| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-8599 | Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow ... | KEV S | |
| CVE-2020-2021 | PAN-OS: Authentication Bypass in SAML Authentication | KEV S | |
| CVE-2021-33044 | The identity authentication bypass vulnerability found in some Dahua products during the login proce... | KEV E | |
| CVE-2023-22518 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Th... | KEV E M | |
| CVE-2020-0796 | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.... | KEV E S | |
| CVE-2017-5638 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has in... | KEV E S | |
| CVE-2019-11510 | In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9... | KEV E S | |
| CVE-2018-0151 | A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Sof... | KEV M | |
| CVE-2017-6316 | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary... | KEV E | |
| CVE-2015-5119 | Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Ad... | KEV E S | |
| CVE-2020-3161 | Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability | KEV E | |
| CVE-2020-1350 | A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to... | KEV S | |
| CVE-2022-22947 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code ... | KEV E S | |
| CVE-2023-20198 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI ... | KEV M | |
| CVE-2020-5847 | Unraid through 6.8.0 allows Remote Code Execution.... | KEV E | |
| CVE-2013-2729 | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 1... | KEV S | |
| CVE-2016-1555 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardD... | KEV E S | |
| CVE-2016-10174 | The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoki... | KEV E | |
| CVE-2018-1000861 | A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier... | KEV | |
| CVE-2024-50603 | An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the... | KEV E | |
| CVE-2021-27561 | Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall... | KEV | |
| CVE-2021-35395 | Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management int... | KEV E S | |
| CVE-2014-0502 | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before... | KEV E S | |
| CVE-2023-49103 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The... | KEV | |
| CVE-2020-0646 | A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate inp... | KEV E S | |
| CVE-2024-3400 | PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect | KEV E S | |
| CVE-2025-34028 | Commvault Command Center Innovation Release Unathenticated Install Package Path Traversal | KEV E | |
| CVE-2022-26501 | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).... | KEV | |
| CVE-2019-16057 | The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injectio... | KEV E | |
| CVE-2013-3346 | Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attacke... | KEV | |
| CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchange... | KEV E | |
| CVE-2009-3953 | The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac... | KEV S | |
| CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password in GitLab | KEV E S | |
| CVE-2018-5002 | Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability.... | KEV S | |
| CVE-2014-0497 | Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.... | KEV E S | |
| CVE-2020-5722 | The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL ... | KEV E | |
| CVE-2014-9163 | Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.... | KEV | |
| CVE-2022-24706 | Remote Code Execution Vulnerability in Packaging | KEV E S | |
| CVE-2014-1776 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to ... | KEV E S | |
| CVE-2022-20699 | Cisco Small Business RV Series Routers Vulnerabilities | KEV E | |
| CVE-2019-3929 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P f... | KEV E | |
| CVE-2024-3272 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials | KEV E | |
| CVE-2017-5689 | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKU... | KEV E S | |
| CVE-2020-25213 | The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload... | KEV E S | |
| CVE-2014-0546 | Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to b... | KEV S | |
| CVE-2018-7445 | A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session req... | KEV E | |
| CVE-2017-18368 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline ... | KEV E | |
| CVE-2022-29464 | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attac... | KEV E | |
| CVE-2022-29499 | The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code executi... | KEV | |
| CVE-2020-12271 | A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Fi... | KEV E | |
| CVE-2021-42237 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserializa... | KEV E | |
| CVE-2022-24816 | Improper Control of Generation of Code in jai-ext | KEV S | |
| CVE-2007-3010 | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 an... | KEV E | |
| CVE-2021-22502 | Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affectin... | KEV E | |
| CVE-2022-20701 | Cisco Small Business RV Series Routers Vulnerabilities | KEV | |
| CVE-2018-14933 | upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters ... | KEV E | |
| CVE-2021-31755 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer ... | KEV E | |
| CVE-2015-5123 | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in A... | KEV | |
| CVE-2018-15961 | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and... | KEV E | |
| CVE-2018-0171 | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could a... | KEV | |
| CVE-2022-23227 | NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, wh... | KEV E | |
| CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5... | KEV E | |
| CVE-2021-41277 | GeoJSON URL validation can expose server files and environment variables to unauthorized users | KEV S | |
| CVE-2021-28799 | Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync) | KEV S | |
| CVE-2016-4171 | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to ex... | KEV | |
| CVE-2017-3066 | Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Updat... | KEV E S | |
| CVE-2021-33045 | The identity authentication bypass vulnerability found in some Dahua products during the login proce... | KEV E | |
| CVE-2021-44228 | Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints | KEV E S | |
| CVE-2024-51378 | getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allow... | KEV E S | |
| CVE-2021-35394 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is... | KEV E S | |
| CVE-2015-1635 | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows... | KEV E S | |
| CVE-2015-2051 | The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote att... | KEV E | |
| CVE-2021-27104 | Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to... | KEV | |
| CVE-2018-0147 | A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to re... | KEV | |
| CVE-2024-1212 | LoadMaster Pre-Authenticated OS Command Injection | KEV | |
| CVE-2021-22986 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | KEV E | |
| CVE-2020-6207 | SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check... | KEV E | |
| CVE-2024-1709 | Authentication bypass using an alternate path or channel | KEV E S | |
| CVE-2014-0496 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 ... | KEV | |
| CVE-2023-35082 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to ... | KEV | |
| CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows ... | KEV E S | |
| CVE-2020-10189 | Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserializ... | KEV E | |
| CVE-2015-5122 | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation i... | KEV E | |
| CVE-2020-9054 | ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi | KEV E S | |
| CVE-2012-0507 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV E | |
| CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due t... | KEV E | |
| CVE-2019-15107 | An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a comma... | KEV E | |
| CVE-2017-3881 | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisc... | KEV E | |
| CVE-2021-30116 | Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6 | KEV E S | |
| CVE-2017-7269 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information S... | KEV E S | |
| CVE-2019-16920 | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652,... | KEV E | |
| CVE-2014-6271 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm... | KEV E S | |
| CVE-2018-6530 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_... | KEV E | |
| CVE-2020-14871 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication m... | KEV E S | |
| CVE-2012-4681 | Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update ... | KEV E | |
| CVE-2015-0311 | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through ... | KEV S | |
| CVE-2012-5076 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV S | |
| CVE-2020-6287 | SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform... | KEV | |
| CVE-2014-8439 | Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and bef... | KEV | |
| CVE-2023-40044 | WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability | KEV E | |
| CVE-2017-6077 | ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated user... | KEV E | |
| CVE-2019-7256 | Linear eMerge E3-Series devices allow Command Injections.... | KEV E | |
| CVE-2021-36380 | Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharact... | KEV E | |
| CVE-2022-27593 | DeadBolt Ransomware | KEV S | |
| CVE-2016-3714 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in I... | KEV E S | |
| CVE-2016-3427 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki... | KEV S | |
| CVE-2022-20703 | Cisco Small Business RV Series Routers Vulnerabilities | KEV | |
| CVE-2020-29557 | An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overf... | KEV E | |
| CVE-2013-0632 | administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass au... | KEV E M | |
| CVE-2022-22536 | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Con... | KEV | |
| CVE-2024-45519 | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 4... | KEV E | |
| CVE-2018-15982 | Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulne... | KEV E S | |
| CVE-2022-0543 | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone t... | KEV E S | |
| CVE-2021-21985 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input valid... | KEV E | |
| CVE-2014-7169 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definiti... | KEV E S | |
| CVE-2017-8543 | Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1,... | KEV S | |
| CVE-2010-5326 | The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does no... | KEV | |
| CVE-2020-8515 | DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.... | KEV E | |
| CVE-2021-1497 | Cisco HyperFlex HX Command Injection Vulnerabilities | KEV E | |
| CVE-2021-44515 | Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code exe... | KEV E S | |
| CVE-2015-7450 | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastruct... | KEV E | |
| CVE-2018-11138 | The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.... | KEV E | |
| CVE-2023-35078 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted... | KEV E | |
| CVE-2023-22527 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an ... | KEV E | |
| CVE-2021-22893 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability ... | KEV | |
| CVE-2018-0125 | A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wire... | KEV | |
| CVE-2019-7609 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion vis... | KEV E | |
| CVE-2013-0422 | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra... | KEV | |
| CVE-2019-11708 | Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent ... | KEV | |
| CVE-2019-0708 | A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal S... | KEV E S | |
| CVE-2016-1019 | Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (appl... | KEV S | |
| CVE-2016-4117 | Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unsp... | KEV E | |
| CVE-2019-3396 | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version f... | KEV E S | |
| CVE-2021-22205 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was n... | KEV E | |
| CVE-2019-7193 | This improper input validation vulnerability allows remote attackers to inject arbitrary code to the... | KEV E | |
| CVE-2023-22515 | Atlassian has been made aware of an issue reported by a handful of customers where external attacker... | KEV E | |
| CVE-2014-8361 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a craf... | KEV E | |
| CVE-2019-10149 | A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address... | KEV E S | |
| CVE-2022-29303 | SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail... | KEV E | |
| CVE-2024-51567 | upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remot... | KEV E S | |
| CVE-2022-24086 | Adobe Commerce checkout improper input validation leads to remote code execution | KEV S | |
| CVE-2022-22587 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | KEV | |
| CVE-2015-1187 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary co... | KEV E M | |
| CVE-2021-22941 | Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an una... | KEV | |
| CVE-2011-3544 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 ... | KEV S | |
| CVE-2021-35464 | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession para... | KEV E | |
| CVE-2021-35211 | Serv-U Remote Memory Escape Vulnerability | KEV S | |
| CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2023-46604 | Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | KEV E | |
| CVE-2013-4810 | HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Ap... | KEV E | |
| CVE-2017-7494 | Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution... | KEV E S | |
| CVE-2022-20708 | Cisco Small Business RV Series Routers Vulnerabilities | KEV | |
| CVE-2025-31324 | Missing Authorization check in SAP NetWeaver (Visual Composer development server) | KEV | |
| CVE-2021-21972 | The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin... | KEV E | |
| CVE-2015-2590 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33... | KEV S | |
| CVE-2018-4939 | Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an... | KEV | |
| CVE-2020-5902 | In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11... | KEV E | |
| CVE-2018-14558 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices... | KEV E | |
| CVE-2021-45382 | A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, D... | KEV E | |
| CVE-2019-17621 | The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an... | KEV E S | |
| CVE-2020-3992 | OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG,... | KEV S | |
| CVE-2017-12240 | The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnera... | KEV | |
