Horde Groupware Command Injection (CVE-2017-7413)

A command injection vulnerability exists in Horde Groupware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Microsoft Windows Scripting Languages Remote Code Execution (CVE-2022-41118)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Win32k Elevation of Privilege (CVE-2022-41109)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft DWM Core Library Elevation of Privilege (CVE-2022-41096)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows CNG Key Isolation Service Elevation of Privilege (CVE-2022-41125)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows HTTP.sys Elevation of Privilege (CVE-2022-41057)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Win32 Kernel Subsystem Elevation of Privilege (CVE-2022-41113)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Cisco Firepower ASA Command Injection (CVE-2022-20828)

A command injection vulnerability exists in Cisco Firepower ASA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

GitLab Community and Enterprise Cross-Site Scripting (CVE-2022-1175)

A cross-site scripting vulnerability exists in GitLab Community and Enterprise Editions. The vulnerability is due to improper sanitization of user input submitted in notes...

H3C GR-1200W Router Command Injection (CVE-2022-37070)

A command injection vulnerability exists in H3C GR-1200W Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

DedeCMS Command Injection (CVE-2022-34531)

A command injection vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Rails Remote Code Execution (CVE-2020-8163)

A remote code execution vulnerability exists in Rails. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection (CVE-2020-4241)

A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the filename parameter in the uploadHttpsCertificate method. A remote authenticated attacker could exploit this...

Tenda TX9 Pro Router Command Injection (CVE-2022-29592)

A command injection vulnerability exists in Tenda TX9 Pro Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

WordPress Google Tag Manager Plugin Cross-Site Scripting (CVE-2022-1707)

A cross-site scripting vulnerability exists in the WordPress Google Tag Manager Plugin. This vulnerability is due to insufficient validation of site search requests. Successful exploitation of this vulnerability could result in code execution...

Veeam Backup and Replication Authentication Bypass (CVE-2022-26501)

An authentication bypass vulnerability exists in Veeam Backup and Replication. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

SolarWinds Orion Arbitrary File Write (CVE-2020-27871)

An arbitrary file write vulnerability exists in SolarWinds Network Configuration Manager. The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote,...

GLPI Project Code Injection (CVE-2022-35914)

A code injection vulnerability exists in GLPI Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Exchange Server Remote Code Execution (CVE-2022-23277)

A remote code execution vulnerability exists in Microsoft Exchange Server. The vulnerability is due to improper handling of EWS requests containing malicious UserConfiguration objects...

Apache Spark UI Command Injection (CVE-2022-33891)

A command execution vulnerability exists in Apache Spark. The vulnerability is due to errors in parsing user requests when the ACL is enabled...

Jenkins Filesystem Trigger Plugin XML External Entity Expansion (CVE-2021-21659)

An XML external entity expansion vulnerability exists in Jenkins Filesystem Trigger Plugin. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

Nagios XI SQL Injection (CVE-2019-9165)

An SQL injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Wavlink Routers Command Injection (CVE-2022-2486; CVE-2022-2488)

A command injection vulnerability exists in Wavlink Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

C-DATA Command Injection (CVE-2022-29337)

A command injection vulnerability exists in C-DATA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

D-Link DIR882 Command Injection (CVE-2022-28895; CVE-2022-28896)

A command injection vulnerability exists in D-Link DIR882. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

H2 Database Remote Code Execution (CVE-2022-23221)

A remote code execution vulnerability exists in H2 Database console. This vulnerability is due to improper input validation when handling a specific JDBC URL...

Pimcore Cross-Site Scripting (CVE-2022-0832)

A stored cross-site scripting vulnerability exists in Pimcore. This vulnerability is due to improper input validation...

Hitron CHITA Command Injection (CVE-2022-25017)

A command injection vulnerability exists in Hitron CHITA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

WordPress Modern Events Calendar Lite Plugin Cross-Site Scripting (CVE-2022-0364)

A stored cross-site scripting vulnerability exists for the WordPress plugin Modern Events Calendar Lite. This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section...

TOTOLINK N600R Router Command Injection (CVE-2022-26186; CVE-2022-26188; CVE-2022-26189; CVE-2022-27411; CVE-2022-28905; CVE-2022-28906; CVE-2022-28907; CVE-2022-28908; CVE-2022-28909; CVE-2022-28910; CVE-2022-28911; CVE-2022-28912; CVE-2022-28913)

A command injection vulnerability exists in TOTOLINK N600R router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)

A buffer overflow vulnerability exists in OpenSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Jenkins Matrix Project Plugin Cross-Site Scripting (CVE-2022-20615)

A stored cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin. This vulnerability is due to insufficient validation of node and label names, and label descriptions parameters...

TP-Link TL-R473G Command Injection (CVE-2022-34555)

A command injection vulnerability exists in TP-Link TL-R473G. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

OpenSSL Buffer Overflow (CVE-2022-3786)

A buffer overflow vulnerability exists in OpenSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

TypeORM FindOne Authentication Bypass (CVE-2022-33171)

An authentication bypass vulnerability exists in TypeORM FindOne. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

WordPress Ninja Forms Plugin Arbitrary File Upload (CVE-2022-0888)

An arbitrary file upload vulnerability exists in WordPress Ninja Forms plugin. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

AtomCMS SQL Injection (CVE-2022-24223)

An SQL injection vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Microsoft Exchange Remote Code Execution (CVE-2020-17132)

A remote code execution vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

Apache Airflow Command Injection (CVE-2022-24288)

A command injection vulnerability exists in Apache Airflow. This vulnerability is due to improper input validation for parameters for directed acyclic graphs DAGs...

Advantech iView SQL Injection (CVE-2022-2136)

A SQL injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation for the ipaddress parameter during the updatePROMFile process...

OMRON CX-One Buffer Overflow (CVE-2022-21137)

A stack-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing a parameter...

Atlassian Bitbucket Command Injection (CVE-2022-36804)

A command injection vulnerability exists in Atlassian Bitbucket. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Snapt Aria Command Injection (CVE-2022-24237)

A command injection vulnerability exists in Snapt Aria. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Moxa MXView Denial of Service (CVE-2017-7456)

A denial of service vulnerability exists in Moxa MXView. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

Linux Kernel Privilege Escalation (CVE-2022-0847)

A privilege escalation vulnerability exists in Linux Kernel. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

Zoho ManageEngine SQL Injection (CVE-2022-27908)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the Inventory Reports module...

Pulse Connect Secure HTTP Request Smuggling (CVE-2022-21826)

An HTTP Request Smuggling vulnerability exists in Pulse Connect Secure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Oracle WebLogic Server Remote Code Execution (CVE-2021-2394)

A remote code execution vulnerability exists in Oracle WebLogic Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

WordPress WP Statistics Plugin SQL Injection (CVE-2022-0513)

An SQL injection vulnerability exists in WordPress WP Statistics plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

Jenkins GitLab Plugin Cross-Site Scripting (CVE-2022-34777)

A stored cross-site scripting vulnerability exists in Jenkins GitLab Plugin. This vulnerability is due to insufficient validation of user provided fields in the build cause of webhook triggered builds...