| ID | Summary | Flags | EPSS Score |
|---|---|---|---|
| CVE-2023-42793 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was p... | KEV E | 94.58% |
| CVE-2024-27198 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was p... | KEV | 94.58% |
| CVE-2023-23752 | [20230201] - Core - Improper access check in webservice endpoints | KEV | 94.53% |
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell... | KEV E S | 94.50% |
| CVE-2024-27199 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was... | | 94.50% |
| CVE-2018-7600 | Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attac... | KEV E S | 94.49% |
| CVE-2018-1000861 | A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier... | KEV | 94.49% |
| CVE-2019-3396 | The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version f... | KEV E S | 94.49% |
| CVE-2023-35078 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted... | KEV E | 94.48% |
| CVE-2023-34362 | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5... | KEV E | 94.48% |
| CVE-2021-22986 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | KEV E | 94.48% |
| CVE-2021-22205 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was n... | KEV E | 94.48% |
| CVE-2014-0160 | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heart... | KEV E S | 94.47% |
| CVE-2019-17558 | Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Velocit... | KEV E S | 94.47% |
| CVE-2022-22963 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing fu... | KEV E S | 94.47% |
| CVE-2022-22947 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code ... | KEV E S | 94.47% |
| CVE-2018-13379 | An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiO... | KEV M | 94.47% |
| CVE-2019-2725 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web... | KEV E S | 94.47% |
| CVE-2022-46169 | Unauthenticated Command Injection | KEV E S | 94.47% |
| CVE-2020-1938 | When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to... | KEV E S | 94.47% |
| CVE-2023-35082 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to ... | KEV | 94.47% |
| CVE-2024-6670 | WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability | KEV | 94.47% |
| CVE-2024-23897 | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command par... | KEV E | 94.47% |
| CVE-2019-15107 | An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a comma... | KEV E | 94.46% |
| CVE-2021-44529 | A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenti... | KEV E S | 94.46% |
| CVE-2022-22965 | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execut... | KEV E S | 94.46% |
| CVE-2016-10033 | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attacker... | E S | 94.46% |
| CVE-2022-1388 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions p... | KEV E M | 94.46% |
| CVE-2021-22005 | The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malic... | KEV E S | 94.45% |
| CVE-2020-14882 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | KEV E | 94.45% |
| CVE-2019-16662 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sendin... | E | 94.45% |
| CVE-2020-3452 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability | KEV E | 94.45% |
| CVE-2019-7609 | Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion vis... | KEV E | 94.45% |
| CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability | KEV E S | 94.45% |
| CVE-2019-11510 | In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9... | KEV E S | 94.45% |
| CVE-2017-1000353 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthentic... | E S | 94.45% |
| CVE-2019-0708 | A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal S... | KEV E S | 94.45% |
| CVE-2022-30525 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5... | KEV E | 94.45% |
| CVE-2024-28995 | SolarWinds Serv-U L Directory Transversal Vulnerability | KEV S | 94.44% |
| CVE-2019-19781 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0... | KEV | 94.44% |
| CVE-2020-5902 | In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11... | KEV E | 94.44% |
| CVE-2023-46747 | BIG-IP Configuration utility unauthenticated remote code execution vulnerability | KEV E | 94.44% |
| CVE-2022-22954 | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due t... | KEV E | 94.44% |
| CVE-2023-32315 | Openfire administration console authentication bypass | KEV E S | 94.44% |
| CVE-2017-10271 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS... | KEV E S | 94.44% |
| CVE-2019-6340 | Drupal core - Highly critical - Remote Code Execution | KEV E S | 94.44% |
| CVE-2020-14883 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | KEV | 94.44% |
| CVE-2021-26084 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th... | KEV E S | 94.44% |
| CVE-2018-0296 | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an u... | KEV E | 94.44% |
| CVE-2023-46604 | Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack | KEV E | 94.44% |
| CVE-2021-36260 | A command injection vulnerability in the web server of some Hikvision product. Due to the insufficie... | KEV E | 94.44% |
| CVE-2023-38035 | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below,... | KEV E | 94.44% |
| CVE-2020-14750 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | KEV S | 94.44% |
| CVE-2022-44877 | login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote... | KEV E | 94.43% |
| CVE-2022-29464 | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attac... | KEV E | 94.43% |
| CVE-2021-40438 | mod_proxy SSRF | KEV S | 94.43% |
| CVE-2019-9670 | mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External ... | KEV E S | 94.43% |
| CVE-2019-16759 | vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in ... | KEV E | 94.43% |
| CVE-2018-11776 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution wh... | KEV E S | 94.43% |
| CVE-2022-36804 | Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, fr... | KEV E S | 94.43% |
| CVE-2021-42013 | Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | KEV E S | 94.43% |
