rpc.py Project Remote Code Execution (CVE-2022-35411)

A remote code execution vulnerability exists in rpc.py Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Jenkins Selenium HTML Report Plugin XML External Entity Injection (CVE-2021-21672)

An XML external entity injection vulnerability exists in Jenkins Selenium HTML Report Plugin. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

Zoho ManageEngine SQL Injection (CVE-2021-40493)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...

OpenEMR Cross-Site Scripting (CVE-2022-1178)

A stored cross-site scripting vulnerability exists in OpenEMR. The vulnerability is due to insufficient sanitization of user input...

Seacms Remote Code Execution (CVE-2022-27336)

A remote code execution vulnerability exists in Seacms. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Montala Limited ResourceSpace Arbitrary File Deletion (CVE-2021-41950)

An arbitrary file deletion vulnerability exists in ResourceSpace by Montala Limited. The vulnerability is due to unsanitized parameters used in the titles.php page...

Adobe RoboHelp Server Directory Traversal (CVE-2021-42727)

A directory traversal vulnerability exists in Adobe RoboHelp Server. This vulnerability is caused by input validation flaw when processing fileName parameter...

EmbedThis GoAhead Remote Code Execution (CVE-2021-42342)

An unrestricted file upload vulnerability exists in EmbedThis GoAhead Web Server. The vulnerability is due to improper validation of user form variables passed to the file upload filter...

Delta Industrial Automation DIAEnergie Cross-Site Scripting (CVE-2021-44471)

A stored cross-site scripting vulnerability exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to input validation error when processing name parameter in HandlerAlarmGroup.ashx endpoint...

Zoho ManageEngine Command Injection (CVE-2021-43319)

A command injection vulnerability exists in ManageEngine Network Configuration Manager. This vulnerability is due to insufficient validation in the ipaddress field of the ping functionality in add device web interface...

TOTOLink A700RU Command Injection (CVE-2022-38308)

A command injection vulnerability exists in TOTOLink A700RU. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

WikiDocs Arbitrary File Upload (CVE-2022-23375)

An arbitrary file upload vulnerability exists in WikiDocs. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Ivanti Avalanche DataRepository Service Insecure Deserialization (CVE-2021-42130)

An insecure deserialization vulnerability exists in the Ivanti Avalanche DataRepository service. The vulnerability is due to insufficient validation of serialized data sent to the DataRepository service...

Jenkins Rundeck Plugin Cross-Site Scripting (CVE-2022-30956)

A cross-site scripting vulnerability exists in Jenkins Rundeck Plugin. This vulnerability is due to insufficient validation of user input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted message to a vulnerable server...

D-Link Central WiFiManager CWM-100 SQL Injection (CVE-2019-13373)

An SQL injection vulnerability exists in D-Link Central WiFiManager CWM-100. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Ivanti Avalanche EnterpriseServer Service setUser Authentication Bypass (CVE-2021-42128)

A authentication bypass vulnerability exists in the Ivanti Avalanche Enterprise Server. The vulnerability is due to lack of authentication for certain functionality...

Wordpress Like Button Plugin Authentication Bypass (CVE-2019-13344)

An authentication bypass vulnerability exists in the Wordpress plugin like button. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

Ivanti Avalanche PrinterDeviceServer Service Command Injection (CVE-2021-42132)

A command injection vulnerability exists in Ivanti Avalanche PrinterDeviceServer Service. This vulnerability is due to insufficient input validation in the runAgentRestarter method...

WWBN AVideo Command Injection (CVE-2022-32572)

A command injection vulnerability exists in WWBN AVideo. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

OpenSSL c_rehash Script Command Injection (CVE-2022-1292)

A command injection vulnerability has been reported in the OpenSSL. The vulnerability is due to improper validation of input characters. Successful exploitation could result in command execution within the context of the target user...

TP Link Wr940N Routers Buffer Overflow (CVE-2017-13772)

A buffer overflow vulnerability exists in TP Link Wr940N Firmware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

XStream Command Injection (CVE-2021-39144)

A command injection vulnerability exists in XStream. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Ruckus IoT Controller Web UI Authentication Bypass (CVE-2020-26879)

An authentication bypass vulnerability exists in Ruckus IoT Controller Web UI. The vulnerability is due to improperly handling of a crafted HTTP request. A remote attacker could exploit the vulnerability by sending crafted HTTP requests to the target server...

