Lucene search
K

591486 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.67 views

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

8.8CVSS9.1AI score0.9767EPSS
Exploits6References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.92 views

IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution

IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations...

9.8CVSS9.2AI score0.99968EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.549 views

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS9.6AI score0.98342EPSS
Exploits7References6
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.22 views

Sophos Firewall <= 19.0 MR1 - Remote Code Execution

Sophos Firewall version v19.0 MR1 and older is vulnerable to code injection in the User Portal and Webadmin, allowing a remote unauthenticated attacker to execute arbitrary code. id: CVE-2022-3236 info: name: Sophos Firewall = 19.0 MR1 - Remote Code Execution author: daffainfo severity: critical...

9.8CVSS9.3AI score0.98905EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.56 views

Confluence - Remote Code Execution

Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. id: CVE-2022-26134 info: name: Confluence - Remote Code Execution author: pdteam,jbertman severity: critical description: | Confluence Server and Data Center is susceptible to an...

9.8CVSS9.2AI score0.99999EPSS
Exploits75References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.25 views

Open Web Analytics 1.7.3 - Remote Code Execution

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS8.4AI score0.99134EPSS
Exploits14References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.80 views

Sonicwall - Pre-Authentication Arbitrary File Read

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

9.1CVSS8.7AI score0.99957EPSS
Exploits1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.142 views

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 and earlier, 2021u7 and earlier and 2023u1 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-38203 info: name:...

9.8CVSS8.9AI score0.97003EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.50 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS9.1AI score0.87575EPSS
Exploits2References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.60 views

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

9.8CVSS7.9AI score0.93546EPSS
Exploits27References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.48 views

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

8.8CVSS8.6AI score0.99999EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.210 views

Atlassian Confluence - Remote Code Execution

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

10CVSS8.7AI score0.99984EPSS
Exploits31References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.103 views

XWiki Platform - Remote Code Execution

Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1. id: CVE-2025-24893 info: name: XWiki...

9.8CVSS9AI score0.99898EPSS
Exploits50References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.43 views

React Server Components - Remote Code Execution

React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting...

10CVSS8.7AI score0.99562EPSS
Exploits372References8
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.228 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

9.8CVSS7.9AI score0.99964EPSS
Exploits35References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.33 views

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. id: CVE-2018-19276 info: name: OpenMRS Platform 2.24.0 - Insecure Object...

10CVSS8.8AI score0.98811EPSS
Exploits10References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.869 views

Microsoft Windows 'HTTP.sys' - Remote Code Execution

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." id: CVE-2015-1635 info: name: Microsoft...

10CVSS9.1AI score0.99999EPSS
Exploits16References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.89 views

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests ca...

9.8CVSS8.8AI score0.99964EPSS
Exploits62References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.103 views

Apache 2.4.49 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed...

9.8CVSS8.1AI score0.99992EPSS
Exploits148References6
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.6 views

CVE-2026-47140

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically process and inspector/promises. A...

10CVSS5.6AI score0.00536EPSS
Exploits0References6
Rows per page
Query Builder