Cisco Unity Express Insecure Deserialization (CVE-2018-15381)

An insecure deserialization vulnerability exists in Cisco Unity Express. Successful exploitation of this vulnerability would allow remote attackers to send a specially crafted serialized object to the vulnerable server...

IonizeCMS Remote Code Execution (CVE-2022-26272)

A remote code execution vulnerability exists in IonizeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Tenda AX3 Router Command Injection (CVE-2022-24148; CVE-2022-24150)

A command injection vulnerability exists in Tenda AX3 router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Bolt CMS Arbitrary File Upload (CVE-2022-36532)

An arbitrary file upload vulnerability exists in Bolt CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

College Management System Arbitrary File Upload (CVE-2022-32420)

An arbitrary file upload vulnerability exists in College Management System. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

TP-Link TL-WR840N Command Injection (CVE-2022-25064)

A command injection vulnerability exists in TP-Link TL-WR840N. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Qognify Ocularis Insecure Deserialization (CVE-2020-27868)

An insecure deserialization vulnerability exists in Qognify Ocularis. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the target system...

DigitalDruid HotelDruid Remote Code Execution (CVE-2022-22909)

A remote code execution vulnerability exists in DigitalDruid HotelDruid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

TOTOLINK A7100RU Router Command Injection (CVE-2022-28575; CVE-2022-28577; CVE-2022-28578; CVE-2022-28579; CVE-2022-28580; CVE-2022-28581; CVE-2022-28582; CVE-2022-28583; CVE-2022-28584)

A command injection vulnerability exists in TOTOLINK A7100RU router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

IonizeCMS Command Injection (CVE-2022-29307)

A command injection vulnerability exists in IonizeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Pixelimity Arbitrary File Upload (CVE-2022-28590)

An arbitrary file upload vulnerability exists in Pixelimity. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Atmosphere Java Framework Reflected Cross-Site Scripting

A cross-site scripting vulnerability exists in Atmosphere. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

FLIR AX8 Thermal Camera Command Injection (CVE-2022-37061)

A command injection vulnerability exists in FLIR AX8 thermal camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)

A NULL pointer dereference vulnerability exists in the modproxy module of Apache httpd. The vulnerability is due to improper handling of malformed Request-URIs sent to servers configured as a forward proxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted...

Kentico CMS Remote Code Execution (CVE-2019-10068)

A remote code execution vulnerability exists in Kentico CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Razer Sila Gaming Router Command Injection (CVE-2022-29013)

A command injection vulnerability exists in Razer Sila gaming router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Studio42 elFinder Directory Traversal (CVE-2022-26960)

A directory traversal vulnerability exists in elFinder. The vulnerability is due to insufficient validation of user submitted paths...

Wavlink WL-WN531P3 Command Injection (CVE-2022-23900)

A command injection vulnerability exists in Wavlink WL-WN531P3. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

iSharer and upRedSun File Sharing Wizard Buffer Overflow (CVE-2019-16724)

A buffer overflow vulnerability exists in iSharer and upRedSun File Sharing Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Jenkins Config File Provider Plugin External Entity Injection (CVE-2021-21642)

An XXE vulnerability exists in Jenkins Config File Provider Plugin. The vulnerability is due to insufficient validation of XML data when utilizing Config File Provider Plugin...

Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting (CVE-2021-20080)

A stored cross-site scripting vulnerability exists in Zoho ManageEngine ServiceDesk Plus. The vulnerability is due to improper sanitization of user supplied XML...

TOTOLINK Routers Command Injection (CVE-2022-26206; CVE-2022-26207; CVE-2022-26208; CVE-2022-26209; CVE-2022-26211; CVE-2022-26212; CVE-2022-26214; CVE-2022-27003; CVE-2022-27004; CVE-2022-27005; CVE-2022-28935)

A command injection vulnerability exists in TOTOLINK Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)

A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...

Quest NetVault Backup NVBUJobCountHistory SQL Injection (CVE-2017-17420)

An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoking the Get method of the NVBUJobCountHistory class. A remote unauthenticated attacker could explo...