| CVE-2011-2462 | Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Win... | KEV | |
| CVE-2020-25223 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.... | KEV E | |
| CVE-2020-10987 | The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to... | KEV E | |
| CVE-2015-0310 | Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and... | KEV S | |
| CVE-2015-3043 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | KEV E S | |
| CVE-2015-0313 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16... | KEV E S | |
| CVE-2011-1889 | The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TM... | KEV S | |
| CVE-2022-20700 | Cisco Small Business RV Series Routers Vulnerabilities | KEV | |
| CVE-2014-6287 | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer... | KEV E | |
| CVE-2015-3113 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0... | KEV S | |
| CVE-2013-2465 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV S | |
| CVE-2012-1723 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update... | KEV | |
| CVE-2019-4716 | IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an... | KEV E S | |
| CVE-2020-14882 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | KEV E | |
| CVE-2019-1003029 | A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main... | KEV | |
| CVE-2024-9463 | Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure | KEV S | |
| CVE-2018-18809 | TIBCO JasperReports Library Directory Traversal Vulnerability | KEV E S | |
| CVE-2021-38163 | SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an at... | KEV | |
| CVE-2019-10758 | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBS... | KEV E | |
| CVE-2019-1003030 | A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml... | KEV E | |
| CVE-2024-57968 | Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended... | KEV E | |
| CVE-2019-12989 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.... | KEV E | |
| CVE-2021-40870 | An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a fi... | KEV E | |
| CVE-2020-14644 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S... | KEV | |
| CVE-2023-3519 | Unauthenticated remote code execution... | KEV E | |
| CVE-2024-38856 | Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code | KEV S | |
| CVE-2022-35405 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthe... | KEV E S | |
| CVE-2019-5544 | OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evalu... | KEV S | |
| CVE-2024-21762 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 t... | KEV S | |
| CVE-2020-17496 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax... | KEV E S | |
| CVE-2020-16846 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API... | KEV E | |
| CVE-2008-0655 | Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact an... | KEV E S | |
| CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | KEV E | |
| CVE-2021-39226 | Snapshot authentication bypass in grafana | KEV E S | |
| CVE-2017-18362 | ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated r... | KEV E | |
| CVE-2019-11634 | Citrix Workspace App before 1904 for Windows has Incorrect Access Control.... | KEV | |
| CVE-2018-7841 | A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could... | KEV E | |
| CVE-2019-9874 | Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Siteco... | KEV E S | |
| CVE-2023-25280 | OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privile... | KEV E | |
| CVE-2013-0625 | Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers t... | KEV | |
| CVE-2023-48788 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | KEV S | |
| CVE-2019-18935 | Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerabili... | KEV E S | |
| CVE-2021-42013 | Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | KEV E S | |
| CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | KEV S | |
| CVE-2020-8644 | PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.... | KEV E | |
| CVE-2023-29492 | Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the ... | KEV | |
| CVE-2023-34362 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5... | KEV E | |
| CVE-2024-40766 | An improper access control vulnerability has been identified in the SonicWall SonicOS management acc... | KEV | |
| CVE-2019-3568 | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially c... | KEV | |
| CVE-2020-7961 | Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to... | KEV E | |
| CVE-2020-2509 | Command Injection Vulnerability in QTS and QuTS hero | KEV S | |
| CVE-2024-23113 | A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0... | KEV S | |
| CVE-2021-36260 | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficie... | KEV E | |
| CVE-2021-44529 | A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenti... | KEV E S | |
| CVE-2021-26084 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th... | KEV E S | |
| CVE-2018-10561 | An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply b... | KEV E | |
| CVE-2022-26318 | On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FB... | KEV | |
| CVE-2022-22963 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing fu... | KEV E S | |
| CVE-2024-50623 | In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an ... | KEV | |
| CVE-2020-4427 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to ... | KEV S | |
| CVE-2024-11120 | GeoVision EOL devices - OS Command Injection | KEV E S | |
| CVE-2016-20017 | D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cg... | KEV E S | |
| CVE-2023-38203 | Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE | KEV S | |
| CVE-2023-33246 | Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function | KEV E | |
| CVE-2018-14667 | The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via th... | KEV | |
| CVE-2025-31161 | CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crus... | KEV E M | |
| CVE-2023-42793 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was p... | KEV E | |
| CVE-2012-1823 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (ak... | KEV E S | |
| CVE-2023-34048 | VMware vCenter Server Out-of-Bounds Write Vulnerability | KEV E | |
| CVE-2023-43208 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code e... | KEV E | |
| CVE-2024-21410 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-47246 | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an... | KEV E | |
| CVE-2018-6789 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sendi... | KEV E S | |
| CVE-2024-13160 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 Janu... | KEV E | |
| CVE-2024-27198 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was p... | KEV | |
| CVE-2019-7192 | This improper access control vulnerability allows remote attackers to gain unauthorized access to th... | KEV E | |
| CVE-2018-20062 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to e... | KEV E | |
| CVE-2023-33009 | A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4... | KEV | |
| CVE-2022-47986 | IBM Aspera Faspex code execution | KEV S | |
| CVE-2019-16759 | vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in ... | KEV E | |
| CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.... | KEV S | |
| CVE-2024-4577 | Argument Injection in PHP-CGI | KEV E S | |
| CVE-2024-6670 | WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability | KEV | |
| CVE-2024-38812 | Heap-overflow vulnerability | KEV | |
| CVE-2017-9841 | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to exe... | KEV S | |
| CVE-2024-9680 | An attacker was able to achieve code execution in the content process by exploiting a use-after-free... | KEV S | |
| CVE-2020-15415 | On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfg... | KEV E | |
| CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, ... | KEV E | |
| CVE-2025-1316 | Edimax IC-7100 IP Camera OS Command Injection | KEV M | |
| CVE-2015-4852 | The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allo... | KEV E S | |
| CVE-2021-31166 | HTTP Protocol Stack Remote Code Execution Vulnerability | KEV S | |
| CVE-2022-44877 | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote... | KEV E | |
| CVE-2012-0391 | The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL... | KEV E | |
| CVE-2025-4632 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Ser... | KEV | |
| CVE-2022-42475 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 t... | KEV E S | |
| CVE-2019-10068 | An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.... | KEV E | |
| CVE-2017-9791 | The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicio... | KEV E S | |
| CVE-2009-1151 | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before... | KEV E S | |
| CVE-2019-11580 | Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in r... | KEV E M | |
| CVE-2024-34102 | XXE can expose crypt key and other secrets granting full admin access | KEV E | |
| CVE-2024-13161 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 Janu... | KEV E | |
| CVE-2016-3088 | The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uploa... | KEV E S | |
| CVE-2021-22005 | The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malic... | KEV E S | |
| CVE-2019-16928 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846... | KEV E S | |
| CVE-2022-21445 | Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew... | KEV | |
| CVE-2020-2555 | Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheS... | KEV E S | |
| CVE-2020-10181 | goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrar... | KEV E | |
| CVE-2020-3952 | Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or ext... | KEV E | |
| CVE-2020-15069 | Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via th... | KEV M | |
| CVE-2020-17463 | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /n... | KEV E | |
| CVE-2020-10148 | SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands | KEV S | |
| CVE-2020-25506 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi compon... | KEV E | |
| CVE-2021-1871 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, S... | KEV | |
| CVE-2019-2725 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web... | KEV E S | |
| CVE-2021-20090 | A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.... | KEV E | |
| CVE-2020-17530 | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code ... | KEV S | |
| CVE-2021-1498 | Cisco HyperFlex HX Command Injection Vulnerabilities | KEV E | |
| CVE-2021-27852 | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unau... | KEV | |
| CVE-2022-22965 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execut... | KEV E S | |
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication... | KEV E S | |
| CVE-2020-2551 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core... | KEV S | |
| CVE-2021-44077 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCente... | KEV E S | |
| CVE-2021-20038 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environme... | KEV E | |
| CVE-2019-19781 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0... | KEV | |
| CVE-2021-35587 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO A... | KEV | |
| CVE-2023-1671 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older... | KEV E | |
| CVE-2022-26258 | D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via H... | KEV E | |
| CVE-2024-23692 | Rejetto HTTP File Server 2.3m Unauthenticated RCE | KEV E S | |
| CVE-2022-26352 | An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft ... | KEV E | |
| CVE-2022-26138 | The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluenc... | KEV S | |
| CVE-2022-35914 | /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP... | KEV E S | |
| CVE-2023-20887 | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with netw... | KEV E S | |
| CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to... | KEV E S | |
| CVE-2022-1040 | An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to e... | KEV E M | |
| CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability | KEV E S | |
| CVE-2023-6448 | Unitronics VisiLogic uses a default administrative password | KEV | |
| CVE-2023-29300 | Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution | KEV | |
| CVE-2017-1000486 | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution... | KEV E | |
| CVE-2024-27348 | Apache HugeGraph-Server: Command execution in gremlin | KEV E | |
| CVE-2017-11357 | Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to Rad... | KEV E M | |
| CVE-2024-5217 | Incomplete Input Validation in GlideExpression Script | KEV | |
| CVE-2024-7593 | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or ... | KEV S | |
| CVE-2024-20439 | A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attac... | KEV | |
| CVE-2021-20016 | A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated... | KEV M | |
| CVE-2025-3248 | Langflow Unauth RCE | KEV E S | |
| CVE-2022-41352 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitra... | KEV E S | |
| CVE-2020-14750 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | KEV S | |
| CVE-2013-2251 | Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via... | KEV E S | |
| CVE-2018-2628 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS... | KEV E S | |
| CVE-2020-2883 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S... | KEV | |
| CVE-2012-1710 | Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middl... | KEV S | |
| CVE-2010-2861 | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 ... | KEV E | |
| CVE-2017-9248 | Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before ... | KEV E M | |
| CVE-2022-46169 | Unauthenticated Command Injection | KEV E S | |
| CVE-2017-12149 | In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was foun... | KEV | |
| CVE-2023-24489 | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller whic... | KEV | |
| CVE-2024-36401 | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver | KEV E S | |
| CVE-2018-19323 | The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before ... | KEV E | |
| CVE-2017-15944 | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before ... | KEV E | |
| CVE-2025-23006 | Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA100... | KEV | |
| CVE-2022-24112 | apisix/batch-requests plugin allows overwriting the X-REAL-IP header | KEV E M | |
| CVE-2018-19410 | PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users wit... | KEV | |
| CVE-2019-7195 | This external control of file name or path vulnerability allows remote attackers to access or modify... | KEV E | |
| CVE-2024-13159 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 Janu... | KEV E | |
| CVE-2024-55591 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiO... | KEV S | |
