Lucene search
K

591488 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.52 views

F5 iControl REST - Remote Command Execution

F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...

10CVSS9AI score0.99898EPSS
Exploits20References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.71 views

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741...

9.8CVSS9.2AI score0.93514EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.107 views

Apache Tomcat Path Equivalence - Remote Code Execution

Path Equivalence- 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. id: CVE-2025-24813 info: name: Apache Tomcat Path Equivalence - Remote Code Execution...

10CVSS8.7AI score0.99945EPSS
Exploits46References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.22 views

Cisco ISE - Remote Code Execution

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to...

10CVSS9.2AI score0.96732EPSS
Exploits10References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.54 views

Adobe ColdFusion - Pre-Auth Remote Code Execution

Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-29300 info:...

9.8CVSS8.9AI score0.99984EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.26 views

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. id: CVE-2023-23333 info: name: SolarView Compact 6.00 - OS Command Injection author: Mr-xn severity: critical description: ...

9.8CVSS8.5AI score0.99273EPSS
Exploits9References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.20 views

ProjectSend <= r1605 - Improper Authorization

An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...

9.8CVSS9.3AI score0.91559EPSS
Exploits4References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.39 views

Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. id: CVE-2024-7399 info: name: Samsung MagicINFO 9 Server 21.1050.0 - Remote Code Execution author:...

9.8CVSS8.9AI score0.91941EPSS
Exploits3References1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.131 views

ServiceNow UI Macros - Template Injection

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS8.8AI score0.99976EPSS
Exploits8References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.81 views

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

9.8CVSS8.7AI score0.99442EPSS
Exploits7References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.67 views

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

8.8CVSS9.1AI score0.9767EPSS
Exploits6References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.92 views

IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution

IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations...

9.8CVSS9.2AI score0.99968EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.549 views

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS9.6AI score0.98342EPSS
Exploits7References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.22 views

Sophos Firewall <= 19.0 MR1 - Remote Code Execution

Sophos Firewall version v19.0 MR1 and older is vulnerable to code injection in the User Portal and Webadmin, allowing a remote unauthenticated attacker to execute arbitrary code. id: CVE-2022-3236 info: name: Sophos Firewall = 19.0 MR1 - Remote Code Execution author: daffainfo severity: critical...

9.8CVSS9.3AI score0.98905EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.56 views

Confluence - Remote Code Execution

Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. id: CVE-2022-26134 info: name: Confluence - Remote Code Execution author: pdteam,jbertman severity: critical description: | Confluence Server and Data Center is susceptible to an...

9.8CVSS9.2AI score0.99999EPSS
Exploits75References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.25 views

Open Web Analytics 1.7.3 - Remote Code Execution

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS8.4AI score0.99134EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.80 views

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS8.7AI score0.99957EPSS
Exploits1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.142 views

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-38203 info: name:...

9.8CVSS8.9AI score0.97003EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.50 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS9.1AI score0.87575EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.60 views

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

9.8CVSS7.9AI score0.93546EPSS
Exploits27References5
Rows per page
Query Builder