Search
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6504 | unknown | — | 1.0 | EXP | 4y ago | Improper Input Validation in OpenSymphony XWork | ||
| CVE-2022-30525 | unknown | — | 2.5 | KEVEXP | 4y ago | A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | ||
| CVE-2015-1427 | unknown | — | 2.5 | KEVEXP | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | ||
| CVE-2016-4437 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been confi… | |
| CVE-2008-5518 | unknown | — | 1.0 | EXP | 4y ago | Apache Geronimo Application Server multiple directory traversal vulnerabilities | ||
| CVE-2008-5619 | unknown | — | 1.0 | EXPFIX | debian | 4y ago | html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attack… | |
| CVE-2016-7201 | unknown | — | 2.5 | KEVEXP | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | ||
| CVE-2016-7200 | unknown | — | 2.5 | KEVEXP | 4y ago | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | ||
| CVE-2018-1306 | unknown | — | 1.0 | EXP | 4y ago | Exposure of Sensitive Information in Apache Pluto | ||
| CVE-2018-8718 | unknown | — | 1.0 | EXP | 4y ago | Cross-Site Request Forgery in Jenkins Mailer Plugin | ||
| CVE-2016-3088 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request | |
| CVE-2017-12617 | unknown | — | 2.5 | KEVEXP | sles | 4y ago | When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the serv… | |
| CVE-2018-15133 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl… | |
| CVE-2018-10054 | unknown | — | 1.0 | EXP | sles | 4y ago | Improper Input Validation in Datomic | |
| CVE-2017-9791 | unknown | — | 2.5 | KEVEXP | 4y ago | The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. | ||
| CVE-2018-8298 | unknown | — | 2.5 | KEVEXP | 4y ago | The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. | ||
| CVE-2019-1003002 | unknown | — | 1.0 | EXP | 4y ago | Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability | ||
| CVE-2019-1003001 | unknown | — | 1.0 | EXP | 4y ago | Jenkins Groovy Plugin sandbox bypass vulnerability | ||
| CVE-2019-1003000 | unknown | — | 1.0 | EXP | 4y ago | Protection Mechanism Failure in Jenkins Script Security Plugin | ||
| CVE-2019-1003030 | unknown | — | 2.5 | KEVEXP | 4y ago | Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. | ||
| CVE-2013-2251 | unknown | — | 2.5 | KEVEXP | 4y ago | Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. | ||
| CVE-2019-6804 | unknown | — | 1.0 | EXP | 4y ago | Rundeck Community Edition vulnerable to Cross-site Scripting | ||
| CVE-2017-8046 | unknown | — | 1.0 | EXP | 4y ago | Remote code execution in PATCH requests in Spring Data REST | ||
| CVE-2017-1000353 | unknown | — | 2.5 | KEVEXP | 4y ago | Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would… | ||
| CVE-2018-1000861 | unknown | — | 2.5 | KEVEXP | 4y ago | A code execution vulnerability exists in the Stapler web framework used by Jenkins | ||
| CVE-2019-1003029 | unknown | — | 2.5 | KEVEXP | 4y ago | Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. | ||
| CVE-2019-1003005 | unknown | — | 1.0 | EXP | 4y ago | Sandbox Bypass in Script Security Plugin | ||
| CVE-2022-29885 | unknown | — | 1.0 | EXPFIX | sles debian | 4y ago | The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to r… | |
| CVE-2022-1388 | unknown | — | 2.5 | KEVEXP | 4y ago | F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. | ||
| CVE-2012-0391 | unknown | — | 2.5 | KEVEXP | 4y ago | The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. | ||
| CVE-2019-8506 | low | — | 5.0 | KEVEXPFIX | rocky debian rhel | 4y ago | A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | |
| CVE-2014-4113 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2014-0322 | unknown | — | 2.5 | KEVEXP | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. | ||
| CVE-2014-0160 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. | |
| CVE-2009-1595 | unknown | — | 1.0 | EXP | 4y ago | Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts | ||
| CVE-2009-1523 | unknown | — | 1.0 | EXP | 4y ago | Directory traversal in Mort Bay Jetty | ||
| CVE-2009-0580 | unknown | — | 1.0 | EXP | 4y ago | Exposure of Sensitive Information in Apache Tomcat | ||
| CVE-2009-0039 | unknown | — | 1.0 | EXP | 4y ago | Apache Geronimo Application Server CSRF vulnerabilities | ||
| CVE-2009-0038 | unknown | — | 1.0 | EXP | 4y ago | Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities | ||
| CVE-2009-0026 | unknown | — | 1.0 | EXP | 4y ago | Apache Jackrabbit contains Cross-site Scripting | ||
| CVE-2008-2938 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Directory Traversal vulnerability | ||
| CVE-2008-2370 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Path Traversal Vulnerability | ||
| CVE-2008-1510 | unknown | — | 1.0 | EXP | 4y ago | Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter | ||
| CVE-2008-1301 | unknown | — | 1.0 | EXP | 4y ago | Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter | ||
| CVE-2008-1300 | unknown | — | 1.0 | EXP | 4y ago | Alkacon Open CMS XSS via Logfile Viewer Settings function | ||
| CVE-2008-1232 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Cross-site scripting (XSS) vulnerability | ||
| CVE-2008-1045 | unknown | — | 1.0 | EXP | 4y ago | Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp | ||
| CVE-2007-5461 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Path Traversal Vulnerability | ||
| CVE-2007-5333 | unknown | — | 1.0 | EXP | 4y ago | Exposure of Sensitive Information in Apache Tomcat | ||
| CVE-2007-3382 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat treats single quotes as delimiters in cookies | ||
