74584 matches found
CVE-2021-31979
Windows Kernel Elevation of Privilege Vulnerability Recent assessments: gwillcox-r7 at July 14, 2021 5:35pm UTC reported: Update : Looks like this was used by the exploit brokerage company Candiru along with CVE-2021-33771 to deliver spyware to targeted users, which according to Microsoft’s blog...
CVE-2021-31195
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198. Recent assessments: NinjaOperator at August 09, 2021 8:19pm UTC reported: PoC is publicly available Microsoft has already patched this vulnerabilities and exploitation has not been observed...
CVE-2019-7192
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...
CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability
This is a Privilege Escalation vulnerability in how all modern versions of Windows and appears to relate to a function in splwow64.exe. Very little has been released on the technical details of the vulnerability, but the affects are fairly large. All versions of Windows after Server 2008 R2 are...
CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Recent assessments: gwillcox-r7 at November 22, 2020 3:02am UTC reported: Reported as exploited in the wild as part of...
CVE-2018-19518
University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...
CVE-2018-15887
MainAnalysisContent.asp in ASUS DSL-N12EC1 1.1.2.3345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. Recent assessments:...
CVE-2012-1723
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...
CVE-2026-6352
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...
CVE-2023-28760
TP-Link AX1800 WiFi 6 Router Archer AX21 devices allow unauthenticated attackers on the LAN to execute arbitrary code as root via the dbdir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in...
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
CVE-2022-34713
Microsoft Windows Support Diagnostic Tool MSDT Remote Code Execution Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-27926
A reflected cross-site scripting XSS vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration aka ZCS 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
CVE-2022-0847
A flaw was found in the way the “flags” member of the new pipe buffer structure was lacking proper initialization in copypagetoiterpipe and pushpipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach...
CVE-2022-26487
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26143. Reason: This candidate is a reservation duplicate of CVE-2022-26143. Notes: All CVE users should reference CVE-2022-26143 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2021-22600
A double free bug in packetsetring in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 Recent assessments:...
CVE-2021-42291
Active Directory Domain Services Elevation of Privilege Vulnerability...
CVE-2021-34486
Windows Event Tracing Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Webmin password_change.cgi Command Injection
An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability. Recent assessments: wvu-r7 at August 21, 2019 3:12am UTC reported: This was a supply chain attack: http://www.webmin.com/exploit.html. The backdoor was introduced in a...
CVE-2025-12506
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...
CVE-2023-36761
Microsoft Word Information Disclosure Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-42475
A heap-based buffer overflow vulnerability CWE-122 in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute...
CVE-2022-22674
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. Recent...
CVE-2022-25064
TP-LINK TL-WR840NESV6.20180709 was discovered to contain a remote code execution RCE vulnerability via the function oalwan6setIpAddr...
CVE-2022-25081
TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...
CVE-2022-21887
Win32k Elevation of Privilege Vulnerability...
CVE-2021-26868
Windows Graphics Component Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs
Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network VPN implementations primarily used to provide remote access to operational technology OT networks. The vulnerabilities could allow unauthenticated attacke...
CVE-2020-16916
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...
CVE-2020-8835
In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the...
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1idlist parameter. Recent assessments: Leafry at January 18, 2021 11:27pm UTC reported: This exploit is ok. When running...
CVE-2012-1823
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...
CVE-2024-21762
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...
CVE-2023-38205
Adobe ColdFusion versions 2018u18 and earlier, 2021u8 and earlier and 2023u2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...
CVE-2023-23529
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this...
CVE-2022-20933
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of...
CVE-2022-2488
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlistsync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used...
CVE-2021-36948
Windows Update Medic Service Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-32722
GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load...
CVE-2021-31755
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. Recent assessments: noraj at June 22, 2021 4:56pm UTC reported: The uploaded file must have an image magic byte eg. GIF in order to match...
CVE-2020-0683
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0686. Recent assessments: J3rryBl4nks at March 03, 2020 3:13pm UTC reported: This...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of...
CVE-2017-7921
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 ...
CVE-2017-8291
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a “/OutputFile %pipe%” substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Recent assessments: gwillcox-r7 at...
CVE-2023-20198
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issue...
CVE-2023-20263
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...
CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize, the resulting image could have embedded the content of an arbitrary. file if the magick binary has permissions to read it. Recent assessments: MadDud at February 03, 2023 2:34pm UTC reported...
CVE-2022-36537
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. Recent assessments: ccondon-r7 at March 01, 2023 6:39pm UTC reported: The core vuln here is an info leak in ZK Framework, which ...