CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the ‘NTPServerIP’ HTTP POST parameter in system.cgi page. This issue affects several...

CVE-2020-5847

Unraid through 6.8.0 allows Remote Code Execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabcappointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. Recent assessments: kevthehermit at March 05, 2020 10:29am UTC reported: This plugin i...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request. Recent assessments: horshark at March 09, 2020 8:13pm UTC reported: Recap Nothing deep, passwords are sent using Base64. Requires Ability to monitor networking traffic during user authentification. Loot...

CVE-2020-9339

SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Recent assessments: horshark at March 09, 2020 8:38pm UTC reported: Recap Javascript execution. Where On the ip/www/status.php page, you can execute Javascript in the name and comment fields. Assessed Attacker Value: 2 Assessed...

CVE-2019-19452

A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers including low integrity processes can exploit this to gain NT AUTHORITY\SYSTEM privileges. Recent assessments: FULLSHADE at April 21, 2020 3:30pm UTC reported: Overview A...

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

CA Unified Infrastructure Management Nimsoft/UIM 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system. Recent assessments: busterb at August 04, 2020 5:44pm UTC reported:...

CVE-2019-17519

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet. Recent assessments: pbarry25 at April 19, 2020 2:45am UTC reported: This...

CVE-2020-8510

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en user+perms+lang, one can login as any user without a password. Recent assessments: horshark at March 09, 2020 8:27pm UTC reported: CVE in SourceForge project phpABoo...

Metasploit Pro 4.16 and earlier install the web server SSL server.key as local-user readable by default

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

CVE-2019-18187

Trend Micro OfficeScan versions 11.0 and XG 12.0 could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution RCE. The remote process...

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. Recent assessments: ericalexanderorg at August 04, 2020 4:44pm UTC reported: More detail: Stupid easy GET...

CVE-2019-11773

Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Recent assessments: timb-machine at March 05, 2021 12:22am UTC reported: Unlikely to be setUID, unlikely that you will have write control over the vulnerable...

Supra Smart Cloud TV Remote File Inclusion

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI. Recent assessments: pbarry-r7 at November 20, 2019 11:40pm UTC reported: Have to be on...

CVE-2019-14314

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via...

CVE-2019-11771

AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. Recent assessments: timb-machine at March 05, 2021 12:25am UTC reported: Unlikely to be setUID, unlikely that you will have write control over the vulnerabl...

CVE-2019-1892

Cisco Small Business 200/300/500 Series Managed Switch HTTPS validation allows a memory corruption DoS Recent assessments: bwatters-r7 at July 09, 2019 5:54pm UTC reported: This is a memory corruption vulnerability that allows an attacker to send a malformed HTTPS packet, which will then generate...

Atlassian BitBucket Data Center Migration Tool Directory Traversal Vulnerability

Bitbucket Data Center is the on-premises Git repository management solution for larger enterprises that require high availability and performance at scale. It uses a cluster of Bitbucket server nodes and is designed in your own data center. A vulnerability was found in the Data Center’s migration...

CVE-2018-14839

LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code remote. The attack vector is: HTTP POST with parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

CVE-2019-17388

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications. Recent assessments: kevthehermit at March 05, 2020 9:34am UTC reported: V...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2018-0125

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The...

Ayukov NFTP FTP Client Stack Buffer Overflow Analysis

Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: Details Ayukov is an FTP client that was written by Sergey Ayukov back in 1994. Development stopped in 2011, and...

CVE-2017-3506

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HT...

CVE-2017-6527

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user by using the viewAppletFsa.cgi seqID parameter. Recent assessments: h00die at Mar...

vBulletin 5 Connect 5.1.2 through 5.1.9 PHP object injection attack

The vBApiHook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. Recent assessments: busterb ...

CVE-2014-0930

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service system crash or obtain sensitive information from kernel memory via a crafted PTLDINFO operation. Recent assessments: timb-machine at March 05, 2021 12:47am UTC reported: Assessed...

DameWare Support Control fgets Vulnerability

Stack-based buffer overflow in the “Add from text file” feature in the DameWare Exporter tool DWExporter.exe in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. Recent assessments: wchen-r7 at September 12...

CVE-2013-4800 HP LoadRunner magentproc.exe Overflow

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: - Looks like this has changed. Assessed Attacker Value: 0 Assessed Attacker Valu...

CVE-2013-3576

ginkgosnmp.inc in HP System Management Homepage SMH allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATHINFO to smhutil/snmpchp.php.en. Recent assessments: theguly at February 28, 2020 4:42pm UTC reported: this product runs as SYSTEM by default, and...

CVE-2012-2539

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted RTF data, aka “Word RTF ‘listoverridecount’ Remote...

CVE-2009-0563

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word,...

CVE-2004-0210

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

CVE-2026-27818

TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue...

CVE-2026-26278

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible ...

CVE-2025-54149

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central...

CVE-2025-22225

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox. Recent assessments: remmons-r7 at January 13, 2026 1:24am UTC reported: CVE-2025-22225 is an arbitrary write...

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

CVE-2024-5457

The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands. Recent assessments: Assessed Attacker...

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN...

CVE-2023-39062

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...

CVE-2023-21237

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2022-38028

Windows Print Spooler Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2021-31956

Windows NTFS Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2020-1985

Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. Recent assessments: xFreed0m at April 10, 2020 3:06pm UTC reported: CVE-2020-1985...

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...