| CVE-2022-40684 | An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.... | KEV E M | 94.43% |
| CVE-2023-40044 | WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability | KEV E | 94.43% |
| CVE-2022-26134 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists th... | KEV E S | 94.43% |
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication... | KEV E S | 94.42% |
| CVE-2018-7602 | Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004 | KEV E S | 94.42% |
| CVE-2022-1040 | An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to e... | KEV E M | 94.42% |
| CVE-2018-2628 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS... | KEV E S | 94.42% |
| CVE-2022-47966 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote... | KEV E S | 94.42% |
| CVE-2020-0796 | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.... | KEV E S | 94.42% |
| CVE-2024-36401 | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver | KEV E S | 94.42% |
| CVE-2020-0688 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails ... | KEV E S | 94.42% |
| CVE-2024-23917 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible... | | 94.42% |
| CVE-2024-21887 | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti ... | KEV E | 94.42% |
| CVE-2021-21975 | Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may all... | KEV E | 94.42% |
| CVE-2020-25223 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.... | KEV E | 94.42% |
| CVE-2020-17519 | Apache Flink directory traversal attack: reading remote files through the REST API | KEV E | 94.41% |
| CVE-2023-43208 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code e... | KEV E | 94.41% |
| CVE-2022-24706 | Remote Code Execution Vulnerability in Packaging | KEV E S | 94.41% |
| CVE-2021-39144 | XStream is vulnerable to a Remote Command Execution attack | KEV E S | 94.41% |
| CVE-2020-7961 | Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to... | KEV E | 94.41% |
| CVE-2022-35405 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthe... | KEV E S | 94.41% |
| CVE-2024-4040 | Unauthenticated arbitrary file read and remote code execution in CrushFTP | KEV E S | 94.41% |
| CVE-2017-0144 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | 94.41% |
| CVE-2024-3273 | D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection | KEV E | 94.41% |
| CVE-2023-22527 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an ... | KEV E | 94.41% |
| CVE-2017-3506 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web... | KEV S | 94.41% |
| CVE-2017-9841 | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to exe... | KEV S | 94.41% |
| CVE-2019-7256 | Linear eMerge E3-Series devices allow Command Injections.... | KEV E | 94.41% |
| CVE-2021-41277 | GeoJSON URL validation can expose server files and environment variables to unauthorized users | KEV S | 94.40% |
| CVE-2021-1497 | Cisco HyperFlex HX Command Injection Vulnerabilities | KEV E | 94.40% |
| CVE-2022-24990 | TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password b... | KEV E | 94.40% |
| CVE-2020-25213 | The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload... | KEV E S | 94.40% |
| CVE-2021-20090 | A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.... | KEV E | 94.40% |
| CVE-2024-7593 | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or ... | KEV S | 94.40% |
| CVE-2021-41773 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 | KEV E S | 94.40% |
| CVE-2023-46805 | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Polic... | KEV E | 94.40% |
| CVE-2018-15961 | Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and... | KEV E | 94.40% |
| CVE-2020-17530 | Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code ... | KEV S | 94.39% |
| CVE-2020-6287 | SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform... | KEV | 94.39% |
| CVE-2022-35914 | /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP... | KEV E S | 94.39% |
| CVE-2017-12617 | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.... | KEV E S | 94.39% |
| CVE-2020-2551 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core... | KEV S | 94.39% |
| CVE-2022-21587 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (... | KEV E S | 94.39% |
| CVE-2019-0604 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec... | KEV S | 94.39% |
| CVE-2022-31814 | pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as roo... | E | 94.39% |
| CVE-2020-11651 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr... | KEV E | 94.39% |
| CVE-2017-9805 | The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an X... | KEV E S | 94.39% |
| CVE-2019-16278 | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker ... | KEV E | 94.39% |
| CVE-2023-24489 | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller whic... | KEV | 94.39% |
| CVE-2023-20887 | Aria Operations for Networks contains a command injection vulnerability. A malicious actor with netw... | KEV E S | 94.39% |
| CVE-2019-1653 | Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | KEV E | 94.39% |
| CVE-2023-33246 | Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function | KEV E | 94.39% |
| CVE-2020-16846 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API... | KEV E | 94.39% |
| CVE-2012-1823 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (ak... | KEV E S | 94.39% |
| CVE-2021-35464 | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession para... | KEV E | 94.39% |
| CVE-2022-0543 | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone t... | KEV E S | 94.38% |
| CVE-2017-11882 | Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Se... | KEV E S | 94.38% |
| CVE-2017-7269 | Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information S... | KEV E S | 94.38% |
| CVE-2021-44228 | Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints | KEV E S | 94.38% |
| CVE-2019-7481 | Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorize... | KEV | 94.38% |
