Lucene search
K

1310 matches found

OSV
OSV
added 2022/12/05 10:15 p.m.12 views

CVE-2022-45912

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

7.2CVSS8AI score
Exploits0References1
Prion
Prion
added 2022/12/05 10:15 p.m.24 views

Remote code execution

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

5.8CVSS7.6AI score0.0114EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.4 views

PT-2022-26086 · Kyocera · Taskalfa 255C +34

Name of the Vulnerable Software and Affected Versions: Kyocera Document Solutions MFPs and printers versions TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa...

4.8CVSS6.2AI score0.00823EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.26 views

CVE-2022-45912

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

7.8AI score0.0114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.5 views

PT-2022-27681 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 9.0 Description: An issue was discovered in Zimbra Collaboration, allowing remote code execution through the ClientUploader utility by an authenticated admin user. The admin user can upload fil...

7.2CVSS7.2AI score0.0114EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.10 views

CVE-2022-45912

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

8AI score0.0114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.6 views

PT-2022-26946 · Shirasagi · Shirasagi

Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to v1.16.2 Description: A stored cross-site scripting issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script. Recommendations: For versions prior to v1.16.2, update t...

5.4CVSS5.1AI score0.00826EPSS
Exploits1References7
CVE
CVE
added 2022/11/30 12:0 a.m.66 views

CVE-2022-38802

CVE-2022-38802 affects Zkteco BioTime

6.2CVSS5.8AI score0.00639EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/11/25 4:15 p.m.4 views

CVE-2022-38377

An improper access control vulnerability CWE-284 in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and...

2.7CVSS5.8AI score0.0055EPSS
Exploits0References1
CVE
CVE
added 2022/11/18 12:0 a.m.82 views

CVE-2022-42904

CVE-2022-42904 affects Zoho ManageEngine ADManager Plus (versions up to 7151). The vulnerability allows an authenticated administrator to execute commands in the proxy settings, representing a potential remote/local command execution in the agent/management interface as described across multiple ...

7.2CVSS7AI score0.0767EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.7 views

CVE-2022-42904

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings...

7.1AI score0.0767EPSS
Exploits0References1
OSV
OSV
added 2022/11/02 12:15 p.m.3 views

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

6.5CVSS5.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2022/10/12 8:15 p.m.3 views

CVE-2022-32484

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

4.4CVSS5.8AI score0.00163EPSS
Exploits0References1
OSV
OSV
added 2022/10/11 6:15 p.m.3 views

CVE-2021-36899

Authenticated admin+ Reflected Cross-Site Scripting XSS vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin = 1.3.8.4 at WordPress...

4.8CVSS5.8AI score0.00442EPSS
Exploits0References2
OSV
OSV
added 2022/09/30 5:15 p.m.3 views

CVE-2021-36830

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Comment Guestbook plugin = 0.8.0 at WordPress...

4.8CVSS5.8AI score0.00396EPSS
Exploits0References2
OSV
OSV
added 2022/09/30 5:15 p.m.1 views

CVE-2021-36839

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Social Media Follow Buttons Bar plugin = 4.73 at WordPress...

4.8CVSS5.8AI score0.00396EPSS
Exploits0References2
OSV
OSV
added 2022/09/23 2:15 p.m.3 views

CVE-2022-38703

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Max Foundry Button Plugin MaxButtons plugin = 9.2 at WordPress...

4.8CVSS5.8AI score0.00413EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.4 views

WordPress Plugin Wordfence Security – Firewall & Malware Scan 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.9AI score0.00613EPSS
Exploits0References4
OSV
OSV
added 2022/09/12 7:15 p.m.4 views

CVE-2022-31225

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures...

5.1CVSS5.8AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2022/09/12 7:15 p.m.3 views

CVE-2022-31223

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system...

2.3CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder