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

9.6CVSS7.9AI score0.00963EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/06/27 6:0 a.m.345 views

CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing...

6.7AI score0.00449EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/11 4:59 p.m.305 views

CVE-2024-30078 Windows Wi-Fi Driver Remote Code Execution Vulnerability

...

8.8CVSS6.9AI score0.05158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 6:14 p.m.286 views

CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences

Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...

6.8AI score0.02456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/05 8:44 p.m.282 views

CVE-2024-0202 Cryptlib: rsa key exchange ciphersuites in tls vulnerable to marvin attack

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

5.9CVSS6.2AI score0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/19 9:33 a.m.280 views

CVE-2022-24400 DCK pinning attack in TETRA

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero...

7.5CVSS6.8AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/25 4:45 p.m.279 views

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.4AI score0.00516EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/10/19 9:32 a.m.272 views

CVE-2022-24402 Intentionally weakened effective strength in TETRA TEA1

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks...

8.8CVSS6.9AI score0.00552EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/19 2:57 p.m.260 views

CVE-2024-34444 WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0...

7.1CVSS6.9AI score0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/07 7:5 p.m.259 views

CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

6.4CVSS6.7AI score0.00205EPSS
Exploits0References26
Vulnrichment
Vulnrichment
added 2023/08/29 8:48 a.m.252 views

CVE-2023-23771

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

8.4CVSS7.1AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/11 4:14 p.m.211 views

CVE-2024-39538 Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon evo-pfemand of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS.When multicast traffic with a specific, valid S,G is received,...

7.1CVSS6.8AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/07 4:3 p.m.203 views

CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

6.4AI score0.01302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/19 9:35 a.m.199 views

CVE-2022-26941 Format string vulnerability in AT+CTGL command in Motorola MTM5000

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the tedsapp...

9.6CVSS7.8AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/22 10:2 a.m.192 views

CVE-2024-35656 WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Elementor Elementor Pro allows Reflected XSS.This issue affects Elementor Pro: from n/a through 3.21.2...

7.1CVSS7AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 4:31 p.m.191 views

CVE-2024-36991 Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows...

7.5CVSS6.8AI score0.1311EPSS
Exploits10References2
Vulnrichment
Vulnrichment
added 2024/02/15 1:39 p.m.184 views

CVE-2024-20720 Command injection in data collector backup due to insufficient patching of CVE-2023-38208

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user...

9.1CVSS7.7AI score0.03687EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/09 10:16 a.m.177 views

CVE-2024-22116 Remote code execution within ping script

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure...

9.9CVSS7.9AI score0.01603EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/29 4:30 p.m.173 views

CVE-2024-30454 WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2...

4.3CVSS4.7AI score0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/23 6:19 a.m.172 views

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7...

7AI score0.15694EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/13 5:29 p.m.172 views

CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability

...

9.8CVSS9.5AI score0.70564EPSS
Exploits24References1
Vulnrichment
Vulnrichment
added 2023/04/11 7:13 p.m.168 views

CVE-2023-21554 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

9.8CVSS6.8AI score0.95454EPSS
Exploits7References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:1 p.m.152 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/10/19 9:35 a.m.148 views

CVE-2022-26942 Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment TEE modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure superviso...

8.2CVSS8.5AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/01 6:15 p.m.144 views

CVE-2024-38476 Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

6.4AI score0.41611EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/10 6:31 p.m.144 views

CVE-2024-6649 SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users cross-site request forgery

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function saveusers of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched...

6.9CVSS6.8AI score0.00347EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/10/21 12:0 a.m.142 views

CVE-2023-38194

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter...

5.8AI score0.0114EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/07/09 10:38 a.m.139 views

CVE-2024-37437 WordPress Elementor Website Builder plugin <= 3.22.1 - Arbitrary SVG File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting XSS, Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1...

5.5CVSS6.2AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/14 9:29 a.m.137 views

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device...

9.8CVSS8.1AI score0.01031EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/07/01 12:37 p.m.136 views

CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

8.1CVSS8.3AI score0.99506EPSS
Exploits68References12
Vulnrichment
Vulnrichment
added 2024/04/04 7:21 p.m.136 views

CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7AI score0.91327EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2023/09/14 2:48 p.m.136 views

CVE-2023-1108 Undertow: infinite loop in sslconduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

7.5CVSS6.9AI score0.01771EPSS
Exploits0References18
Vulnrichment
Vulnrichment
added 2024/06/14 2:57 a.m.133 views

CVE-2024-3080 ASUS Router - Improper Authentication

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device...

9.8CVSS7.4AI score0.43456EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/09 4:5 a.m.131 views

CVE-2025-0306 Ruby: openssl: ruby marvin attack

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

7.4CVSS7AI score0.00626EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/06 10:7 p.m.131 views

CVE-2024-2236 Libgcrypt: vulnerable to marvin attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS6.7AI score0.01114EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/20 2:3 a.m.130 views

CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

10CVSS7.7AI score0.74427EPSS
Exploits11References8
Vulnrichment
Vulnrichment
added 2024/11/12 5:54 p.m.124 views

CVE-2024-43639 Windows KDC Proxy Remote Code Execution Vulnerability

...

9.8CVSS9.5AI score0.08749EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 4:53 p.m.120 views

CVE-2024-37341 Microsoft SQL Server Elevation of Privilege Vulnerability

...

8.8CVSS8.8AI score0.01456EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 9:4 a.m.118 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS7.4AI score0.99994EPSS
Exploits26References2
Vulnrichment
Vulnrichment
added 2023/10/19 9:34 a.m.118 views

CVE-2022-26943 Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited...

8.8CVSS8.8AI score0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 5:3 p.m.117 views

CVE-2024-38094 Microsoft SharePoint Remote Code Execution Vulnerability

...

7.2CVSS7.2AI score0.49979EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/18 5:0 p.m.116 views

CVE-2024-21685

This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosur...

7.4CVSS6.4AI score0.00439EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/27 12:35 p.m.114 views

CVE-2024-46818 drm/amd/display: Check gpio_id before used as array index

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpioid before used as array index WHY & HOW GPIOIDUNKNOWN -1 is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity...

6.9AI score0.00269EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/01/22 5:0 a.m.113 views

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

7.5CVSS7.1AI score0.0096EPSS
Exploits1References7
Total number of security vulnerabilities5000