Wavlink WL-WN575A3 Command Injection (CVE-2022-37149)

A command injection vulnerability exists in Wavlink WL-WN575A3. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

InHand Networks InRouter 900 Industrial 4G Router Command Injection (CVE-2022-27268; CVE-2022-27273; CVE-2022-27275; CVE-2022-27276)

A command injection vulnerability exists in InHand Networks InRouter 900 Industrial 4G Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Oracle WebLogic Server Remote Code Execution (CVE-2020-14841)

A remote code execution vulnerability exists in Oracle WebLogic Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Atlassian Jira Server-Side Request Forgery (CVE-2022-26135)

A server-side request forgery vulnerability exists in Atlassian Jira. Successful exploitation of this vulnerability could allow an attacker to access internal resources...

TOTOLink 720R Command Injection (CVE-2022-38534; CVE-2022-38535)

A command injection vulnerability exists in TOTOLink 720R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

D-Link Central WiFiManager CWM-100 Remote Code Execution (CVE-2019-13372)

A remote code execution vulnerability exists in D-Link Central WiFiManager CWM-10. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Zoho ManageEngine ServiceDesk Cross-Site Scripting (CVE-2021-46065)

A cross-site scripting vulnerability exists in Zoho ManageEngine ServiceDesk. The vulnerability is due to improper sanitization of secondary email field parameter...

Arris Routers Command Injection (CVE-2022-26990; CVE-2022-26991; CVE-2022-26992; CVE-2022-26993; CVE-2022-26994; CVE-2022-26995; CVE-2022-26996; CVE-2022-26997; CVE-2022-26998; CVE-2022-26999; CVE-2022-27000; CVE-2022-27001; CVE-2022-27002)

A command injection vulnerability exists in Arris Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Part-DB Project Unrestricted File Upload (CVE-2022-0848)

An unrestricted file upload vulnerability exists in Part-DB Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Tenda AC18 Router Command Injection (CVE-2022-31446)

A command injection vulnerability exists in Tenda AC18 Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

AtomCMS Arbitrary File Upload (CVE-2022-25487)

An arbitrary file upload vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Prima Systems FlexAir Command Injection (CVE-2019-7670)

A command injection vulnerability exists in Prima Systems FlexAir. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

DedeBIZ Remote Code Execution (CVE-2022-36215)

A remote code execution vulnerability exists in DedeBIZ. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Docker Daemon API Remote Code Execution

A remote code execution vulnerability exists in Docker. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Mako Server Remote Command Execution

A command execution vulnerability exists in Mako. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Moxa MXView Information Disclosure (CVE-2017-7455)

An information disclosure vulnerability exists in Moxa MXView. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

GitHub Repository Hestiacp Command Injection (CVE-2022-2550)

A command injection vulnerability exists in GitHub Repository Hestiacp. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Nagios IM SQL Injection (CVE-2019-9204)

An SQL injection vulnerability exists in Nagios IM. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Lansweeper SQL Injection (CVE-2022-21234)

An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

osCommerce Remote Code Execution

A remote code execution vulnerability exists in osCommerce. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

Lansweeper SQL Injection (CVE-2022-21210)

An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Skycaiji Command Injection (CVE-2022-28096)

A command injection vulnerability exists in Skycaiji. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Nagios IM Command Injection (CVE-2019-9202)

A command injection vulnerability exists in Nagios IM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Joomla! CMS Cross-Site Scripting (CVE-2018-6377)

A cross-site scripting vulnerability exists in Joomla! Core. Successful exploitation results in the execution of arbitrary script code in the target user's browser...

WordPress Photo Gallery Plugin SQL Injection (CVE-2022-1281)

A SQL injection vulnerability exists for the Photo Gallery plugin for WordPress. This vulnerability is due to improper input validation for the filtertag parameter...

Git Source Code Management Code Execution (CVE-2021-21300)

An improper link resolution exists in the checkout mechanism of Git Source Code Management git-scm by Git. An out-of-order checkout triggered by a delayed checkout or checkout-index may result in an improper validation of a file resource type prior to performing a file write operation. A remote...

DedeCMS Remote Code Execution (CVE-2022-35516)

A remote code execution vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...