| CVE-2024-53704 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote atta... | KEV | |
| CVE-2018-7600 | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attac... | KEV E S | |
| CVE-2024-11680 | ProjectSend Unauthenticated Configuration Modification | KEV E S | |
| CVE-2021-27103 | Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.... | KEV | |
| CVE-2017-6862 | NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices ... | KEV | |
| CVE-2024-32113 | Apache OFBiz: Path traversal leading to RCE | KEV S | |
| CVE-2023-45249 | Remote command execution due to use of default passwords. The following products are affected: Acron... | KEV | |
| CVE-2010-4344 | Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows rem... | KEV E S | |
| CVE-2024-4358 | Registration Authentication Bypass Vulnerability | KEV M | |
| CVE-2022-47966 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote... | KEV E S | |
| CVE-2021-22991 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | KEV | |
| CVE-2005-2773 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary comma... | KEV E | |
| CVE-2024-0012 | PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) | KEV E S | |
| CVE-2019-16278 | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker ... | KEV E | |
| CVE-2023-26359 | Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution | KEV S | |
| CVE-2024-23897 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command par... | KEV E | |
| CVE-2021-27860 | Arbitrary file upload vulnerability in FatPipe software | KEV E M | |
| CVE-2018-19949 | If exploited, this command injection vulnerability could allow remote attackers to run arbitrary com... | KEV | |
| CVE-2024-4885 | WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability | KEV | |
| CVE-2017-11317 | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses... | KEV E M | |
| CVE-2020-13927 | The previous default setting for Airflow's Experimental API was to allow all API requests without au... | KEV E | |
| CVE-2024-5910 | Expedition: Missing Authentication Leads to Admin Account Takeover | KEV E S | |
| CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | KEV S | |
| CVE-2022-40684 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.... | KEV E M | |
| CVE-2024-9537 | ScienceLogic SL1 unspecified vulnerability | KEV | |
| CVE-2018-7602 | Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 | KEV E S | |
| CVE-2022-27518 | Unauthenticated remote arbitrary code execution | KEV | |
| CVE-2019-7194 | This external control of file name or path vulnerability allows remote attackers to access or modify... | KEV E | |
| CVE-2024-4040 | Unauthenticated arbitrary file read and remote code execution in CrushFTP | KEV E S | |
| CVE-2022-26134 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th... | KEV E S | |
| CVE-2019-9670 | mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External ... | KEV E S | |
| CVE-2021-3129 | Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker... | KEV E S | |
| CVE-2023-29357 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-33010 | A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions ... | KEV | |
| CVE-2021-37415 | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a... | KEV | |
| CVE-2021-1870 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, S... | KEV | |
| CVE-2022-26143 | The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Expres... | KEV E M | |
| CVE-2023-27350 | This vulnerability allows remote attackers to bypass authentication on affected installations of Pap... | KEV E | |
| CVE-2010-5330 | On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP ... | KEV S | |
| CVE-2022-42948 | Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. ... | KEV | |
| CVE-2025-42599 | Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerabi... | KEV | |
| CVE-2018-4878 | A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerab... | KEV E | |
| CVE-2022-31199 | Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording com... | KEV E | |
| CVE-2022-3236 | A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute c... | KEV | |
| CVE-2022-37042 | Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP arc... | KEV E S | |
| CVE-2024-28986 | SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability | KEV S | |
| CVE-2022-1388 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | KEV E M | |
| CVE-2022-26871 | An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated re... | KEV S | |
| CVE-2014-0780 | Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allow... | KEV E S | |
| CVE-2023-25717 | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Requ... | KEV E S | |
| CVE-2018-20753 | Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileg... | KEV E | |
| CVE-2020-11651 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr... | KEV E | |
| CVE-2020-29574 | An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthentica... | KEV | |
| CVE-2023-28461 | Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An atta... | KEV M | |
| CVE-2021-20028 | Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-lif... | KEV | |
| CVE-2019-11581 | There was a server-side template injection vulnerability in Jira Server and Data Center, in the Cont... | KEV | |
| CVE-2021-20021 | A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an adm... | KEV | |
| CVE-2024-55956 | In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthent... | KEV E | |
| CVE-2023-46747 | BIG-IP Configuration utility unauthenticated remote code execution vulnerability | KEV E | |
| CVE-2021-27101 | Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a reque... | KEV | |
| CVE-2020-8657 | An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as E... | KEV E | |
| CVE-2024-6047 | GeoVision EOL device - OS Command Injection | KEV E S | |
| CVE-2021-42258 | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated r... | KEV E | |
| CVE-2021-44026 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or ... | KEV S | |
| CVE-2020-26919 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function leve... | KEV | |
| CVE-2023-28771 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN ... | KEV E | |
| CVE-2023-27997 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0... | KEV S | |
| CVE-2019-16256 | Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which mi... | KEV E | |
| CVE-2018-10562 | An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host pa... | KEV E | |
| CVE-2020-12812 | An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and belo... | KEV | |
| CVE-2020-5135 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS)... | KEV | |
| CVE-2024-4879 | Jelly Template Injection Vulnerability in ServiceNow UI Macros | KEV | |
| CVE-2010-0840 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B... | KEV S | |
| CVE-2020-15505 | A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, ... | KEV E | |
| CVE-2023-36845 | Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable | KEV E S | |
| CVE-2020-12641 | rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via she... | KEV E S | |
| CVE-2023-27992 | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior t... | KEV S | |
| CVE-2024-47575 | A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4... | KEV E S | |
| CVE-2025-32756 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 t... | KEV S | |
| CVE-2024-12356 | Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) | KEV E | |
| CVE-2024-40711 | A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthentica... | KEV E | |
| CVE-2019-0344 | Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5,... | KEV | |
| CVE-2019-7238 | Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.... | KEV | |
| CVE-2023-38035 | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below,... | KEV E | |
| CVE-2016-2386 | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attac... | KEV E | |
| CVE-2018-1273 | Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions... | KEV S | |
| CVE-2018-14839 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code... | KEV E | |
| CVE-2015-1427 | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attac... | KEV E S | |
| CVE-2019-0604 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec... | KEV S | |
| CVE-2022-21587 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (... | KEV E S | |
| CVE-2022-26486 | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable san... | KEV E | |
| CVE-2023-2136 | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had ... | KEV | |
| CVE-2024-5274 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute a... | KEV E | |
| CVE-2024-7971 | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit he... | KEV E S | |
| CVE-2023-6345 | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had ... | KEV | |
| CVE-2024-4947 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute ar... | KEV E | |
| CVE-2024-29824 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | KEV | |
| CVE-2023-41265 | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May ... | KEV | |
| CVE-2021-30633 | Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker wh... | KEV | |
| CVE-2020-16017 | Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker w... | KEV | |
| CVE-2021-37973 | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had c... | KEV S | |
| CVE-2021-28550 | Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution | KEV | |
| CVE-2022-4135 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who h... | KEV E | |
| CVE-2023-48365 | Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code exec... | KEV | |
| CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker t... | KEV E | |
| CVE-2022-3075 | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attac... | KEV | |
| CVE-2024-4671 | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had... | KEV | |
| CVE-2023-4966 | Unauthenticated sensitive information disclosure | KEV | |
| CVE-2023-2868 | Remote Code injection in Barracuda Email Security Gateway | KEV M | |
| CVE-2024-8963 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to ac... | KEV | |
| CVE-2015-4068 | Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obt... | KEV | |
| CVE-2014-4114 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | KEV E S | |
| CVE-2021-30869 | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5... | KEV | |
| CVE-2021-30900 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | KEV | |
| CVE-2013-1347 | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attack... | KEV E S | |
| CVE-2021-30983 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2... | KEV | |
| CVE-2013-1331 | Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to exec... | KEV S | |
| CVE-2022-22675 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | KEV | |
| CVE-2010-2568 | Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R... | KEV E S | |
| CVE-2013-3897 | Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explor... | KEV S | |
| CVE-2010-0188 | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows a... | KEV | |
| CVE-2015-2424 | Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP... | KEV S | |
| CVE-2014-0322 | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to exec... | KEV E S | |
| CVE-2017-0143 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | |
| CVE-2017-0261 | Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerabil... | KEV S | |
| CVE-2017-11826 | Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, ... | KEV E S | |
| CVE-2015-1770 | Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a cr... | KEV S | |
| CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 20... | KEV E S | |
| CVE-2019-9082 | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command E... | KEV E | |
| CVE-2022-21971 | Windows Runtime Remote Code Execution Vulnerability | KEV S | |
| CVE-2018-11776 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution wh... | KEV E S | |
| CVE-2012-2034 | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 1... | KEV | |
| CVE-2020-8655 | An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege esca... | KEV E | |
| CVE-2016-7892 | Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use... | KEV S | |
| CVE-2012-4792 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to e... | KEV S | |
| CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2012-4969 | Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Exp... | KEV S | |
| CVE-2009-0563 | Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Micro... | KEV S | |
| CVE-2008-2992 | Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to... | KEV E S | |
| CVE-2012-0158 | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in... | KEV S | |
| CVE-2016-3235 | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Vis... | KEV E S | |
| CVE-2024-7262 | Arbitrary Code Execution in WPS Office | KEV S | |
| CVE-2009-0927 | Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 b... | KEV E S | |
| CVE-2012-1889 | Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which al... | KEV S | |
| CVE-2016-7193 | Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2... | KEV S | |
| CVE-2021-30883 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15... | KEV | |
| CVE-2009-0557 | Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac... | KEV S | |
| CVE-2013-3906 | GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and... | KEV E S | |
| CVE-2013-3163 | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause ... | KEV S | |
| CVE-2019-8605 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.... | KEV | |
| CVE-2015-1641 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for M... | KEV S | |
| CVE-2021-31956 | Windows NTFS Elevation of Privilege Vulnerability | KEV S | |
| CVE-2016-1646 | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome befo... | KEV E S | |
| CVE-2019-0903 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (... | KEV S | |
| CVE-2014-6332 | OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2... | KEV E S | |
| CVE-2017-8759 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to exec... | KEV E S | |
| CVE-2016-7855 | Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before ... | KEV S | |
| CVE-2017-0148 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | |
| CVE-2010-1297 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Ad... | KEV E | |
| CVE-2011-0611 | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and e... | KEV E S | |
| CVE-2016-6277 | NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7... | KEV E S | |
| CVE-2010-2883 | Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x befo... | KEV | |
| CVE-2016-1010 | Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on ... | KEV S | |
| CVE-2016-4656 | The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged cont... | KEV E | |