| CVE-2023-47246 | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an... | KEV E | 94.38% |
| CVE-2020-10199 | Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).... | KEV E S | 94.38% |
| CVE-2017-8917 | SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL ... | E S | 94.38% |
| CVE-2023-4966 | Unauthenticated sensitive information disclosure | KEV | 94.38% |
| CVE-2020-11978 | An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul... | KEV E | 94.38% |
| CVE-2019-11581 | There was a server-side template injection vulnerability in Jira Server and Data Center, in the Cont... | KEV | 94.38% |
| CVE-2024-4577 | Argument Injection in PHP-CGI | KEV E S | 94.38% |
| CVE-2023-22518 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Th... | KEV E M | 94.38% |
| CVE-2019-11580 | Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in r... | KEV E M | 94.38% |
| CVE-2021-42237 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserializa... | KEV E | 94.37% |
| CVE-2021-21985 | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input valid... | KEV E | 94.37% |
| CVE-2022-29303 | SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail... | KEV E | 94.37% |
| CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 20... | KEV E S | 94.37% |
| CVE-2024-38856 | Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code | KEV S | 94.37% |
| CVE-2023-49103 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The... | KEV | 94.37% |
| CVE-2023-22515 | Atlassian has been made aware of an issue reported by a handful of customers where external attacker... | KEV E | 94.36% |
| CVE-2023-0669 | Fortra GoAnywhere MFT License Response Servlet Command Injection | KEV E S | 94.36% |
| CVE-2024-1709 | Authentication bypass using an alternate path or channel | KEV E S | 94.36% |
| CVE-2019-10758 | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBS... | KEV E | 94.36% |
| CVE-2019-2616 | Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (su... | KEV S | 94.36% |
| CVE-2017-12615 | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the r... | KEV E S | 94.36% |
| CVE-2020-17496 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax... | KEV E S | 94.36% |
| CVE-2020-8515 | DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.... | KEV E | 94.36% |
| CVE-2023-29357 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | KEV S | 94.36% |
| CVE-2024-0012 | PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) | KEV E S | 94.36% |
| CVE-2023-36845 | Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable | KEV E S | 94.36% |
| CVE-2023-25717 | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Requ... | KEV E S | 94.35% |
| CVE-2020-15505 | A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, ... | KEV E | 94.35% |
| CVE-2021-39226 | Snapshot authentication bypass in grafana | KEV E S | 94.35% |
| CVE-2023-28771 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN ... | KEV E | 94.35% |
| CVE-2021-1675 | Windows Print Spooler Remote Code Execution Vulnerability | KEV E S | 94.35% |
| CVE-2024-2389 | Flowmon Unauthenticated Command Injection Vulnerability | | 94.35% |
| CVE-2020-8193 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.... | KEV E | 94.35% |
| CVE-2024-1212 | LoadMaster Pre-Authenticated OS Command Injection | KEV | 94.35% |
| CVE-2017-9822 | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Po... | KEV E | 94.35% |
| CVE-2020-10148 | SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands | KEV S | 94.34% |
| CVE-2024-3400 | PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect | KEV E S | 94.34% |
| CVE-2022-47986 | IBM Aspera Faspex code execution | KEV S | 94.34% |
| CVE-2022-23131 | Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML | KEV S | 94.34% |
| CVE-2019-16920 | Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652,... | KEV E | 94.34% |
| CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability | KEV E S | 94.34% |
| CVE-2017-5638 | The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has in... | KEV E S | 94.34% |
| CVE-2024-29824 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an... | KEV | 94.34% |
| CVE-2022-24112 | apisix/batch-requests plugin allows overwriting the X-REAL-IP header | KEV E M | 94.34% |
| CVE-2024-4879 | Jelly Template Injection Vulnerability in ServiceNow UI Macros | KEV | 94.34% |
| CVE-2024-50603 | An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the... | KEV E | 94.34% |
| CVE-2021-43798 | Grafana path traversal | E S | 94.33% |
| CVE-2021-44077 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCente... | KEV E S | 94.33% |
| CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchange... | KEV E | 94.33% |
| CVE-2013-2251 | Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via... | KEV E S | 94.33% |
| CVE-2021-26085 | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources... | KEV E | 94.33% |
| CVE-2024-24919 | Information disclosure | KEV S | 94.33% |
| CVE-2023-26360 | Adobe ColdFusion Improper Access Control Arbitrary code execution | KEV E S | 94.33% |
| CVE-2024-8963 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to ac... | KEV | 94.33% |
| CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | 94.32% |
| CVE-2016-1555 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardD... | KEV E S | 94.32% |
| CVE-2021-25646 | Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. | E M | 94.32% |
| CVE-2024-21893 | A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.... | KEV | 94.32% |
| CVE-2024-22024 | An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.... | | 94.32% |
| CVE-2024-9474 | PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface | KEV E S | 94.32% |
| CVE-2023-1671 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older... | KEV E | 94.32% |
| CVE-2019-12725 | Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occur... | E | 94.32% |
| CVE-2017-5689 | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKU... | KEV E S | 94.31% |
