Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•28 views

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone...

7.1CVSS7.3AI score0.0229EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•23 views

Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.2AI score0.01274EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•15 views

(0Day) Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class. The issue results from an exposed...

7.5CVSS6.9AI score0.01283EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•29 views

Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

3.3CVSS6.3AI score0.0041EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•19 views

(0Day) Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validati...

9.8CVSS7.8AI score0.01483EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/12/20 12:0 a.m.•44 views

Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nftablesexprdestroy...

8.8CVSS7.5AI score0.02881EPSS
Exploits6References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•27 views

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists withi...

8.3CVSS7.3AI score0.00757EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•39 views

TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper...

6.8CVSS7.5AI score0.00537EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•24 views

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the saveConfig...

7.8CVSS7.6AI score0.00695EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•25 views

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default...

6.5CVSS6.2AI score0.1745EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•27 views

Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...

7.8CVSS7.5AI score0.00211EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•23 views

Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration o...

7.8CVSS7.7AI score0.0046EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•19 views

Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration o...

7.8CVSS7.7AI score0.0046EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•34 views

X.Org Server Damage Object Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Damage...

7.4CVSS7.5AI score0.00536EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•29 views

X.Org Server Window Object Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Window...

7.4CVSS7.5AI score0.00715EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/19 12:0 a.m.•21 views

Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...

7.8CVSS7.5AI score0.00686EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•21 views

Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product...

7.8CVSS7.3AI score0.00605EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•25 views

Schneider Electric EcoStruxure Power Monitoring Expert GetFilteredSinkProvider Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Monitoring Expert. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetFilteredSinkProvider method. The issue...

9.8CVSS7.5AI score0.00844EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•16 views

PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-pdl-to-image...

7CVSS7.3AI score0.0036EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•25 views

Schneider Electric C-Bus Toolkit FileCommand Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileCommand command. The issue results from the lack of proper...

9.8CVSS7.4AI score0.38524EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•33 views

Microsoft Windows win32kfull UMPDDrvCopyBits Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS6.9AI score0.01229EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•20 views

Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

5.3CVSS6.6AI score0.00238EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•36 views

Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.9AI score0.00365EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/15 12:0 a.m.•17 views

Schneider Electric C-Bus Toolkit TransferCommand Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TransferCommand command. The issue results from an exposed dangerou...

9.8CVSS7.5AI score0.00667EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•10 views

Microsoft Word SKP File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

3.3CVSS6.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•21 views

Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00424EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•22 views

Adobe After Effects AEP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.9AI score0.00338EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•17 views

Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00367EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•22 views

Microsoft Excel SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.4AI score0.00841EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•19 views

Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.1AI score0.00841EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•16 views

Microsoft Excel SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.1AI score0.00841EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•15 views

Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SK...

7.8CVSS7.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•12 views

Microsoft Word SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•20 views

Adobe Illustrator JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J...

7.8CVSS7.1AI score0.00421EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•21 views

Adobe Illustrator JP2 File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J...

7.8CVSS7.2AI score0.00462EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•24 views

Adobe After Effects AEP File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7AI score0.00353EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•33 views

Adobe Prelude MP4 File Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Prelude. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

3.3CVSS6.4AI score0.00367EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•16 views

Microsoft Excel SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.2AI score0.00841EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•18 views

Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6AI score0.00367EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•21 views

Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.1AI score0.00841EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•14 views

Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00424EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/14 12:0 a.m.•20 views

Adobe After Effects AEP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS6AI score0.00377EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•20 views

(0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability

This vulnerability allows remote attackers to bypass policy restictions on affected versions of OpenAI ChatGPT. Authentication is required to exploit this vulnerability. The specific flaw exists within the interface to the ChatGPT-Vision Data model. The issue results from the lack of proper...

6.5CVSS6.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•18 views

Microsoft Skype Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

8.8CVSS7.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•8 views

Microsoft Word SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•29 views

(0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.5AI score0.00246EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•19 views

Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Isolated Webview...

7.1CVSS7.1AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•20 views

Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.1AI score0.00816EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/12/13 12:0 a.m.•11 views

Microsoft Office Visio EMF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

7.8CVSS7.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/12/12 12:0 a.m.•19 views

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.5AI score0.00239EPSS
Exploits0References1
Total number of security vulnerabilities16763