| CVE-2014-6352 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | KEV S | |
| CVE-2014-4404 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attacke... | KEV | |
| CVE-2021-30807 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS ... | KEV | |
| CVE-2015-2502 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ... | KEV E S | |
| CVE-2009-1862 | Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x ... | KEV | |
| CVE-2018-4344 | A memory corruption issue was addressed with improved memory handling. This issue affected versions ... | KEV | |
| CVE-2017-0145 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | |
| CVE-2015-2426 | Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista S... | KEV E S | |
| CVE-2017-0146 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | |
| CVE-2019-7287 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | KEV | |
| CVE-2015-7645 | Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x ... | KEV E S | |
| CVE-2021-1675 | Windows Print Spooler Remote Code Execution Vulnerability | KEV E S | |
| CVE-2013-0074 | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate poin... | KEV S | |
| CVE-2012-2539 | Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 ... | KEV S | |
| CVE-2012-0151 | The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server... | KEV S | |
| CVE-2019-8506 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2,... | KEV | |
| CVE-2020-27932 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big ... | KEV | |
| CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | KEV E S | |
| CVE-2012-1856 | The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Of... | KEV S | |
| CVE-2013-2551 | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to ... | KEV S | |
| CVE-2011-0609 | Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux,... | KEV | |
| CVE-2010-2572 | Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arb... | KEV S | |
| CVE-2020-3837 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13... | KEV | |
| CVE-2014-4148 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo... | KEV S | |
| CVE-2012-5054 | Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4... | KEV E | |
| CVE-2013-0640 | Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote ... | KEV | |
| CVE-2014-1761 | Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatib... | KEV S | |
| CVE-2016-0984 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0... | KEV E S | |
| CVE-2017-8464 | Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1... | KEV E S | |
| CVE-2016-0034 | Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows... | KEV S | |
| CVE-2015-8651 | Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Wind... | KEV S | |
| CVE-2012-1535 | Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and befo... | KEV S | |
| CVE-2015-0016 | Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows V... | KEV E S | |
| CVE-2018-8414 | A remote code execution vulnerability exists when the Windows Shell does not properly validate file ... | KEV S | |
| CVE-2012-0754 | Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and S... | KEV S | |
| CVE-2019-1297 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to ... | KEV S | |
| CVE-2017-11882 | Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Se... | KEV E S | |
| CVE-2018-0798 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof... | KEV S | |
| CVE-2013-0643 | The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows... | KEV S | |
| CVE-2009-3129 | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open ... | KEV E S | |
| CVE-2015-2419 | JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code... | KEV S | |
| CVE-2017-0144 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | |
| CVE-2015-2545 | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute ar... | KEV E S | |
| CVE-2015-2425 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | KEV S | |
| CVE-2018-0802 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof... | KEV E S | |
| CVE-2019-15752 | Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a T... | KEV E | |
| CVE-2014-4077 | Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 ... | KEV S | |
| CVE-2009-4324 | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and... | KEV E | |
| CVE-2013-0641 | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11... | KEV | |
| CVE-2015-1642 | Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code ... | KEV S | |
| CVE-2013-1690 | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderb... | KEV | |
| CVE-2007-5659 | Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to ex... | KEV | |
| CVE-2017-8540 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic... | KEV E S | |
| CVE-2016-3393 | Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ... | KEV S | |
| CVE-2021-34448 | Scripting Engine Memory Corruption Vulnerability | KEV S | |
| CVE-2017-8570 | Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects... | KEV E S | |
| CVE-2015-1671 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.... | KEV S | |
| CVE-2019-0541 | A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates ... | KEV E S | |
| CVE-2016-0185 | Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers ... | KEV E S | |
| CVE-2013-0648 | Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player ... | KEV S | |
| CVE-2016-7256 | atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2... | KEV S | |
| CVE-2020-9907 | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS ... | KEV | |
| CVE-2020-6572 | Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute ... | KEV | |
| CVE-2017-0262 | Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerabil... | KEV S | |
| CVE-2010-3333 | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 201... | KEV S | |
| CVE-2025-22224 | VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads t... | KEV | |
| CVE-2024-9465 | Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure | KEV E S | |
| CVE-2018-13382 | An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1... | KEV | |
| CVE-2020-4006 | VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector addr... | KEV | |
| CVE-2024-21887 | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti ... | KEV E | |
| CVE-2021-40407 | An OS command injection vulnerability exists in the device network settings functionality of reolink... | KEV E | |
| CVE-2018-13379 | An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiO... | KEV M | |
| CVE-2024-8956 | PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication | KEV | |
| CVE-2018-14847 | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and r... | KEV E M | |
| CVE-2022-23131 | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML | KEV S | |
| CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | KEV S | |
| CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2012-3152 | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1... | KEV E S | |
| CVE-2024-38475 | Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. | KEV S | |
| CVE-2024-41713 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 F... | KEV | |
| CVE-2025-0108 | PAN-OS: Authentication Bypass in the Management Web Interface | KEV E S | |
| CVE-2020-4428 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to ... | KEV S | |
| CVE-2025-42999 | Insecure Deserialization in SAP NetWeaver (Visual Composer development server) | KEV E | |
| CVE-2020-8816 | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a c... | KEV E S | |
| CVE-2021-40438 | mod_proxy SSRF | KEV S | |
| CVE-2020-0688 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails ... | KEV E S | |
| CVE-2019-15949 | Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the s... | KEV E | |
| CVE-2017-6742 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV | |
| CVE-2017-6737 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV | |
| CVE-2022-23176 | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to acces... | KEV | |
| CVE-2020-1040 | A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to pr... | KEV S | |
| CVE-2014-1812 | The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ... | KEV S | |
| CVE-2021-45046 | Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack | KEV S | |
| CVE-2021-28664 | The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption... | KEV | |
| CVE-2019-12991 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Val... | KEV E | |
| CVE-2021-27878 | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and a... | KEV E | |
| CVE-2019-15271 | Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability | KEV | |
| CVE-2019-0193 | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases... | KEV S | |
| CVE-2025-30406 | Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vuln... | KEV S | |
| CVE-2017-6736 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV E | |
| CVE-2018-9276 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PR... | KEV E M | |
| CVE-2017-6334 | dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated... | KEV E | |
| CVE-2017-6738 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV | |
| CVE-2020-10199 | Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).... | KEV E S | |
| CVE-2020-1956 | Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate ... | KEV E S | |
| CVE-2020-14883 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | KEV | |
| CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-25298 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... | KEV E | |
| CVE-2019-11001 | On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticate... | KEV E | |
| CVE-2014-6324 | The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ... | KEV S | |
| CVE-2017-6740 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV | |
| CVE-2019-3398 | Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments r... | KEV E S | |
| CVE-2019-1652 | Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability | KEV E | |
| CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability | KEV E S | |
| CVE-2017-6744 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains mu... | KEV | |
| CVE-2025-22457 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure... | KEV | |
| CVE-2017-6884 | A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.0... | KEV E | |
| CVE-2017-6743 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV | |
| CVE-2021-29256 | . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, lead... | KEV | |
| CVE-2021-22894 | A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authe... | KEV | |
| CVE-2025-0282 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure... | KEV E | |
| CVE-2024-58136 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a ... | KEV S | |
| CVE-2017-6739 | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 thro... | KEV | |
| CVE-2023-34192 | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to ... | KEV | |
| CVE-2021-25296 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... | KEV E | |
| CVE-2020-10221 | lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbi... | KEV E | |
| CVE-2021-25297 | Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file... | KEV E | |
| CVE-2021-28663 | The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU mem... | KEV E | |
| CVE-2016-11021 | setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via... | KEV E | |
| CVE-2021-34523 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2023-27524 | Apache Superset: Session validation vulnerability when using provided default SECRET_KEY | KEV E | |
| CVE-2018-6065 | Integer overflow in computing the required allocation size when instantiating a new javascript objec... | KEV E | |
| CVE-2023-28434 | MinIO is vulnerable to privilege escalation on Linux/MacOS | KEV E S | |
| CVE-2020-16009 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker... | KEV E | |
| CVE-2022-4262 | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentiall... | KEV S | |
| CVE-2021-1789 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big ... | KEV | |
| CVE-2016-7200 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrar... | KEV E S | |
| CVE-2023-32373 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS... | KEV | |
| CVE-2019-9875 | Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenti... | KEV E S | |
| CVE-2016-4657 | WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial... | KEV E | |
| CVE-2025-24201 | An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. Thi... | KEV | |
| CVE-2022-38181 | The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory o... | KEV E | |
| CVE-2021-21166 | Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially e... | KEV | |
| CVE-2024-0519 | Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker... | KEV | |
| CVE-2022-36804 | Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, fr... | KEV E S | |
| CVE-2021-21193 | Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentia... | KEV | |
| CVE-2015-4495 | The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS befo... | KEV E S | |
| CVE-2021-21206 | Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potenti... | KEV | |
| CVE-2021-38003 | Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker ... | KEV E | |
| CVE-2021-21220 | Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a r... | KEV E | |
| CVE-2021-21224 | Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arb... | KEV E | |
| CVE-2023-32439 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPa... | KEV | |
| CVE-2022-2294 | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to... | KEV | |
| CVE-2021-30632 | Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potent... | KEV | |
| CVE-2022-3038 | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker ... | KEV E | |
| CVE-2022-41040 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2024-44308 | The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and i... | KEV | |
| CVE-2021-30761 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1... | KEV | |
| CVE-2014-2817 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted we... | KEV S | |
| CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web... | KEV | |
| CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability | KEV S | |
| CVE-2016-6366 | Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA... | KEV E | |
| CVE-2020-13671 | Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files ... | KEV | |
| CVE-2021-30858 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.... | KEV | |
| CVE-2021-21017 | Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution | KEV | |
| CVE-2021-37975 | Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially... | KEV | |
| CVE-2021-30666 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5... | KEV | |