| CVE-2021-26295 | RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI | E S | 94.31% |
| CVE-2021-45046 | Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack | KEV S | 94.31% |
| CVE-2017-12149 | In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was foun... | KEV | 94.31% |
| CVE-2021-20038 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environme... | KEV E | 94.31% |
| CVE-2021-44515 | Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code exe... | KEV E S | 94.31% |
| CVE-2023-29298 | Adobe ColdFusion Improper Access Control Security feature bypass | KEV | 94.31% |
| CVE-2015-1635 | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows... | KEV E S | 94.31% |
| CVE-2022-27925 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archi... | KEV E | 94.31% |
| CVE-2020-5410 | Directory Traversal with spring-cloud-config-server | KEV | 94.31% |
| CVE-2016-4437 | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, ... | KEV E | 94.30% |
| CVE-2017-7494 | Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution... | KEV E S | 94.30% |
| CVE-2020-3187 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability | E | 94.30% |
| CVE-2010-2861 | Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 ... | KEV E | 94.30% |
| CVE-2016-6277 | NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7... | KEV E S | 94.30% |
| CVE-2023-38205 | ColdFusion Bypass - Vulnerability disclosure in ColdFusion | BYPASS CVE-2023-29298 | KEV | 94.30% |
| CVE-2019-7192 | This improper access control vulnerability allows remote attackers to gain unauthorized access to th... | KEV E | 94.30% |
| CVE-2023-36844 | Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables | KEV E S | 94.30% |
| CVE-2012-0158 | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in... | KEV S | 94.30% |
| CVE-2017-12611 | In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in... | E S | 94.30% |
| CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability | KEV E S | 94.29% |
| CVE-2016-3088 | The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uploa... | KEV E S | 94.29% |
| CVE-2021-3129 | Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker... | KEV E S | 94.29% |
| CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | 94.29% |
| CVE-2018-8174 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | KEV E S | 94.28% |
| CVE-2024-23692 | Rejetto HTTP File Server 2.3m Unauthenticated RCE | KEV E S | 94.28% |
| CVE-2020-11738 | The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) all... | KEV E | 94.28% |
| CVE-2024-4885 | WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability | KEV | 94.28% |
| CVE-2022-37042 | Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP arc... | KEV E S | 94.27% |
| CVE-2020-6207 | SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check... | KEV E | 94.27% |
| CVE-2021-36380 | Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharact... | KEV E | 94.27% |
| CVE-2021-33044 | The identity authentication bypass vulnerability found in some Dahua products during the login proce... | KEV E | 94.27% |
| CVE-2023-38203 | Analysis CVE-2023-29300 Bypass: Adobe ColdFusion Pre-Auth RCE | KEV S | 94.26% |
| CVE-2024-9463 | Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure | KEV S | 94.26% |
| CVE-2021-46422 | Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote... | E | 94.26% |
| CVE-2017-9791 | The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicio... | KEV E S | 94.26% |
| CVE-2011-2523 | vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on por... | E | 94.26% |
| CVE-2024-51567 | upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remot... | KEV E S | 94.26% |
| CVE-2022-26138 | The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluenc... | KEV S | 94.26% |
| CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability | KEV E S | 94.26% |
| CVE-2023-27350 | This vulnerability allows remote attackers to bypass authentication on affected installations of Pap... | KEV E | 94.26% |
| CVE-2024-4358 | Registration Authentication Bypass Vulnerability | KEV M | 94.25% |
| CVE-2023-23333 | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute ... | E | 94.25% |
| CVE-2020-0618 | A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it inco... | KEV E S | 94.25% |
| CVE-2022-27926 | A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of... | KEV | 94.25% |
| CVE-2024-27348 | Apache HugeGraph-Server: Command execution in gremlin | KEV E | 94.25% |
| CVE-2020-10189 | Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserializ... | KEV E | 94.25% |
| CVE-2017-8570 | Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects... | KEV E S | 94.25% |
| CVE-2021-26086 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular... | KEV E | 94.25% |
| CVE-2023-41266 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patc... | KEV | 94.25% |
| CVE-2024-9465 | Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure | KEV E S | 94.24% |
| CVE-2022-33891 | Apache Spark shell command injection vulnerability via Spark UI | KEV E M | 94.24% |
| CVE-2019-1003000 | A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/or... | E | 94.23% |
| CVE-2021-35587 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO A... | KEV | 94.23% |
| CVE-2019-2729 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web... | E S | 94.23% |
| CVE-2019-5418 | There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.1... | E S | 94.23% |
| CVE-2021-31755 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer ... | KEV E | 94.23% |
| CVE-2014-6287 | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer... | KEV E | 94.23% |
| CVE-2022-41040 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV E S | 94.23% |
| CVE-2019-0232 | When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.... | | 94.23% |
| CVE-2022-21371 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Cont... | E | 94.22% |
