13538 matches found
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-31954)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Kernel Information Disclosure (CVE-2021-31955)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Adobe Acrobat Reader DC Path Join Out of Bounds Read (APSB21-37: CVE-2021-28554)
An out of bounds read vulnerability has been reported in Adobe Acrobat Reader DC. The vulnerability is due to improper handling of relative paths in calls to the app.openDoc JavaScript function...
WordPress Core External Entity Injection (CVE-2021-29447)
An XXE vulnerability exists in WordPress Core. The vulnerability is due to insufficient validation of XML data when parsing RIFF WAV file metadata...
WordPress Stop Spammers Plugin Cross Site Scripting (CVE-2021-24245)
A cross site scripting vulnerability exists in WordPress Stop Spammers plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Apache Tapestry Information Disclosure (CVE-2021-30638)
An information disclosure vulnerability exists in Apache Tapestry. A URL manipulation via smuggled backslashes allows Java webapp files inside WEB-INF to be listed and downloaded...
IPFire Remote Code Execution (CVE-2021-33393)
A remote code execution vulnerability exists in IPFire. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HPE Edgeline Infrastructure Manager Authentication Bypass (CVE-2021-29203)
An authentication bypass vulnerability exists in HPE Edgeline Infrastructure Manager. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...
Jenkins Credentials Plugin Cross-Site Scripting (CVE-2021-21648)
A reflected cross-site scripting vulnerability exists in Jenkins Credentials Plugin. This vulnerability is due to insufficient validation of user-controlled information on the upload certificate view provided by Credentials plugin...
Google Chrome Buffer Overflow (CVE-2021-21153)
A buffer overflow vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Xymon xymond Remote Code Execution (CVE-2016-2056)
A remote code execution vulnerability exists in Xymon xymond. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows Server Remote Code Execution (CVE-2009-3103)
Microsoft Server Message Block SMB Protocol is a Microsoft network file sharing protocol used in Microsoft Windows. A vulnerability exists in Microsoft Server Message Block SMB Protocol that could allow remote attackers to execute arbitrary code on the vulnerable system due to memory corruption...
Drupal Core Hex Rendering Remote Code Execution
A code execution vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Hongdian H8922 Command Injection (CVE-2021-28151; CVE-2021-28149)
A command injection vulnerability exists in Hongdian H8922. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Subrion CMS Remote Code Execution (CVE-2018-19422)
A remote code execution vulnerability exists in Subrion CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cacti SQL Injection (CVE-2020-14295)
An SQL injection vulnerability exists in Cacti. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code on the affected system...
Aruba Networks ClearPass Policy Manager Remote Code Execution (CVE-2020-7115)
A remote code execution vulnerability exists in Aruba Networks ClearPass Policy Manager. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Netgate pfSense Cross-Site Scripting (CVE-2021-27933)
A stored cross-site scripting vulnerability exists in Netgate pfSense. The vulnerability is due to improper validation of the descr parameter in the serviceswoledit.php...
Ambarella Oryx RTSP Server Buffer Overflow (CVE-2020-24918)
A buffer overflow vulnerability exists in Ambarella Oryx RTSP Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Projectworlds Online Book Store SQL Injection (CVE-2020-19114)
An SQL injection vulnerability exists in Projectworlds Online Book Store . Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Jenkins Artifact Repository Parameter Plugin Cross-Site Scripting (CVE-2021-21622)
A stored cross-site scripting vulnerability exists in Jenkins Artifact Repository Parameter plugin. This vulnerability is due to insufficient validation of the name and description parameters in the ArtifactRepoParamDefinition class...
Oracle E-Business Suite iStore Information Disclosure (CVE-2021-2182)
An information disclosure vulnerability exists in the iStore component in Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input from requests when constructing HTML output in the JSP that handles updating of user personal information...
Tenda Routers Buffer Overflow (CVE-2021-31755; CVE-2021-31756; CVE-2021-31757; CVE-2021-31758)
A buffer overflow vulnerability exists in Tenda routers. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...
China Mobile An Lianbao WF-1 Router Command Injection (CVE-2021-30231; CVE-2021-30228; CVE-2021-30230; CVE-2021-30232; CVE-2021-30233; CVE-2021-30234)
A command injection vulnerability exists in China Mobile An Lianbao WF-1 router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft HTTP Protocol Stack Remote Code Execution (CVE-2021-31166)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache OFBiz Insecure Deserialization (CVE-2021-26295)
An insecure deserialization vulnerability exists in Apache OFBiz. This vulnerability is due to Java serialization issues when processing requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request...
Nagios XI Remote Code Execution (CVE-2019-15949)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Use After Free (APSB21-29: CVE-2021-28550)
A use-after-free vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2021-26419)
A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2021-31170)
An elevation of privilege vulnerability exists in Microsoft Graphics Component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2021-31188)
An elevation of privilege vulnerability exists in Microsoft Graphics Component. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft SharePoint Remote Code Execution (CVE-2021-31181)
A remote code execution vulnerability exists in Microsoft SharePoint. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Adobe Acrobat and Reader Heap-based Buffer Overflow (APSB21-29: CVE-2021-28560)
A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Google Chrome Remote Code Execution (CVE-2021-21220)
A remote code execution vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Vtiger SQL Injection (CVE-2020-22807)
An SQL injection vulnerability exists in Vtiger. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Exchange Server Remote Code Execution (CVE-2021-28482)
A remote code execution vulnerability exists in Microsoft Exchange Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Beckhoff IPC Diagnostics Denial Of Service (CVE-2015-4051)
A denial-of-service vulnerability exists in Beckhoff IPC Diagnostics. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Apache Solr Server-Side Request Forgery (CVE-2021-27905)
A sever-side request forgery vulnerability exists in Apache Solr. The vulnerability is due to a lack of validation on the subdomain parameter in HTTP requests. Successful exploitation of this vulnerability could allow an unauthenticated attacker to make a request to any internal and external serv...
TikiWiki Project SQL Injection (CVE-2004-1925)
An SQL injection vulnerability exists in TikiWiki Project. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
WordPress Hotel Booking Plugin Remote Code Execution (CVE-2020-29047)
A remote code execution vulnerability exists in WordPress Hotel Booking Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Food And Drink Menu Plugin Remote Code Execution (CVE-2020-29045)
A remote code execution vulnerability exists in WordPress Food And Drink Menu Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Fake Software Update Webpage
A misleading web page, disguising as an update message, is used to trick a user into installing malware, leading to loss of data, or allowing the attacker to run arbitrary code on the infected machine...
WordPress WPGraphQL Plugin Denial of Service
A denial of service vulnerability exists in WordPress WPGraphQL Plugin. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
ImageMagick Command Injection (CVE-2020-29599)
A command injection vulnerability exists in ImageMagick. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Tenda G0 Routers Command Injection (CVE-2021-27691)
A command injection vulnerability exists in Tenda G0 Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows GDI Information Disclosure (CVE-2019-1009)
An information disclosure vulnerability exists in Microsoft windows 7. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
D-Link DIR-878 Command Injection (CVE-2019-8315)
A command injection vulnerability exists in D-Link DIR-878 devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Visual Studio Code Python Extension Remote Code Execution
A remote code execution vulnerability exists in Visual. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apple Safari Type Confusion (CVE-2019-6215)
A type confusion vulnerability exists in Apple Safari. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Online Reviewer System SQL Injection (CVE-2021-27130)
An SQL injection vulnerability exists in Online Reviewer System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...