| CVE-2015-2360 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista... | KEV S | |
| CVE-2008-3431 | The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHO... | KEV E | |
| CVE-2017-5030 | Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Window... | KEV E | |
| CVE-2019-13720 | Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to poten... | KEV E | |
| CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1... | KEV E S | |
| CVE-2023-2033 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potential... | KEV | |
| CVE-2021-21148 | Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to pote... | KEV | |
| CVE-2020-1631 | Out of Cycle Security Advisory: Junos OS: Security vulnerability in J-Web and web based (HTTP/HTTPS) services | KEV S | |
| CVE-2024-23222 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadO... | KEV | |
| CVE-2019-3010 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The support... | KEV E S | |
| CVE-2021-21551 | Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to e... | KEV E M | |
| CVE-2023-22952 | In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the Emai... | KEV E | |
| CVE-2022-32893 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | KEV | |
| CVE-2020-6418 | Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentiall... | KEV E S | |
| CVE-2019-17026 | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a typ... | KEV E | |
| CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability | KEV S | |
| CVE-2010-1871 | JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux... | KEV | |
| CVE-2019-8720 | A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web c... | KEV | |
| CVE-2020-16013 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker... | KEV | |
| CVE-2020-11978 | An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul... | KEV E | |
| CVE-2024-4761 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perf... | KEV | |
| CVE-2021-30551 | Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentiall... | KEV E | |
| CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability | KEV E S | |
| CVE-2023-28205 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari ... | KEV | |
| CVE-2021-30762 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.... | KEV | |
| CVE-2024-7965 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker... | KEV | |
| CVE-2017-0210 | An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cros... | KEV S | |
| CVE-2014-4123 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we... | KEV S | |
| CVE-2023-7024 | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to... | KEV E | |
| CVE-2017-6327 | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, wh... | KEV E | |
| CVE-2020-16010 | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attac... | KEV | |
| CVE-2021-30665 | A memory corruption issue was addressed with improved state management. This issue is fixed in watch... | KEV | |
| CVE-2024-20953 | Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supp... | KEV | |
| CVE-2021-36741 | An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeSca... | KEV | |
| CVE-2020-3118 | Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability | KEV | |
| CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2018-0824 | A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properl... | KEV E S | |
| CVE-2024-40890 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the CGI progr... | KEV | |
| CVE-2014-100005 | Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with f... | KEV E S | |
| CVE-2023-32435 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS... | KEV | |
| CVE-2022-26485 | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We ha... | KEV E | |
| CVE-2021-3493 | The overlayfs implementation in the linux kernel did not properly validate with respect to user name... | KEV E S | |
| CVE-2023-49897 | An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE10... | KEV E | |
| CVE-2016-7201 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrar... | KEV E S | |
| CVE-2021-30663 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 ... | KEV | |
| CVE-2024-40891 | **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the managemen... | KEV | |
| CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability | KEV S | |
| CVE-2020-9818 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | KEV | |
| CVE-2020-9377 | D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: Th... | KEV E S | |
| CVE-2023-37450 | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safar... | KEV | |
| CVE-2017-9822 | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Po... | KEV E | |
| CVE-2025-0994 | Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.... | KEV S | |
| CVE-2021-30563 | Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentiall... | KEV | |
| CVE-2018-0167 | Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Ci... | KEV | |
| CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a... | KEV E S | |
| CVE-2023-36025 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | KEV S | |
| CVE-2017-5070 | Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.30... | KEV E | |
| CVE-2017-11292 | Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, whic... | KEV S | |
| CVE-2023-4762 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute a... | KEV S | |
| CVE-2023-3079 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potential... | KEV E | |
| CVE-2022-22620 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS M... | KEV | |
| CVE-2017-0149 | Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a... | KEV S | |
| CVE-2023-46748 | BIG-IP Configuration utility authenticated SQL injection vulnerability | KEV E | |
| CVE-2020-5735 | Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenti... | KEV E | |
| CVE-2018-17480 | Execution of user supplied Javascript during array deserialization leading to an out of bounds write... | KEV E | |
| CVE-2022-3723 | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentiall... | KEV | |
| CVE-2024-49039 | Windows Task Scheduler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-4102 | Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentiall... | KEV | |
| CVE-2019-11707 | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array... | KEV | |
| CVE-2023-23529 | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPa... | KEV | |
| CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability | KEV S | |
| CVE-2018-5430 | TIBCO JasperReports Server Information Disclosure Vulnerability | KEV E S | |
| CVE-2023-42917 | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17... | KEV | |
| CVE-2006-2492 | Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Mi... | KEV E S | |
| CVE-2021-22899 | A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote aut... | KEV | |
| CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | KEV E | |
| CVE-2022-26500 | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows r... | KEV | |
| CVE-2024-30040 | Windows MSHTML Platform Security Feature Bypass Vulnerability | KEV S | |
| CVE-2018-4990 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.0... | KEV | |
| CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2022-42856 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.... | KEV | |
| CVE-2022-1364 | Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to ... | KEV E S | |
| CVE-2022-1096 | Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially... | KEV | |
| CVE-2013-6282 | The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 A... | KEV E S | |
| CVE-2022-0609 | Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to pot... | KEV | |
| CVE-2020-0618 | A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it inco... | KEV E S | |
| CVE-2021-30661 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari ... | KEV | |
| CVE-2021-30554 | Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potenti... | KEV | |
| CVE-2022-33891 | Apache Spark shell command injection vulnerability via Spark UI | KEV E M | |
| CVE-2024-38189 | Microsoft Project Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-1389 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injec... | KEV E | |
| CVE-2025-3928 | Commvault Web Server unspecified vulnerability | KEV | |
| CVE-2017-0222 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m... | KEV S | |
| CVE-2020-8467 | A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability... | KEV S | |
| CVE-2020-1020 | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manage... | KEV S | |
| CVE-2020-8468 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents ... | KEV S | |
| CVE-2018-17463 | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attac... | KEV E | |
| CVE-2024-43461 | Windows MSHTML Platform Spoofing Vulnerability | KEV S | |
| CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | KEV S | |
| CVE-2016-5198 | V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 ... | KEV E | |
| CVE-2024-4978 | Malicious Code in Justice AV Solutions (JAVS) Viewer | KEV E | |
| CVE-2019-11043 | Underflow in PHP-FPM can lead to RCE | KEV E S | |
| CVE-2024-3393 | PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet | KEV S | |
| CVE-2024-49035 | Partner.Microsoft.Com Elevation of Privilege Vulnerability | KEV | |
| CVE-2020-3569 | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities | KEV M | |
| CVE-2025-1976 | Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6 | KEV | |
| CVE-2023-32315 | Openfire administration console authentication bypass | KEV E S | |
| CVE-2024-28995 | SolarWinds Serv-U L Directory Transversal Vulnerability | KEV S | |
| CVE-2018-0172 | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IO... | KEV | |
| CVE-2018-0174 | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IO... | KEV | |
| CVE-2023-28206 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | KEV | |
| CVE-2025-30154 | Multiple Reviewdog actions were compromised during a specific time period | KEV E S | |
| CVE-2018-0158 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisc... | KEV | |
| CVE-2024-48248 | NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via... | KEV E | |
| CVE-2025-30066 | tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions lo... | KEV E M | |
| CVE-2018-0173 | A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsula... | KEV | |
| CVE-2023-32409 | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, ... | KEV | |
| CVE-2024-24919 | Information disclosure | KEV S | |
| CVE-2018-0155 | A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Cata... | KEV | |
| CVE-2024-20353 | A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) So... | KEV | |
| CVE-2022-43939 | Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions | KEV E | |
| CVE-2023-26360 | Adobe ColdFusion Improper Access Control Arbitrary code execution | KEV E S | |
| CVE-2022-0028 | PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering | KEV S | |
| CVE-2020-3566 | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | KEV | |
| CVE-2021-39144 | XStream is vulnerable to a Remote Command Execution attack | KEV E S | |
| CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | KEV S | |
| CVE-2019-19356 | Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router W... | KEV E | |
| CVE-2013-2597 | Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for ... | KEV | |
| CVE-2022-0185 | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesy... | KEV E S | |
| CVE-2023-33107 | Integer Overflow or Wraparound in Graphics Linux | KEV S | |
| CVE-2021-1905 | Possible use after free due to improper handling of memory mapping of multiple processes simultaneou... | KEV S | |
| CVE-2023-29360 | Microsoft Streaming Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-33739 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-22071 | Possible use after free when process shell memory is freed using IOCTL munmap call and process initi... | KEV S | |
| CVE-2020-17144 | Microsoft Exchange Remote Code Execution Vulnerability | KEV S | |
| CVE-2013-2094 | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an inco... | KEV E S | |
| CVE-2023-33106 | Use of Out-of-range Pointer Offset in Graphics | KEV S | |
| CVE-2025-2783 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to ... | KEV | |
| CVE-2023-46805 | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic... | KEV E | |
| CVE-2021-32648 | Account Takeover in Octobercms | KEV S | |
| CVE-2015-2546 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7... | KEV S | |
| CVE-2024-21893 | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.... | KEV | |
| CVE-2025-24989 | Microsoft Power Pages Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-6549 | Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScal... | KEV | |
| CVE-2019-18426 | A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone ... | KEV E | |
| CVE-2023-41266 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patc... | KEV | |
| CVE-2025-22225 | VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the ... | KEV | |
| CVE-2021-23874 | McAfee Total Protection (MTP) privilege escalation vulnerability | KEV | |
| CVE-2021-27877 | An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication sche... | KEV E | |
| CVE-2022-26925 | Windows LSA Spoofing Vulnerability | KEV S | |
| CVE-2018-15133 | In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a... | KEV E | |
| CVE-2025-27363 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are ... | KEV | |
| CVE-2019-1579 | Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 a... | KEV E | |
| CVE-2014-3120 | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote... | KEV E | |
| CVE-2017-0037 | Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::... | KEV E S | |
| CVE-2017-12617 | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.... | KEV E S | |
| CVE-2017-5521 | An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, ... | KEV E | |
| CVE-2019-6340 | Drupal core - Highly critical - Remote Code Execution | KEV E S | |
| CVE-2021-44207 | Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.... | KEV | |
| CVE-2017-9805 | The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an X... | KEV E S | |
| CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | KEV S | |
| CVE-2020-6819 | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-a... | KEV E | |
| CVE-2025-24472 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiO... | KEV S | |
| CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is d... | KEV E S | |
| CVE-2021-27876 | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and a... | KEV E | |
| CVE-2020-6820 | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-fre... | KEV | |