| CVE-2014-3704 | The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not... | E S | 94.22% |
| CVE-2024-28987 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability | KEV S | 94.22% |
| CVE-2014-6271 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environm... | KEV E S | 94.22% |
| CVE-2023-38646 | Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to exec... | | 94.22% |
| CVE-2021-27850 | Bypass of the fix for CVE-2019-0195 | E | 94.22% |
| CVE-2017-11610 | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x bef... | E | 94.22% |
| CVE-2015-7297 | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary... | E | 94.21% |
| CVE-2018-1273 | Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions... | KEV S | 94.21% |
| CVE-2017-15715 | In Apache httpd 2.4.0 to 2.4.29, the expression specified in | | 94.21% |
| CVE-2022-26352 | An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft ... | KEV E | 94.21% |
| CVE-2023-48788 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | KEV S | 94.21% |
| CVE-2014-4210 | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2... | | 94.21% |
| CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | 94.20% |
| CVE-2020-11652 | An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr... | KEV E | 94.20% |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CB... | S | 94.20% |
| CVE-2024-5217 | Incomplete Input Validation in GlideExpression Script | KEV | 94.20% |
| CVE-2021-40870 | An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a fi... | KEV E | 94.19% |
| CVE-2023-25194 | Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect | M | 94.19% |
| CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell... | E | 94.19% |
| CVE-2021-27905 | SSRF vulnerability with the Replication handler | M | 94.19% |
| CVE-2007-3010 | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 an... | KEV E | 94.19% |
| CVE-2019-7238 | Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.... | KEV | 94.18% |
| CVE-2021-27561 | Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall... | KEV | 94.18% |
| CVE-2016-5195 | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to ga... | KEV E S | 94.18% |
| CVE-2018-0798 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof... | KEV S | 94.18% |
| CVE-2018-11759 | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to... | | 94.17% |
| CVE-2022-28219 | Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack ... | E S | 94.17% |
| CVE-2017-5521 | An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, ... | KEV E | 94.17% |
| CVE-2017-5753 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho... | E S | 94.17% |
| CVE-2017-0148 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | 94.17% |
| CVE-2022-24816 | Improper Control of Generation of Code in jai-ext | KEV S | 94.16% |
| CVE-2016-4977 | When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to ... | | 94.16% |
| CVE-2022-42889 | Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults | M | 94.16% |
| CVE-2020-13927 | The previous default setting for Airflow's Experimental API was to allow all API requests without au... | KEV E | 94.16% |
| CVE-2024-31982 | XWiki Platform: Remote code execution as guest via DatabaseSearch | E S | 94.16% |
| CVE-2022-2487 | WAVLINK WN535K2/WN535K3 nightled.cgi os command injection | E | 94.16% |
| CVE-2024-45519 | The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 4... | KEV E | 94.15% |
| CVE-2021-34523 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV E S | 94.15% |
| CVE-2018-8120 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV E S | 94.15% |
| CVE-2017-12635 | Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible ... | E | 94.15% |
| CVE-2017-7921 | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 14072... | S | 94.14% |
| CVE-2019-9082 | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command E... | KEV E | 94.14% |
| CVE-2012-4681 | Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update ... | KEV E | 94.14% |
| CVE-2021-35211 | Serv-U Remote Memory Escape Vulnerability | KEV S | 94.14% |
| CVE-2018-9995 | TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night O... | E | 94.14% |
| CVE-2024-34102 | XXE can expose crypt key and other secrets granting full admin access | KEV E | 94.14% |
| CVE-2023-35885 | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.... | E | 94.13% |
| CVE-2008-4250 | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gol... | E S | 94.13% |
| CVE-2019-3929 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P f... | KEV E | 94.12% |
| CVE-2017-3881 | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisc... | KEV E | 94.12% |
| CVE-2023-46574 | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary cod... | E | 94.12% |
| CVE-2019-11043 | Underflow in PHP-FPM can lead to RCE | KEV E S | 94.11% |
| CVE-2023-36847 | Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | KEV S | 94.11% |
| CVE-2018-1000600 | A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... | | 94.11% |
| CVE-2023-36846 | Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files | KEV S | 94.11% |
| CVE-2018-10562 | An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host pa... | KEV E | 94.11% |
| CVE-2024-5932 | GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution | S | 94.10% |
| CVE-2022-2486 | WAVLINK WN535K2/WN535K3 os command injection | E | 94.10% |
| CVE-2018-0802 | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsof... | KEV E S | 94.10% |
| CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.... | KEV S | 94.10% |
| CVE-2017-12542 | A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) v... | E | 94.09% |
| CVE-2018-18809 | TIBCO JasperReports Library Directory Traversal Vulnerability | KEV E S | 94.09% |
| CVE-2012-1723 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update... | KEV | 94.09% |
| CVE-2023-20198 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI ... | KEV M | 94.09% |
