Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18368 | unknown | — | 2.5 | KEVEXP | 3y ago | Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host param… | ||
| CVE-2023-3519 | unknown | — | 2.5 | KEVEXP | 3y ago | Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. | ||
| CVE-2022-29303 | unknown | — | 2.5 | KEVEXP | 3y ago | SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. | ||
| CVE-2023-36874 | unknown | — | 2.5 | KEVEXP | 3y ago | Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2023-33246 | unknown | — | 2.5 | KEVEXP | 3y ago | Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using … | ||
| CVE-2023-36812 | unknown | — | 1.0 | EXP | 3y ago | Remote Code Execution for 2.4.1 and earlier | ||
| CVE-2019-20500 | unknown | — | 2.5 | KEVEXP | 3y ago | D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?act… | ||
| CVE-2019-17621 | unknown | — | 2.5 | KEVEXP | 3y ago | D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by send… | ||
| CVE-2023-20887 | unknown | — | 2.5 | KEVEXP | 3y ago | VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in … | ||
| CVE-2016-9079 | critical | — | 10.0 | KEVEXPFIX | arch sles debian | 3y ago | Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. | |
| CVE-2016-0165 | unknown | — | 2.5 | KEVEXP | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2023-34468 | unknown | — | 1.0 | EXP | 3y ago | Apache NiFi vulnerable to Code Injection | ||
| CVE-2023-34362 | unknown | — | 2.5 | KEVEXP | 3y ago | Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engin… | ||
| CVE-2023-28771 | unknown | — | 2.5 | KEVEXP | 3y ago | Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets t… | ||
| CVE-2023-2868 | unknown | — | 2.5 | KEVEXP | 3y ago | Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection. | ||
| CVE-2023-32315 | unknown | — | 2.5 | KEVEXP | 3y ago | Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users. | ||
| CVE-2016-6415 | unknown | — | 2.5 | KEVEXP | 3y ago | Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information… | ||
| CVE-2014-0196 | unknown | — | 2.5 | KEVEXPFIX | debian | 3y ago | Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with l… | |
| CVE-2010-3904 | unknown | — | 2.5 | KEVEXP | 3y ago | Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendm… | ||
| CVE-2023-29336 | unknown | — | 2.5 | KEVEXP | 3y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. | ||
| CVE-2023-25826 | unknown | — | 1.0 | EXP | 3y ago | Command injection in OpenTSDB | ||
| CVE-2023-21839 | unknown | — | 2.5 | KEVEXP | 3y ago | Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. | ||
| CVE-2023-1389 | unknown | — | 2.5 | KEVEXP | 3y ago | TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. | ||
| CVE-2023-27524 | unknown | — | 2.5 | KEVEXP | 3y ago | Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altere… | ||
| CVE-2023-28432 | unknown | — | 2.5 | KEVEXP | 3y ago | MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure. | ||
| CVE-2023-27350 | unknown | — | 2.5 | KEVEXP | 3y ago | PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system. | ||
| CVE-2023-28252 | unknown | — | 2.5 | KEVEXP | 3y ago | Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2021-27878 | unknown | — | 2.5 | KEVEXP | 3y ago | Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine. | ||
| CVE-2021-27877 | unknown | — | 2.5 | KEVEXP | 3y ago | Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme. | ||
| CVE-2021-27876 | unknown | — | 2.5 | KEVEXP | 3y ago | Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Ag… | ||
| CVE-2013-3163 | unknown | — | 2.5 | KEVEXP | 3y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | ||
| CVE-2023-26360 | unknown | — | 2.5 | KEVEXP | 3y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution. | ||
| CVE-2020-5741 | unknown | — | 2.5 | KEVEXP | 3y ago | Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload featur… | ||
| CVE-2022-35914 | unknown | — | 2.5 | KEVEXP | 3y ago | Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed. | ||
| CVE-2022-28810 | unknown | — | 2.5 | KEVEXP | 3y ago | Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset. | ||
| CVE-2022-47986 | unknown | — | 2.5 | KEVEXP | 3y ago | IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. | ||
| CVE-2022-46169 | unknown | — | 2.5 | KEVEXPFIX | debian sles | 3y ago | Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code. | |
| CVE-2023-0669 | unknown | — | 2.5 | KEVEXP | 3y ago | Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. | ||
| CVE-2022-24990 | unknown | — | 2.5 | KEVEXP | 3y ago | TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. | ||
| CVE-2015-2291 | unknown | — | 2.5 | KEVEXP | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | ||
| CVE-2023-22952 | unknown | — | 2.5 | KEVEXP | 3y ago | Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates. | ||
| CVE-2022-21587 | unknown | — | 2.5 | KEVEXP | 3y ago | Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. | ||
| CVE-2017-11357 | unknown | — | 2.5 | KEVEXP | 3y ago | Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution. | ||
| CVE-2022-47966 | unknown | — | 2.5 | KEVEXP | 3y ago | Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario. | ||
| CVE-2022-44877 | unknown | — | 2.5 | KEVEXP | 3y ago | CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter. | ||
| CVE-2018-5430 | unknown | — | 2.5 | KEVEXP | 4y ago | TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. | ||
| CVE-2021-35587 | unknown | — | 2.5 | KEVEXP | 4y ago | Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product. | ||
| CVE-2020-3433 | unknown | — | 2.5 | KEVEXP | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacke… | ||