| CVE-2018-6961 | VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerabilit... | KEV E | |
| CVE-2020-0601 | A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve ... | KEV S | |
| CVE-2017-12615 | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the r... | KEV E S | |
| CVE-2023-47565 | Legacy VioStor NVR | KEV S | |
| CVE-2018-0175 | Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Softw... | KEV | |
| CVE-2019-11539 | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX befor... | KEV E | |
| CVE-2025-23209 | Potential RCE with a compromised security key in craft/cms | KEV S | |
| CVE-2018-19943 | If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicio... | KEV | |
| CVE-2022-41082 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2023-0266 | Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel | KEV S | |
| CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2016-0099 | The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Wind... | KEV E S | |
| CVE-2021-33771 | Windows Kernel Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-38028 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2017-12231 | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IO... | KEV | |
| CVE-2016-6367 | Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWS... | KEV E | |
| CVE-2019-1129 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improp... | KEV S | |
| CVE-2022-0847 | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper i... | KEV E S | |
| CVE-2019-2215 | A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kerne... | KEV E S | |
| CVE-2020-1464 | Windows Spoofing Vulnerability | KEV E S | |
| CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2018-8440 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Loc... | KEV E S | |
| CVE-2020-0041 | In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bound... | KEV | |
| CVE-2016-0040 | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 all... | KEV E S | |
| CVE-2020-1027 | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in... | KEV E S | |
| CVE-2020-1054 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails ... | KEV E S | |
| CVE-2015-2387 | ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ... | KEV S | |
| CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-42824 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A... | KEV | |
| CVE-2016-0165 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7... | KEV E S | |
| CVE-2018-8406 | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver imp... | KEV S | |
| CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, wh... | KEV E S | |
| CVE-2018-19322 | The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS E... | KEV E | |
| CVE-2024-30051 | Windows DWM Core Library Elevation of Privilege Vulnerability | KEV S | |
| CVE-2024-32896 | there is a possible way to bypass due to a logic error in the code. This could lead to local escala... | KEV | |
| CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2021-31979 | Windows Kernel Elevation of Privilege Vulnerability | KEV S | |
| CVE-2024-38107 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2021-38406 | Delta Electronics DOPSoft 2 Out-of-Bounds Write | KEV S | |
| CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability | KEV S | |
| CVE-2021-39793 | In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a... | KEV | |
| CVE-2024-1086 | Use-after-free in Linux kernel's netfilter: nf_tables component | KEV E S | |
| CVE-2022-41125 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-22718 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-3560 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, e... | KEV E S | |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-41061 | A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6... | KEV | |
| CVE-2023-7101 | Arbitrary Code Execution (ACE) Vulnerability | KEV S | |
| CVE-2022-41033 | Windows COM+ Event System Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2016-3309 | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows ... | KEV E S | |
| CVE-2016-3643 | SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveragi... | KEV E | |
| CVE-2014-3153 | The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that... | KEV E S | |
| CVE-2022-42827 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | KEV | |
| CVE-2025-21418 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | KEV S | |
| CVE-2020-1147 | A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Stu... | KEV E S | |
| CVE-2023-36036 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2017-0101 | The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 S... | KEV E S | |
| CVE-2019-1388 | An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not pr... | KEV S | |
| CVE-2021-1732 | Windows Win32k Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | KEV S | |
| CVE-2019-0863 | An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles file... | KEV S | |
| CVE-2021-27102 | Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.... | KEV | |
| CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-30860 | An integer overflow was addressed with improved input validation. This issue is fixed in Security Up... | KEV | |
| CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | KEV | |
| CVE-2025-32701 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV | |
| CVE-2024-53197 | ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices | KEV S | |
| CVE-2020-9859 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 1... | KEV | |
| CVE-2004-0210 | The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary... | KEV S | |
| CVE-2019-1132 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2023-4911 | Glibc: buffer overflow in ld.so leading to privilege escalation | KEV E S | |
| CVE-2015-0666 | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager... | KEV | |
| CVE-2009-1123 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,... | KEV S | |
| CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-21608 | Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability | KEV | |
| CVE-2011-1823 | The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received... | KEV E | |
| CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV S | |
| CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2024-38014 | Windows Installer Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-36934 | Windows Elevation of Privilege Vulnerability | KEV S | |
| CVE-2018-0154 | A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) runni... | KEV | |
| CVE-2020-11261 | Memory corruption due to improper check to return error when user application requests memory alloca... | KEV S | |
| CVE-2022-41073 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2024-21338 | Windows Kernel Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2024-43047 | Use After Free in DSP Service | KEV S | |
| CVE-2020-24557 | A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windo... | KEV | |
| CVE-2010-4345 | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim us... | KEV S | |
| CVE-2019-0797 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2024-38080 | Windows Hyper-V Elevation of Privilege Vulnerability | KEV S | |
| CVE-2020-27930 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | KEV | |
| CVE-2018-19320 | The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before ... | KEV E | |
| CVE-2019-20500 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability vi... | KEV E S | |
| CVE-2024-35250 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-1048 | In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after f... | KEV S | |
| CVE-2021-36742 | A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan... | KEV | |
| CVE-2024-4610 | Mali GPU Kernel Driver allows improper GPU memory processing operations | KEV S | |
| CVE-2019-0808 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV E S | |
| CVE-2020-0683 | An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process sy... | KEV S | |
| CVE-2010-3904 | The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol im... | KEV E S | |
| CVE-2020-0638 | An elevation of privilege vulnerability exists in the way the Update Notification Manager handles fi... | KEV S | |
| CVE-2015-2291 | (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics dr... | KEV E S | |
| CVE-2015-6175 | The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted applicat... | KEV S | |
| CVE-2019-7286 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1... | KEV | |
| CVE-2014-4113 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windo... | KEV E S | |
| CVE-2013-3660 | The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows X... | KEV E S | |
| CVE-2023-36033 | Windows DWM Core Library Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-22960 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation... | KEV E S | |
| CVE-2006-1547 | ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote ... | KEV E S | |
| CVE-2019-0543 | An elevation of privilege vulnerability exists when Windows improperly handles authentication reques... | KEV E S | |
| CVE-2020-0986 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje... | KEV S | |
| CVE-2023-41064 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6... | KEV | |
| CVE-2017-0001 | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 S... | KEV S | |
| CVE-2020-0787 | An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Serv... | KEV E S | |
| CVE-2018-20250 | In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting ... | KEV E | |
| CVE-2022-22047 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | KEV S | |
| CVE-2017-16651 | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized acce... | KEV E S | |
| CVE-2018-19321 | The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS E... | KEV E | |
| CVE-2023-20963 | In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege... | KEV S | |
| CVE-2022-32917 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS... | KEV | |
| CVE-2019-0859 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2019-1130 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improp... | KEV S | |
| CVE-2017-11774 | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execu... | KEV E S | |
| CVE-2022-32894 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS... | KEV | |
| CVE-2019-0803 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2019-1385 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperl... | KEV S | |
| CVE-2020-0938 | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manage... | KEV S | |
| CVE-2019-1215 | An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects... | KEV S | |
| CVE-2013-2596 | Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, ... | KEV E S | |
| CVE-2016-0151 | The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and ... | KEV E S | |
| CVE-2024-49138 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2022-23748 | mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to lo... | KEV | |
| CVE-2019-0880 | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka '... | KEV S | |
| CVE-2015-3035 | Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) w... | KEV E | |
| CVE-2019-8526 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS M... | KEV | |
| CVE-2019-0841 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improp... | KEV E S | |
| CVE-2013-5065 | NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users... | KEV E S | |
| CVE-2022-22706 | Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory ... | KEV | |
| CVE-2017-1000253 | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/... | KEV S | |
| CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability | KEV S | |
| CVE-2020-28949 | Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any ... | KEV E | |
| CVE-2015-1130 | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass ... | KEV E | |
| CVE-2020-14864 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle... | KEV | |
| CVE-2021-34486 | Windows Event Tracing Elevation of Privilege Vulnerability | KEV S | |
| CVE-2017-0005 | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 S... | KEV E S | |
| CVE-2018-8453 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV E S | |
| CVE-2018-8611 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje... | KEV S | |
| CVE-2020-3950 | VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and... | KEV E | |
| CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability | KEV S | |
| CVE-2019-13272 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the cr... | KEV E S | |
| CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-20124 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu... | KEV E | |
| CVE-2018-8639 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2018-8589 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, ... | KEV S | |
| CVE-2023-26369 | [Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild | KEV | |
| CVE-2023-38831 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a ... | KEV E | |
| CVE-2022-21999 | Windows Print Spooler Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-34713 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | KEV S | |
| CVE-2024-53104 | media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format | KEV S | |
| CVE-2018-0159 | A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Ci... | KEV | |
| CVE-2024-36971 | net: fix __dst_negative_advice() race | KEV S | |
| CVE-2016-7262 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp... | KEV S | |
| CVE-2024-23225 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 ... | KEV | |
| CVE-2016-7255 | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows ... | KEV E S | |
| CVE-2018-8405 | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver imp... | KEV S | |
| CVE-2021-20123 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu... | KEV E | |
| CVE-2019-0211 | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi... | KEV E S | |
| CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-33063 | Use After Free in DSP Services | KEV S | |
| CVE-2024-23296 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 an... | KEV | |
| CVE-2015-1701 | Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 20... | KEV E S | |
| CVE-2011-2005 | afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 doe... | KEV S | |
| CVE-2025-32709 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | KEV | |
| CVE-2010-0232 | The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2... | KEV E S | |
| CVE-2017-12234 | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Ci... | KEV | |
| CVE-2018-0156 | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could a... | KEV | |
| CVE-2016-0167 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7... | KEV S | |