| CVE-2023-52251 | An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arb... | E | 94.08% |
| CVE-2018-7490 | uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowin... | E | 94.08% |
| CVE-2024-45195 | Apache OFBiz: Confused controller-view authorization logic (forced browsing) | KEV S | 94.08% |
| CVE-2021-25281 | An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth crede... | E | 94.08% |
| CVE-2020-9054 | ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi | KEV E S | 94.07% |
| CVE-2021-45232 | security vulnerability on unauthorized access. | M | 94.07% |
| CVE-2014-6332 | OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2... | KEV E S | 94.07% |
| CVE-2019-10068 | An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.... | KEV E | 94.07% |
| CVE-2015-3306 | The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files vi... | E | 94.07% |
| CVE-2021-30128 | Unsafe deserialization in Apache OFBiz | S | 94.07% |
| CVE-2021-1498 | Cisco HyperFlex HX Command Injection Vulnerabilities | KEV E | 94.06% |
| CVE-2020-14181 | Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerat... | E | 94.06% |
| CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is d... | KEV E S | 94.05% |
| CVE-2015-7450 | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastruct... | KEV E | 94.05% |
| CVE-2023-1389 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injec... | KEV E | 94.05% |
| CVE-2018-20062 | An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to e... | KEV E | 94.05% |
| CVE-2019-16057 | The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injectio... | KEV E | 94.05% |
| CVE-2020-13942 | Remote Code Execution in Apache Unomi | E | 94.05% |
| CVE-2021-29441 | Authentication bypass | E S | 94.05% |
| CVE-2023-46359 | An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, m... | E | 94.05% |
| CVE-2017-1000486 | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution... | KEV E | 94.04% |
| CVE-2025-0108 | PAN-OS: Authentication Bypass in the Management Web Interface | KEV E S | 94.04% |
| CVE-2016-3081 | Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invo... | E S | 94.04% |
| CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows ... | KEV E S | 94.04% |
| CVE-2024-55591 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiO... | KEV S | 94.03% |
| CVE-2021-37580 | Apache ShenYu Admin bypass JWT authentication | | 94.03% |
| CVE-2012-2122 | sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and... | E S | 94.03% |
| CVE-2020-25078 | An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices... | S | 94.03% |
| CVE-2018-2894 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS... | S | 94.03% |
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | KEV E S | 94.03% |
| CVE-2015-4000 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a ... | S | 94.03% |
| CVE-2014-8361 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a craf... | KEV E | 94.03% |
| CVE-2020-10220 | An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via ... | E | 94.02% |
| CVE-2017-0143 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | 94.02% |
| CVE-2023-47253 | Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/... | E | 94.02% |
| CVE-2021-42278 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | 94.02% |
| CVE-2018-12613 | An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and... | E | 94.02% |
| CVE-2017-15944 | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before ... | KEV E | 94.02% |
| CVE-2017-5645 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s... | S | 94.01% |
| CVE-2020-13945 | In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rul... | E S | 94.01% |
| CVE-2020-14864 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middle... | KEV | 94.01% |
| CVE-2019-18818 | strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Au... | E | 94.01% |
| CVE-2024-20767 | ColdFusion | Improper Access Control (CWE-284) | KEV | 94.00% |
| CVE-2021-29442 | Authentication bypass | E S | 94.00% |
| CVE-2015-8562 | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection atta... | E | 94.00% |
| CVE-2023-51467 | Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability | S | 94.00% |
| CVE-2024-50623 | In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an ... | KEV | 93.99% |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a... | KEV E S | 93.99% |
| CVE-2023-34960 | A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 al... | | 93.99% |
| CVE-2020-9496 | XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache O... | E | 93.99% |
| CVE-2021-22502 | Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affectin... | KEV E | 93.98% |
| CVE-2017-9798 | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive ... | E S | 93.98% |
| CVE-2019-20933 | InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in ser... | S | 93.98% |
| CVE-2024-4956 | Nexus Repository 3 - Path Traversal | | 93.98% |
| CVE-2024-21683 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Conflu... | | 93.97% |
| CVE-2009-0927 | Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 b... | KEV E S | 93.97% |
| CVE-2019-3398 | Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments r... | KEV E S | 93.97% |
| CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other product... | E | 93.96% |
| CVE-2010-3333 | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 201... | KEV S | 93.96% |
| CVE-2024-51378 | getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allow... | KEV E S | 93.96% |
| CVE-2021-42287 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | 93.95% |
| CVE-2024-10924 | Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass | S | 93.95% |
| CVE-2019-16313 | ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source... | E | 93.95% |
| CVE-2023-0297 | Code Injection in pyload/pyload | E S | 93.95% |
| CVE-2022-36537 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive info... | KEV S | 93.95% |
