13538 matches found
Zoho ManageEngine ADManager Plus Arbitrary File Upload (CVE-2021-20130)
An unrestricted file upload vulnerability exists in ManageEngine ADManager Plus. The vulnerability is due to lack of validation of uploaded files in PasswordExpiryAction class...
Apache ShenYu Admin Authentication Bypass (CVE-2021-37580)
A authentication bypass vulnerability exists in the Apache ShenYu Admin. The vulnerability is due to improper handling of the incoming HTTP requests...
WordPress LearnPress Plugin Cross-Site Scripting (CVE-2021-39348)
A stored cross-site scripting vulnerability exists in LearnPress Plugin for WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in Profile Settings page...
WordPress Download Manager Plugin Cross-Site Scripting (CVE-2021-24773)
A stored cross-site scripting vulnerability exists in Download Manager Plugin for WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in Attach File section...
Schneider Electric Struxureware Data Center Expert Directory Traversal (CVE-2021-22794)
A directory traversal vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...
Kaseya VSA Remote Code Execution (CVE-2021-30116)
A remote code execution vulnerability exists in Kaseya VSA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)
A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Grafana Cross-site Scripting (CVE-2021-41174)
A cross-site scripting vulnerability exists in Grafana. The vulnerability is due to insufficient validation of user input in the URI path...
Victure WR1200 WiFi Router Command Injection (CVE-2021-43283)
A command injection vulnerability exists in Victure WR1200 WiFi Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Tenda AC-10U AC1200 Router Denial of Service (CVE-2020-22079)
A denial-of-service vulnerability exists in Tenda AC-10U AC1200 Router. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Ericsson Network Location Command Injection (CVE-2021-43339)
A command injection vulnerability exists in Ericsson Network Location. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Pulse Connect Secure Command Injection (CVE-2020-8243)
A command injection vulnerability exists in Pulse Connect Secure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Advantech WebAccess HMI Designer Buffer Overflow (CVE-2021-33000)
A buffer overflow vulnerability exists in the project management file parsing component of Advantech WebAccess HMI Designer. The vulnerability is due to lack of proper validation while processing user supplied NMultistateLamp object data...
Grafana Snapshot Feature Information Disclosure (CVE-2021-39226)
An information disclosure vulnerability exists in Grafana Snapshot Feature. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
rConfig SQL Injection (CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)
An SQL injection vulnerability exists in rConfig. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Hide My WP Plugin SQL Injection (CVE-2021-36916)
An SQL injection vulnerability exists in WordPress Hide My WP Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Hotel Druid SQL Injection (CVE-2021-37832)
An SQL injection vulnerability exists in Hotel Druid. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress WP Data Access Plugin SQL Injection (CVE-2021-24866)
An SQL injection vulnerability exists in WordPress WP Data Access plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Zoho ManageEngine Network Configuration Manager SQL Injection (CVE-2021-41081)
An SQL injection vulnerability exists in Zoho ManageEngine Network Configuration Manager. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Apache Log4j Denial Of Service (CVE-2021-45105)
A denial of service vulnerability exists in Apache Log4. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
VINGA WR-N300U Router Command Injection (CVE-2021-43469)
A command injection vulnerability exists in VINGA WR-N300U Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Exchange Server Security Feature Authentication Bypass (CVE-2021-31207)
An authentication bypass vulnerability exists in Microsoft Exchange Server. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Dnnsoftware DotNetNuke Remote Code Execution (CVE-2018-15811)
A Remote Code Execution vulnerability exists in Dnnsoftware DotNetNuke. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Dolibarr Website Builder Remote Code Execution (CVE-2021-33816)
A remote code execution vulnerability exists in Dolibarr Website Builder module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Duplicate Post Plugin SQL Injection (CVE-2021-43408)
An SQL injection vulnerability exists in WordPress Duplicate Post Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Sourcecodester Online Event Booking and Reservation System SQL Injection (CVE-2021-42667)
An SQL injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43207)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Installer Elevation of Privilege (CVE-2021-43883)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43226)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Remote Desktop Client Remote Code Execution (CVE-2021-43233)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Print Spooler Elevation of Privilege (CVE-2021-41333)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ExifTool Remote Code Execution (CVE-2021-22204)
A remote code execution vulnerability exists in ExifTool. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
SAP NetWeaver Directory Traversal (CVE-2016-3976)
A directory traversal vulnerability exists in SAP NetWeaver. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)
A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Aerohive Networks HiveOS Remote Code Execution (CVE-2020-16152)
A remote code execution vulnerability exists in Aerohive Networks HiveOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
TP-Link TL-WR840N Router Command Injection (CVE-2021-41653)
A command injection vulnerability exists in TP-Link TL-WR840N Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Grafana Directory Traversal (CVE-2021-43798)
A directory traversal vulnerability exists in Grafana. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Zoho ManageEngine ServiceDesk Plus Remote Code Execution (CVE-2021-44077)
A remote code execution vulnerability exists in Zoho ManageEngine ServiceDesk Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Java Server Side Template Injection
A remote attacker can inject malicious commands into a template engine. Successful exploitation could result in the execution of arbitrary code in the affected web server...
SolarWinds Serv-U Remote Code Execution (CVE-2021-35211)
A remote code execution vulnerability exists in SolarWinds Serv-U. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI Command Injection (CVE-2021-40345)
A command injection vulnerability exists in Nagios Xi. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
VMware ESXi Remote Code Execution (CVE-2020-3992)
A remote code execution vulnerability exists in VMware ESXi. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Yealink Device Management Command Injection (CVE-2021-27561)
A command injection vulnerability exists in Yealink Device Management. The vulnerability is due to improper handling of a crafted HTTP request...
Lodging Reservation Management System SQL Injection (CVE-2021-41511)
An SQL injection vulnerability exists in Lodging Reservation Management System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system or bypass authentication...
Unraid Remote Code Execution (CVE-2020-5847; CVE-2020-5849)
A remote code execution vulnerability exists in Unraid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VMWare Workspace Command Injection (CVE-2020-4006)
A command injection vulnerability exists in multiple VMWare products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CSZ CMS SQL Injection (CVE-2020-21250)
An SQL injection vulnerability exists in CSZ CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
SolarWinds Orion Platform Authentication Bypass (CVE-2020-10148)
An authentication bypass vulnerability exists in SolarWinds Orion API. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...
Quest NetVault Backup Remote Code Execution (CVE-2017-17419)
A remote code execution vulnerability exists in Quest NetVault Backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
LibreNMS addhost Command Injection (CVE-2018-20434)
A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...