| CVE-2019-1214 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver... | KEV S | |
| CVE-2024-43093 | In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path fil... | KEV S | |
| CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV | |
| CVE-2021-34484 | Windows User Profile Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-36948 | Windows Update Medic Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-30713 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.... | KEV | |
| CVE-2019-1322 | An elevation of privilege vulnerability exists when Windows improperly handles authentication reques... | KEV E S | |
| CVE-2019-1253 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly ha... | KEV S | |
| CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 a... | KEV | |
| CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-32434 | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5... | KEV | |
| CVE-2019-1458 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV E S | |
| CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-35674 | In onCreate of WindowState.java, there is a possible way to launch a background activity due to a lo... | KEV S | |
| CVE-2023-41990 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3... | KEV | |
| CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability | KEV S | |
| CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability | KEV | |
| CVE-2017-12233 | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Ci... | KEV | |
| CVE-2017-12237 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6... | KEV | |
| CVE-2017-12235 | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) ... | KEV | |
| CVE-2020-3433 | Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability | KEV E | |
| CVE-2024-29748 | there is a possible way to bypass due to a logic error in the code. This could lead to local escala... | KEV | |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | KEV E | |
| CVE-2002-0367 | smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs ... | KEV E S | |
| CVE-2017-8291 | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdpa... | KEV E S | |
| CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability | KEV S | |
| CVE-2025-24085 | A use after free issue was addressed with improved memory management. This issue is fixed in visionO... | KEV | |
| CVE-2020-0069 | In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write ... | KEV | |
| CVE-2019-1064 | Windows Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-21823 | Windows Graphics Component Remote Code Execution Vulnerability | KEV S | |
| CVE-2019-1315 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handl... | KEV S | |
| CVE-2017-0263 | The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1,... | KEV E S | |
| CVE-2019-1405 | An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) servi... | KEV S | |
| CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat... | KEV E S | |
| CVE-2024-38193 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2010-4398 | Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Window... | KEV E S | |
| CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | KEV S | |
| CVE-2018-8373 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV S | |
| CVE-2019-1367 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV S | |
| CVE-2016-0189 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 t... | KEV E S | |
| CVE-2024-21351 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2020-0968 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV S | |
| CVE-2018-8298 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles... | KEV E S | |
| CVE-2013-3900 | WinVerifyTrust Signature Validation Vulnerability | KEV S | |
| CVE-2019-1429 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV E S | |
| CVE-2020-0674 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV E S | |
| CVE-2019-0752 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV E S | |
| CVE-2018-8174 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | KEV E S | |
| CVE-2018-8653 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV S | |
| CVE-2020-5410 | Directory Traversal with spring-cloud-config-server | KEV | |
| CVE-2019-17558 | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Velocit... | KEV E S | |
| CVE-2024-57727 | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulner... | KEV | |
| CVE-2016-6415 | The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through... | KEV | |
| CVE-2019-7483 | In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect C... | KEV | |
| CVE-2010-1428 | The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka J... | KEV E | |
| CVE-2020-5849 | Unraid 6.8.0 allows authentication bypass.... | KEV E | |
| CVE-2019-20085 | TVT NVMS-1000 devices allow GET /.. Directory Traversal... | KEV E | |
| CVE-2024-21287 | Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software ... | KEV | |
| CVE-2020-3259 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability | KEV | |
| CVE-2023-29298 | Adobe ColdFusion Improper Access Control Security feature bypass | KEV | |
| CVE-2020-17519 | Apache Flink directory traversal attack: reading remote files through the REST API | KEV E | |
| CVE-2023-21839 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ... | KEV E S | |
| CVE-2017-10271 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS... | KEV E S | |
| CVE-2016-3976 | Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers t... | KEV E | |
| CVE-2023-38205 | ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298 | KEV | |
| CVE-2023-38950 | A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated att... | KEV E | |
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell... | KEV E S | |
| CVE-2016-9079 | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulner... | KEV E | |
| CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | KEV S | |
| CVE-2014-0160 | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart... | KEV E S | |
| CVE-2021-42278 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | |
| CVE-2018-15811 | DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.... | KEV E | |
| CVE-2013-0631 | Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecif... | KEV | |
| CVE-2017-12637 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetW... | KEV | |
| CVE-2025-31200 | A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 1... | KEV | |
| CVE-2021-21975 | Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may all... | KEV E | |
| CVE-2014-0130 | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-rend... | KEV | |
| CVE-2024-11667 | A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware ver... | KEV | |
| CVE-2022-27924 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary... | KEV | |
| CVE-2019-1653 | Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | KEV E | |
| CVE-2023-27532 | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the con... | KEV | |
| CVE-2023-36884 | Windows Search Remote Code Execution Vulnerability | KEV S | |
| CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability | KEV S | |
| CVE-2018-0296 | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an u... | KEV E | |
| CVE-2019-13608 | Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0... | KEV M | |
| CVE-2021-36942 | Windows LSA Spoofing Vulnerability | KEV E S | |
| CVE-2019-18187 | Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a dir... | KEV | |
| CVE-2010-3035 | Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transit... | KEV | |
| CVE-2024-12987 | DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection | KEV E | |
| CVE-2022-30333 | RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an ex... | KEV E S | |
| CVE-2021-22506 | Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager produ... | KEV | |
| CVE-2020-11738 | The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) all... | KEV E | |
| CVE-2017-6627 | A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through... | KEV M | |
| CVE-2024-29059 | .NET Framework Information Disclosure Vulnerability | KEV | |
| CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability | KEV | |
| CVE-2021-31010 | A deserialization issue was addressed through improved validation. This issue is fixed in Security U... | KEV | |
| CVE-2016-0752 | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x b... | KEV E | |
| CVE-2023-45727 | Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier... | KEV | |
| CVE-2022-24990 | TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password b... | KEV E | |
| CVE-2021-41773 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | KEV E S | |
| CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register... | KEV E | |
| CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability | KEV S | |
| CVE-2020-2506 | improper access control vulnerability in Helpdesk | KEV S | |
| CVE-2024-3273 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection | KEV E | |
| CVE-2019-7481 | Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorize... | KEV | |
| CVE-2017-0147 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | |
| CVE-2021-40655 | An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker ca... | KEV E | |
| CVE-2024-38178 | Scripting Engine Memory Corruption Vulnerability | KEV S | |
| CVE-2022-36537 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive info... | KEV S | |
| CVE-2024-45195 | Apache OFBiz: Confused controller-view authorization logic (forced browsing) | KEV S | |
| CVE-2013-0629 | Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to a... | KEV | |
| CVE-2018-18325 | DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters.... | KEV E | |
| CVE-2021-42287 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | |
| CVE-2016-8562 | A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 154... | KEV S | |
| CVE-2020-3452 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability | KEV E | |
| CVE-2016-4523 | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote ... | KEV | |
| CVE-2024-38813 | Privilege escalation vulnerability | KEV | |
| CVE-2019-6223 | A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved... | KEV | |
| CVE-2015-5317 | The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers t... | KEV | |
| CVE-2023-28432 | Minio Information Disclosure in Cluster Deployment | KEV E | |
| CVE-2020-36193 | Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadeq... | KEV S | |
| CVE-2017-3506 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web... | KEV S | |
| CVE-2024-20767 | ColdFusion | Improper Access Control (CWE-284) | KEV | |
| CVE-2018-8581 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange... | KEV S | |
| CVE-2017-0213 | Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wind... | KEV E S | |
| CVE-2023-21715 | Microsoft Publisher Security Feature Bypass Vulnerability | KEV S | |
| CVE-2021-33766 | Microsoft Exchange Server Information Disclosure Vulnerability | KEV S | |
| CVE-2021-25487 | Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2... | KEV | |
| CVE-2024-38226 | Microsoft Publisher Security Feature Bypass Vulnerability | KEV S | |
| CVE-2016-5195 | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to ga... | KEV E S | |
| CVE-2020-8218 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to craf... | KEV E | |
| CVE-2023-20273 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote ... | KEV | |
| CVE-2020-5741 | Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated att... | KEV E | |
| CVE-2020-8260 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated... | KEV E | |
| CVE-2024-9474 | PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface | KEV E S | |
| CVE-2025-4428 | Remote Code Execution | KEV | |
| CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability | KEV S | |
| CVE-2022-40139 | Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Tr... | KEV S | |
| CVE-2021-20022 | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated ... | KEV | |
| CVE-2023-0669 | Fortra GoAnywhere MFT License Response Servlet Command Injection | KEV E S | |
| CVE-2024-8957 | PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration | KEV | |
| CVE-2021-31196 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV S | |
| CVE-2020-8243 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticat... | KEV | |
| CVE-2023-35081 | A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and ... | KEV | |
| CVE-2024-41710 | A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 69... | KEV E | |
| CVE-2019-2616 | Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (su... | KEV S | |
| CVE-2018-8120 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV E S | |
| CVE-2025-27920 | Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file ... | KEV M | |
| CVE-2024-38094 | Microsoft SharePoint Remote Code Execution Vulnerability | KEV S | |
| CVE-2015-1769 | Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Win... | KEV S | |
| CVE-2021-22900 | A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that c... | KEV | |
| CVE-2023-44221 | Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remo... | KEV | |
| CVE-2022-27925 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archi... | KEV E | |
| CVE-2021-22600 | Double Free in net/packet/af_packet.c leading to priviledge escalation | KEV S | |
| CVE-2024-39717 | The Versa Director GUI provides an option to customize the look and feel of the user interface. This... | KEV | |
| CVE-2024-8190 | An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and ... | KEV | |
| CVE-2021-25372 | An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory... | KEV | |
| CVE-2024-9380 | An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 al... | KEV | |
| CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-41179 | A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem an... | KEV | |
| CVE-2021-25371 | A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF li... | KEV | |
| CVE-2022-28810 | Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator t... | KEV E S | |
| CVE-2021-43890 | Windows AppX Installer Spoofing Vulnerability | KEV E S | |
| CVE-2025-21391 | Windows Storage Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-22226 | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-o... | KEV | |
| CVE-2016-4655 | The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory vi... | KEV E | |
| CVE-2025-0111 | PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface | KEV S | |
| CVE-2020-27950 | A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.... | KEV | |
| CVE-2021-21315 | Command Injection Vulnerability | KEV S | |
| CVE-2018-0180 | Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could... | KEV M | |