| CVE-2019-16663 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sendin... | E | 93.95% |
| CVE-2018-16763 | FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ dat... | E S | 93.94% |
| CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability | KEV S | 93.94% |
| CVE-2022-21500 | Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is ... | S | 93.93% |
| CVE-2019-10149 | A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address... | KEV E S | 93.93% |
| CVE-2021-40323 | Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method... | S | 93.93% |
| CVE-2010-2883 | Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x befo... | KEV | 93.93% |
| CVE-2019-1003002 | A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-... | E | 93.92% |
| CVE-2020-0601 | A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve ... | KEV S | 93.92% |
| CVE-2021-31805 | Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. | S | 93.92% |
| CVE-2015-1427 | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attac... | KEV E S | 93.92% |
| CVE-2024-41713 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 F... | KEV | 93.91% |
| CVE-2009-0545 | cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary com... | E S | 93.91% |
| CVE-2021-29200 | RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI | S | 93.91% |
| CVE-2024-45216 | Apache Solr: Authentication bypass possible using a fake URL Path ending | | 93.90% |
| CVE-2021-42258 | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated r... | KEV E | 93.90% |
| CVE-2021-35394 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is... | KEV E S | 93.90% |
| CVE-2017-8759 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to exec... | KEV E S | 93.89% |
| CVE-2024-28255 | Authentication Bypass in OpenMetadata | | 93.89% |
| CVE-2023-49070 | Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present | S | 93.89% |
| CVE-2017-12629 | Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting X... | E | 93.89% |
| CVE-2024-0305 | Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure | E | 93.89% |
| CVE-2016-3427 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRocki... | KEV S | 93.88% |
| CVE-2023-7028 | Weak Password Recovery Mechanism for Forgotten Password in GitLab | KEV E S | 93.88% |
| CVE-2016-3714 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in I... | KEV E S | 93.88% |
| CVE-2007-5659 | Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to ex... | KEV | 93.88% |
| CVE-2017-1000028 | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthentic... | E | 93.87% |
| CVE-2018-2893 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS... | S | 93.87% |
| CVE-2018-17246 | Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plug... | | 93.86% |
| CVE-2023-37580 | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.... | KEV S | 93.86% |
| CVE-2020-25506 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi compon... | KEV E | 93.86% |
| CVE-2023-28432 | Minio Information Disclosure in Cluster Deployment | KEV E | 93.86% |
| CVE-2020-24186 | A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for W... | E | 93.86% |
| CVE-2012-0392 | The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit... | E | 93.85% |
| CVE-2010-1871 | JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux... | KEV | 93.85% |
| CVE-2022-1471 | Remote Code execution in SnakeYAML | E | 93.85% |
| CVE-2013-4547 | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restric... | M | 93.84% |
| CVE-2019-0230 | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag... | E S | 93.84% |
| CVE-2021-21315 | Command Injection Vulnerability | KEV S | 93.84% |
| CVE-2021-35395 | Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management int... | KEV E S | 93.83% |
| CVE-2019-20500 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability vi... | KEV E S | 93.83% |
| CVE-2008-2992 | Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to... | KEV E S | 93.82% |
| CVE-2020-12720 | vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access con... | | 93.82% |
| CVE-2023-6875 | The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl... | | 93.82% |
| CVE-2020-5847 | Unraid through 6.8.0 allows Remote Code Execution.... | KEV E | 93.81% |
| CVE-2021-1499 | Cisco HyperFlex HX Data Platform File Upload Vulnerability | E | 93.81% |
| CVE-2017-0146 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | 93.81% |
| CVE-2022-22536 | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Con... | KEV | 93.81% |
| CVE-2021-33045 | The identity authentication bypass vulnerability found in some Dahua products during the login proce... | KEV E | 93.81% |
| CVE-2023-25157 | Unfiltered SQL Injection Vulnerabilities in Geoserver | S | 93.81% |
| CVE-2024-36104 | Apache OFBiz: Path traversal leading to a RCE | M | 93.81% |
| CVE-2021-34429 | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using s... | E S | 93.80% |
| CVE-2023-29084 | Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injec... | | 93.80% |
| CVE-2022-36446 | software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.... | E S | 93.80% |
| CVE-2019-1003001 | A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/o... | E | 93.79% |
| CVE-2019-18394 | A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfir... | S | 93.79% |
| CVE-2023-28343 | OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the... | E | 93.79% |
| CVE-2024-7954 | SPIP porte_plume Plugin Arbitrary PHP Execution | E | 93.78% |
| CVE-2015-3035 | Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) w... | KEV E | 93.78% |
| CVE-2024-21412 | Internet Shortcut Files Security Feature Bypass Vulnerability | KEV S | 93.78% |
| CVE-2012-0394 | The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, all... | E | 93.77% |
| CVE-2022-43769 | Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | KEV E | 93.77% |
| CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | KEV S | 93.77% |