| CVE-2020-3153 | unknown | — | 2.5 | KEVEXP | 4y ago | Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary … | ||
| CVE-2022-41352 | unknown | — | 2.5 | KEVEXP | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts. | ||
| CVE-2021-3493 | unknown | — | 2.5 | KEVEXPFIX | sles debian | 4y ago | The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. | |
| CVE-2022-40684 | unknown | — | 2.5 | KEVEXP | 4y ago | Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface … | ||
| CVE-2022-41082 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which … | ||
| CVE-2022-41040 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. | ||
| CVE-2022-36804 | unknown | — | 2.5 | KEVEXP | 4y ago | Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions… | ||
| CVE-2022-35405 | unknown | — | 2.5 | KEVEXP | 4y ago | Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution. | ||
| CVE-2013-6282 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory whi… | |
| CVE-2013-2094 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for pri… | |
| CVE-2010-2568 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully… | ||
| CVE-2020-9934 | unknown | — | 2.5 | KEVEXP | 4y ago | Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | ||
| CVE-2018-7445 | unknown | — | 2.5 | KEVEXP | 4y ago | In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code e… | ||
| CVE-2018-2628 | unknown | — | 2.5 | KEVEXP | 4y ago | Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server. | ||
| CVE-2018-13374 | unknown | — | 2.5 | KEVEXP | 4y ago | Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server conn… | ||
| CVE-2017-5521 | unknown | — | 2.5 | KEVEXP | 4y ago | Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. | ||
| CVE-2022-26352 | unknown | — | 2.5 | KEVEXP | 4y ago | dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage … | ||
| CVE-2022-24706 | critical | — | 10.0 | KEVEXPFIX | arch sles | 4y ago | Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. | |
| CVE-2022-24112 | unknown | — | 2.5 | KEVEXP | 4y ago | Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution. | ||
| CVE-2022-26923 | unknown | — | 2.5 | KEVEXP | 4y ago | An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalati… | ||
| CVE-2022-22536 | unknown | — | 2.5 | KEVEXP | 4y ago | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can pr… | ||
| CVE-2017-15944 | unknown | — | 2.5 | KEVEXP | 4y ago | Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained. | ||
| CVE-2022-37042 | unknown | — | 2.5 | KEVEXP | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated r… | ||
| CVE-2022-27925 | unknown | — | 2.5 | KEVEXP | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerabili… | ||
| CVE-2022-30333 | unknown | — | 2.5 | KEVEXPFIX | sles debian | 4y ago | RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. | |
| CVE-2020-0601 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by usin… | ||
| CVE-2022-33891 | unknown | — | 2.5 | KEVEXP | sles | 4y ago | Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled. | |
| CVE-2021-43116 | unknown | — | 1.0 | EXP | 4y ago | Use of Hard-coded Credentials in Nacos | ||
| CVE-2020-3837 | unknown | — | 2.5 | KEVEXP | 4y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | ||
| CVE-2019-8605 | unknown | — | 2.5 | KEVEXP | 4y ago | A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | ||
| CVE-2022-30190 | unknown | — | 2.5 | KEVEXP | 4y ago | A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code … | ||
| CVE-2016-2388 | unknown | — | 2.5 | KEVEXP | 4y ago | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. | ||
| CVE-2016-2386 | unknown | — | 2.5 | KEVEXP | 4y ago | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2019-7195 | unknown | — | 2.5 | KEVEXP | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | ||
| CVE-2019-7194 | unknown | — | 2.5 | KEVEXP | 4y ago | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | ||
| CVE-2019-7192 | unknown | — | 2.5 | KEVEXP | 4y ago | QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. | ||
| CVE-2019-5825 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect m… | |
| CVE-2018-6065 | unknown | — | 2.5 | KEVEXP | 4y ago | Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect mult… | ||
| CVE-2018-17463 | critical | — | 10.0 | KEVEXPFIX | arch | 4y ago | Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web br… | |
| CVE-2012-4969 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site. | ||
| CVE-2012-1889 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. | ||
| CVE-2012-0754 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | ||
| CVE-2011-2462 | unknown | — | 2.5 | KEVEXP | 4y ago | The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS). | ||
| CVE-2011-0609 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | ||
| CVE-2010-2883 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | ||
| CVE-2010-1297 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | ||
| CVE-2009-4324 | unknown | — | 2.5 | KEVEXP | 4y ago | Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. | ||
| CVE-2009-3953 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. | ||
| CVE-2007-5659 | unknown | — | 2.5 | KEVEXP | 4y ago | Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods. | ||
| CVE-2022-26134 | unknown | — | 2.5 | KEVEXP | 4y ago | Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. | ||
| CVE-2019-3010 | unknown | — | 2.5 | KEVEXP | 4y ago | Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2016-0984 | unknown | — | 2.5 | KEVEXP | 4y ago | Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. |