| CVE-2018-0179 | Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could... | KEV | |
| CVE-2017-12319 | A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN)... | KEV | |
| CVE-2024-53150 | ALSA: usb-audio: Fix out of bounds reads when finding clock sources | KEV S | |
| CVE-2024-38106 | Windows Kernel Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | KEV E | |
| CVE-2024-30088 | Windows Kernel Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-21919 | Windows User Profile Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-0411 | 7-Zip Mark-of-the-Web Bypass Vulnerability | KEV M | |
| CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | KEV S | |
| CVE-2022-48618 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2... | KEV | |
| CVE-2019-18988 | TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same... | KEV E | |
| CVE-2021-1782 | A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Sec... | KEV | |
| CVE-2021-0920 | In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. Thi... | KEV | |
| CVE-2020-11023 | Potential XSS vulnerability in jQuery | KEV E S | |
| CVE-2014-0196 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly... | KEV E S | |
| CVE-2021-20035 | Improper neutralization of special elements in the SMA100 management interface allows a remote authe... | KEV | |
| CVE-2022-41223 | The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authen... | KEV | |
| CVE-2024-37085 | VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Activ... | KEV S | |
| CVE-2011-4723 | The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to ob... | KEV | |
| CVE-2025-31201 | This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, vision... | KEV | |
| CVE-2021-22204 | Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows... | KEV E S | |
| CVE-2022-40765 | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) c... | KEV M | |
| CVE-2025-21590 | Junos OS: An local attacker with shell access can execute arbitrary code | KEV S | |
| CVE-2022-41328 | A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-... | KEV S | |
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | KEV E S | |
| CVE-2024-12686 | Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA) | KEV | |
| CVE-2018-2380 | SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of... | KEV E | |
| CVE-2023-20109 | A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software a... | KEV | |
| CVE-2019-8394 | Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload a... | KEV E | |
| CVE-2024-43451 | NTLM Hash Disclosure Spoofing Vulnerability | KEV S | |
| CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | KEV S | |
| CVE-2016-3351 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensiti... | KEV E S | |
| CVE-2017-0022 | Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; ... | KEV E S | |
| CVE-2019-5825 | Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker t... | KEV E S | |
| CVE-2019-5786 | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to ... | KEV E | |
| CVE-2022-20821 | Cisco IOS XR Software Health Check Open Port Vulnerability | KEV | |
| CVE-2022-22948 | The vCenter Server contains an information disclosure vulnerability due to improper permission of fi... | KEV S | |
| CVE-2021-30533 | Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a rem... | KEV E S | |
| CVE-2020-8195 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1... | KEV E | |
| CVE-2020-3153 | Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability | KEV E | |
| CVE-2013-3993 | IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file ... | KEV | |
| CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | KEV S | |
| CVE-2015-0071 | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mecha... | KEV S | |
| CVE-2013-7331 | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to... | KEV E S | |
| CVE-2024-38213 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2020-11652 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr... | KEV E | |
| CVE-2020-8193 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.... | KEV E | |
| CVE-2016-3298 | Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Window... | KEV S | |
| CVE-2019-5591 | A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same s... | KEV M | |
| CVE-2023-20118 | A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, ... | KEV M | |
| CVE-2021-37976 | Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attac... | KEV E | |
| CVE-2022-2856 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.511... | KEV E S | |
| CVE-2009-3960 | Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, Li... | KEV E | |
| CVE-2013-1675 | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderb... | KEV E | |
| CVE-2019-0703 | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certai... | KEV S | |
| CVE-2024-9379 | SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authentica... | KEV | |
| CVE-2017-12238 | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Ci... | KEV | |
| CVE-2016-9563 | BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML Externa... | KEV | |
| CVE-2023-28204 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9... | KEV | |
| CVE-2017-12232 | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation ... | KEV | |
| CVE-2019-0676 | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in ... | KEV S | |
| CVE-2025-24054 | NTLM Hash Disclosure Spoofing Vulnerability | KEV | |
| CVE-2017-6663 | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software ... | KEV | |
| CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability | KEV S | |
| CVE-2023-42916 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.... | KEV | |
| CVE-2021-25394 | A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Releas... | KEV | |
| CVE-2021-25395 | A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to byp... | KEV | |
| CVE-2018-0161 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software run... | KEV M | |
| CVE-2021-25369 | An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sen... | KEV | |
| CVE-2021-1906 | Improper handling of address deregistration on failure can lead to new GPU address allocation failur... | KEV S | |
| CVE-2021-25370 | An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 r... | KEV | |
| CVE-2020-35730 | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x befor... | KEV S | |
| CVE-2023-5631 | Stored XSS vulnerability in Roundcube | KEV E S | |
| CVE-2018-6882 | Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimb... | KEV E | |
| CVE-2014-2120 | Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Applian... | KEV | |
| CVE-2021-1879 | This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5... | KEV | |
| CVE-2024-37383 | Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.... | KEV S | |
| CVE-2022-24682 | An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 pa... | KEV E | |
| CVE-2021-38000 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638... | KEV E | |
| CVE-2012-0767 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11... | KEV S | |
| CVE-2023-43770 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail... | KEV S | |
| CVE-2024-11182 | Stored XSS vulnerability in MDaemon Email Server | KEV | |
| CVE-2019-9978 | The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?... | KEV E | |
| CVE-2022-27926 | A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of... | KEV | |
| CVE-2023-37580 | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.... | KEV S | |
| CVE-2025-24200 | An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 1... | KEV | |
| CVE-2024-44309 | A cookie management issue was addressed with improved state management. This issue is fixed in Safar... | KEV | |
| CVE-2018-19953 | If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicio... | KEV | |
| CVE-2020-3580 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities | KEV S | |
| CVE-2024-27443 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vul... | KEV | |
| CVE-2020-13965 | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via ... | KEV E S | |
| CVE-2022-39197 | An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that ... | KEV M | |
| CVE-2024-20399 | Cisco NX-OS Software CLI Command Injection Vulnerability | KEV | |
| CVE-2024-20359 | A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins a... | KEV | |
| CVE-2004-1464 | Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (vi... | KEV S | |
| CVE-2021-25337 | Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release... | KEV | |
| CVE-2025-25181 | A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows re... | KEV E | |
| CVE-2016-3715 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to... | KEV E S | |
| CVE-2024-20481 | A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) ... | KEV | |
| CVE-2021-30657 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.... | KEV | |
| CVE-2013-3896 | Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silv... | KEV S | |
| CVE-2023-6548 | Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway all... | KEV | |
| CVE-2020-9934 | An issue existed in the handling of environment variables. This issue was addressed with improved va... | KEV | |
| CVE-2023-4211 | Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations | KEV | |
| CVE-2023-21237 | In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground s... | KEV | |
| CVE-2021-27562 | In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secur... | KEV | |
| CVE-2021-31955 | Windows Kernel Information Disclosure Vulnerability | KEV S | |
| CVE-2024-29745 | there is a possible Information Disclosure due to uninitialized data. This could lead to local infor... | KEV | |
| CVE-2025-24991 | Windows NTFS Information Disclosure Vulnerability | KEV | |
| CVE-2022-22674 | An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed ... | KEV | |
| CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 an... | KEV | |
| CVE-2016-3718 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote a... | KEV E S | |
| CVE-2021-41379 | Windows Installer Elevation of Privilege Vulnerability | KEV S | |
| CVE-2023-38606 | This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.... | KEV | |
| CVE-2024-50302 | HID: core: zero-initialize the report buffer | KEV S | |
| CVE-2024-38217 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV E S | |
| CVE-2022-41049 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2022-41091 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2020-11899 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.... | KEV E M | |
| CVE-2013-5223 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remo... | KEV E | |
| CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | KEV S | |
| CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2023-36846 | Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | KEV S | |
| CVE-2023-23752 | [20230201] - Core - Improper access check in webservice endpoints | KEV | |
| CVE-2015-4902 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect ... | KEV S | |
| CVE-2010-0738 | The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBo... | KEV E | |
| CVE-2023-36851 | Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files | KEV S | |
| CVE-2022-2586 | It was discovered that a nft object or expression could reference a nft set on a different nft table... | KEV E S | |
| CVE-2023-36844 | Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables | KEV E S | |
| CVE-2021-26086 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular... | KEV E | |
| CVE-2021-26085 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources... | KEV E | |
| CVE-2021-21973 | The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to impro... | KEV | |
| CVE-2013-0431 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug... | KEV | |
| CVE-2021-22017 | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI n... | KEV S | |
| CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | KEV S | |
| CVE-2025-4427 | Authentication Bypass | KEV | |
| CVE-2016-2388 | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain ... | KEV E | |
| CVE-2024-39891 | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an una... | KEV | |
| CVE-2023-36847 | Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | KEV S | |
| CVE-2021-31199 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-31201 | Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability | KEV S | |
| CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability | KEV S | |
| CVE-2023-20269 | A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software... | KEV | |
| CVE-2022-22265 | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release ... | KEV | |
| CVE-2021-35247 | Improper Input Validation Vulnerability in Serv-U | KEV | |
| CVE-2022-23134 | Possible view of the setup pages by unauthenticated users if config file already exists | KEV S | |
| CVE-2021-25489 | Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR... | KEV | |
| CVE-2021-20023 | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated ... | KEV | |
| CVE-2012-0518 | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion... | KEV S | |
| CVE-2021-44168 | A download of code without integrity check vulnerability in the "execute restore src-vis" command of... | KEV | |
| CVE-2025-24984 | Windows NTFS Information Disclosure Vulnerability | KEV S | |
| CVE-2023-21492 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged loca... | KEV | |
| CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | KEV S | |
| CVE-2018-13374 | A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.... | KEV | |
| CVE-2025-4664 | Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote ... | KEV | |
| CVE-2020-9819 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 1... | KEV | |
| CVE-2016-0162 | Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files... | KEV S | |
| CVE-2020-4430 | IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to ... | KEV S | |
| CVE-2009-2055 | Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset... | KEV S | |
| CVE-2020-8196 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.... | KEV | |
| CVE-2017-0059 | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from... | KEV E S | |
| CVE-2013-2423 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV E S | |
| CVE-2018-13383 | A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through ... | KEV M | |
| CVE-2023-20867 | VMware Tools Authentication Bypass Vulnerability | KEV S | |
| CVE-2023-26083 | Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r... | KEV | |
| CVE-2024-55550 | Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege t... | KEV | |
| CVE-2025-47729 | The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL... | KEV |