DedeCMS Remote Code Execution (CVE-2022-36216)

A remote code execution vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

WordPress Popup Maker Plugin Cross-Site Scripting (CVE-2022-1104)

A stored cross-site scripting vulnerability exists for the Popup Maker plugin for WordPress. This vulnerability is due to improper input validation for the popup settings process...

Ivanti Avalanche Enterprise Service SQL Injection (CVE-2021-42131)

An SQL injection vulnerability exists in the Ivanti Avalanche EnterpriseServer service. The vulnerability is due to insufficient validation of data sent to the EnterpriseServer service...

Zoho ManageEngine SQL Injection (CVE-2021-41288)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getReportData method...

O2OA Remote Code Execution (CVE-2022-22916)

A remote code execution vulnerability exists in O2OA. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Montala Limited ResourceSpace Cross-Site Scripting (CVE-2021-41951)

A reflected cross-site scripting vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to improper input validation of user input passed to index.php page...

ZEROF Web Server SQL Injection (CVE-2022-25322)

An SQL injection vulnerability exists in ZEROF Web Server. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Necta LLC WiFi Mouse Command Injection (CVE-2022-3218)

A command injection vulnerability exists in Necta LLC WiFi Mouse. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Tenda M3 Router Command Injection (CVE-2022-26289)

A command injection vulnerability exists in Tenda M3 Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Delta Industrial Automation DIAEnergie SQL Injection (CVE-2022-1378)

An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to an input validation error...

GitLab Community and Enterprise Edition Command Injection (CVE-2022-2185)

A command injection vulnerability exists in GitLab Community and Enterprise Editions. The vulnerability is due to errors in parsing imported project files on the server...

Ivanti Avalanche Enterprise Service Command Injection (CVE-2021-42129)

A command injection vulnerability exists in Ivanti Avalanche Enterprise Service. This vulnerability is due to insufficient validation of the Central FileStore configuration fields...

Open Automation Software Platform Authentication Bypass (CVE-2022-26833)

An authentication bypass vulnerability exists in Open Automation Software Platform. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

ImpressCMS Directory Traversal (CVE-2022-24977)

A directory traversal vulnerability exists in ImpressCMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

WordPress Core Cross-Site Scripting (CVE-2022-21662)

A cross-site scripting vulnerability exists in WordPress. This vulnerability is due to improper input validation...

MatrixSSL Verify X.509 Certificate Stack Buffer Overflow

A buffer overflow vulnerability exists in MatrixSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Zoho ManageEngine ApplicationManager Command Injection (CVE-2018-7890)

A command injection vulnerability exists in Zoho ManageEngine ApplicationManager. The vulnerability is due to improper validation of the user supplied parameters. A remote attacker can exploit this vulnerability by sending crafted parameters to the target system...

Apple WebKit AbstractValue Set Use After Free (CVE-2018-4443)

A use-after-free vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows NTFS File System Denial of Service

A denial of service vulnerability exists in Microsoft Windows NTFS File System. Successful exploitation can lead to program crash on the effected system...

Microsoft WINS Multiple Replication Sessions Memory Corruption

A memory corruption vulnerability exists in Microsoft WINS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

GraphicsMagic WMF Use After Free (CVE-2017-12936)

A use-after-free vulnerability exists in GraphicsMagick. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Joomla! Component EkRishta SQL Injection

An SQL injection vulnerability exists in Joomla! Component EkRishta. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Windows PPTP Protocol Use After Free (CVE-2022-21972)

A remote code execution vulnerability exists in Microsoft Windows VPN component. The vulnerability is due to improper handling of PPTP packets...

CuppaCMS Remote Code Execution (CVE-2022-37190)

A remote code execution vulnerability exists in CuppaCMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Delta Industrial Automation DIAEnergie Arbitrary File Upload (CVE-2022-25347)

An arbitrary file upload vulnerability exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to an input validation error when processing file uploads...

PHP IMAP imap_open Command Injection (CVE-2018-19518)

A command injection vulnerability exists in the IMAP component of PHP. The vulnerability is due to improper handling of the server parameter passed to the imapopen function. A remote, authenticated attacker can exploit this vulnerability by supplying a crafted server parameter to the imapopen...