| CVE-2024-1512 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vuln... | | 93.76% |
| CVE-2018-6530 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_... | KEV E | 93.76% |
| CVE-2018-1207 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which coul... | | 93.76% |
| CVE-2021-20837 | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable T... | E | 93.76% |
| CVE-2023-22952 | In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the Emai... | KEV E | 93.76% |
| CVE-2012-0507 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV E | 93.75% |
| CVE-2020-1956 | Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate ... | KEV E S | 93.75% |
| CVE-2020-2883 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S... | KEV | 93.74% |
| CVE-2020-0674 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV E S | 93.74% |
| CVE-2022-41080 | Microsoft Exchange Server Elevation of Privilege Vulnerability | KEV S | 93.74% |
| CVE-2019-11539 | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX befor... | KEV E | 93.74% |
| CVE-2017-18368 | The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline ... | KEV E | 93.74% |
| CVE-2023-32235 | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder... | S | 93.74% |
| CVE-2021-21972 | The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin... | KEV E | 93.74% |
| CVE-2023-45852 | In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authenti... | E | 93.74% |
| CVE-2011-0611 | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and e... | KEV E S | 93.74% |
| CVE-2023-37679 | A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to e... | E | 93.73% |
| CVE-2021-20124 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu... | KEV E | 93.73% |
| CVE-2023-38831 | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a ... | KEV E | 93.73% |
| CVE-2017-12636 | CouchDB administrative users can configure the database server via HTTP(S). Some of the configuratio... | E | 93.73% |
| CVE-2024-1698 | The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With ... | E S | 93.72% |
| CVE-2020-15227 | Remote Code Execution vulnerability | | 93.72% |
| CVE-2013-2423 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update... | KEV E S | 93.71% |
| CVE-2016-10045 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameter... | E S | 93.71% |
| CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register... | KEV E | 93.71% |
| CVE-2025-24813 | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | KEV E | 93.71% |
| CVE-2020-2096 | Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint... | E | 93.71% |
| CVE-2021-2109 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console)... | E | 93.70% |
| CVE-2024-29973 | ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in ... | E | 93.70% |
| CVE-2023-26469 | In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the s... | E | 93.69% |
| CVE-2024-22120 | Time Based SQL Injection in Zabbix Server Audit Log | | 93.69% |
| CVE-2019-17382 | An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An ... | E | 93.69% |
| CVE-2019-9193 | In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in t... | E | 93.69% |
| CVE-2022-2992 | A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 1... | | 93.68% |
| CVE-2018-18925 | Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demo... | S | 93.67% |
| CVE-2024-29059 | .NET Framework Information Disclosure Vulnerability | KEV | 93.67% |
| CVE-2018-10823 | An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, ... | E | 93.65% |
| CVE-2010-1297 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Ad... | KEV E | 93.65% |
| CVE-2019-19824 | On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS co... | E | 93.65% |
| CVE-2019-20085 | TVT NVMS-1000 devices allow GET /.. Directory Traversal... | KEV E | 93.65% |
| CVE-2009-4324 | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and... | KEV E | 93.65% |
| CVE-2013-0422 | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra... | KEV | 93.65% |
| CVE-2018-14847 | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and r... | KEV E M | 93.64% |
| CVE-2018-1335 | From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server t... | E | 93.64% |
| CVE-2017-8464 | Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1... | KEV E S | 93.64% |
| CVE-2017-3066 | Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Updat... | KEV E S | 93.64% |
| CVE-2023-32243 | WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation | E S | 93.64% |
| CVE-2024-25600 | WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability | E S | 93.64% |
| CVE-2013-2248 | Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers ... | | 93.64% |
| CVE-2024-6782 | Calibre Remote Code Execution | S | 93.62% |
| CVE-2021-36942 | Windows LSA Spoofing Vulnerability | KEV E S | 93.62% |
| CVE-2019-0193 | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases... | KEV S | 93.61% |
| CVE-2022-27593 | DeadBolt Ransomware | KEV S | 93.61% |
| CVE-2023-1698 | WAGO: WBM Command Injection in multiple products | | 93.61% |
| CVE-2024-11680 | ProjectSend Unauthenticated Configuration Modification | KEV E S | 93.61% |
| CVE-2022-22972 | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypa... | | 93.60% |
| CVE-2018-3760 | There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3... | S | 93.60% |
| CVE-2012-4969 | Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Exp... | KEV S | 93.58% |
| CVE-2020-35847 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword func... | E S | 93.58% |
| CVE-2012-0754 | Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and S... | KEV S | 93.58% |
| CVE-2020-1350 | A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to... | KEV S | 93.58% |
| CVE-2023-40477 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability | | 93.58% |
| CVE-2020-26217 | Remote Code Execution in XStream | E S | 93.57% |
| CVE-2017-0145 | The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; ... | KEV E S | 93.56% |