| CVE-2007-2449 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat XSS Vulnerabilities in Examples Web Application | ||
| CVE-2007-2353 | unknown | — | 1.0 | EXP | debian | 4y ago | Apache Axis allows Exposure of Sensitive Information to an Unauthorized Actor | |
| CVE-2007-1355 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Vulnerable to Cross-Site Scripting | ||
| CVE-2007-0450 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Directory Traversal | ||
| CVE-2006-7196 | unknown | — | 1.0 | EXP | 4y ago | Cross-site scripting in Apache Tomcat | ||
| CVE-2006-3835 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Reveals Directories | ||
| CVE-2006-2758 | unknown | — | 1.0 | EXP | sles | 4y ago | Jetty Directory Traversal Vulnerability | |
| CVE-2006-0254 | unknown | — | 1.0 | EXP | 4y ago | Apache Geronimo console 1.0 vulnerable to cross-site scripting | ||
| CVE-2005-4703 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Discloses MS-DOS Pathname | ||
| CVE-2005-3747 | unknown | — | 1.0 | EXP | sles | 4y ago | Mortbay Jetty Discloses JSP Source Code | |
| CVE-2005-3745 | unknown | — | 1.0 | EXP | 4y ago | Apache Struts Cross-site scripting Vulnerability | ||
| CVE-2002-2272 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat DoS via Malicious Get Request | ||
| CVE-2002-2006 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Default Installation Reveals Sensitive Information | ||
| CVE-2002-1567 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat XSS Vulnerability | ||
| CVE-2002-1533 | unknown | — | 1.0 | EXP | 4y ago | Jetty Javascript Inclusion Vulnerability | ||
| CVE-2002-1148 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Source Code Disclosure | ||
| CVE-2001-0590 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Allows Source Disclosure | ||
| CVE-2000-0759 | unknown | — | 1.0 | EXP | 4y ago | Jakarta Apache Tomcat Reveals Physical Paths | ||
| CVE-2003-0866 | unknown | — | 1.0 | EXP | 4y ago | Apache Tomcat Denial of Service vulnerability in the Catalina package | ||
| CVE-2003-0042 | unknown | — | 1.0 | EXP | 4y ago | Jakarta Tomcat Directory Listing vulnerability | ||
| CVE-2022-29464 | unknown | — | 2.5 | KEVEXP | 4y ago | Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution. | ||
| CVE-2022-26904 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | ||
| CVE-2012-1592 | unknown | — | 1.0 | EXP | 4y ago | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | ||
| CVE-2011-3923 | unknown | — | 1.0 | EXP | 4y ago | Struts ParameterInterceptor vulnerability allows remote command execution | ||
| CVE-2022-22960 | unknown | — | 2.5 | KEVEXP | 4y ago | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | ||
| CVE-2019-3929 | unknown | — | 2.5 | KEVEXP | 4y ago | Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system comma… | ||
| CVE-2018-7841 | unknown | — | 2.5 | KEVEXP | 4y ago | A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered. | ||
| CVE-2014-0780 | unknown | — | 2.5 | KEVEXP | 4y ago | InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. | ||
| CVE-2007-3010 | unknown | — | 2.5 | KEVEXP | 4y ago | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands. | ||
| CVE-2022-22954 | unknown | — | 2.5 | KEVEXP | 4y ago | VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. | ||
| CVE-2015-5122 | unknown | — | 2.5 | KEVEXP | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | ||
| CVE-2015-3113 | unknown | — | 2.5 | KEVEXP | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | ||
| CVE-2015-0313 | unknown | — | 2.5 | KEVEXP | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | ||
| CVE-2015-0311 | unknown | — | 2.5 | KEVEXP | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | ||
| CVE-2017-11317 | unknown | — | 2.5 | KEVEXP | 4y ago | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | ||
| CVE-2021-31166 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution. | ||
| CVE-2017-0148 | unknown | — | 2.5 | KEVEXP | 4y ago | The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. | ||
| CVE-2022-22963 | unknown | — | 2.5 | KEVEXP | 4y ago | When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code executio… | ||
| CVE-2022-22965 | unknown | — | 2.5 | KEVEXP | debian | 4y ago | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | |
| CVE-2022-1040 | unknown | — | 2.5 | KEVEXP | 4y ago | An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. | ||
| CVE-2021-21551 | unknown | — | 2.5 | KEVEXP | 4y ago | Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure. | ||
| CVE-2018-10562 | unknown | — | 2.5 | KEVEXP | 4y ago | Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution. | ||
| CVE-2018-10561 | unknown | — | 2.5 | KEVEXP | 4y ago | Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution. | ||
| CVE-2022-0543 | unknown | — | 2.5 | KEVEXPFIX | debian | 4y ago | Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | |
| CVE-2021-26085 | unknown | — | 2.5 | KEVEXP | 4y ago | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. | ||
| CVE-2018-8440 | unknown | — | 2.5 | KEVEXP | 4y ago | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). | ||
| CVE-2017-0213 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. | ||
| CVE-2017-0059 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. | ||
| CVE-2017-0037 | unknown | — | 2.5 | KEVEXP | 4y ago | Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. | ||
| CVE-2016-0189 | unknown | — | 2.5 | KEVEXP | 4y ago | The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web s… |