13538 matches found
Microsoft Windows Win32k Elevation of Privilege (CVE-2022-41109)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft DWM Core Library Elevation of Privilege (CVE-2022-41096)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Horde Groupware Command Injection (CVE-2017-7413)
A command injection vulnerability exists in Horde Groupware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows Scripting Languages Remote Code Execution (CVE-2022-41118)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
DedeCMS Remote Code Execution (CVE-2022-35516)
A remote code execution vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Win32 Kernel Subsystem Elevation of Privilege (CVE-2022-41113)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows CNG Key Isolation Service Elevation of Privilege (CVE-2022-41125)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cisco Firepower ASA Command Injection (CVE-2022-20828)
A command injection vulnerability exists in Cisco Firepower ASA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
H3C GR-1200W Router Command Injection (CVE-2022-37070)
A command injection vulnerability exists in H3C GR-1200W Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
GitLab Community and Enterprise Cross-Site Scripting (CVE-2022-1175)
A cross-site scripting vulnerability exists in GitLab Community and Enterprise Editions. The vulnerability is due to improper sanitization of user input submitted in notes...
Apache Spark UI Command Injection (CVE-2022-33891)
A command execution vulnerability exists in Apache Spark. The vulnerability is due to errors in parsing user requests when the ACL is enabled...
WordPress Google Tag Manager Plugin Cross-Site Scripting (CVE-2022-1707)
A cross-site scripting vulnerability exists in the WordPress Google Tag Manager Plugin. This vulnerability is due to insufficient validation of site search requests. Successful exploitation of this vulnerability could result in code execution...
DedeCMS Command Injection (CVE-2022-34531)
A command injection vulnerability exists in DedeCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI SQL Injection (CVE-2019-9165)
An SQL injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
SolarWinds Orion Arbitrary File Write (CVE-2020-27871)
An arbitrary file write vulnerability exists in SolarWinds Network Configuration Manager. The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote,...
GLPI Project Code Injection (CVE-2022-35914)
A code injection vulnerability exists in GLPI Project. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rails Remote Code Execution (CVE-2020-8163)
A remote code execution vulnerability exists in Rails. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Tenda TX9 Pro Router Command Injection (CVE-2022-29592)
A command injection vulnerability exists in Tenda TX9 Pro Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Veeam Backup and Replication Authentication Bypass (CVE-2022-26501)
An authentication bypass vulnerability exists in Veeam Backup and Replication. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Jenkins Filesystem Trigger Plugin XML External Entity Expansion (CVE-2021-21659)
An XML external entity expansion vulnerability exists in Jenkins Filesystem Trigger Plugin. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...
Wavlink Routers Command Injection (CVE-2022-2486; CVE-2022-2488)
A command injection vulnerability exists in Wavlink Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection (CVE-2020-4241)
A command injection vulnerability exists in IBM Spectrum Protect Plus. The vulnerability is due to a lack of input validation in the Administrative Console service when parsing the filename parameter in the uploadHttpsCertificate method. A remote authenticated attacker could exploit this...
Microsoft Exchange Server Remote Code Execution (CVE-2022-23277)
A remote code execution vulnerability exists in Microsoft Exchange Server. The vulnerability is due to improper handling of EWS requests containing malicious UserConfiguration objects...
C-DATA Command Injection (CVE-2022-29337)
A command injection vulnerability exists in C-DATA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Hitron CHITA Command Injection (CVE-2022-25017)
A command injection vulnerability exists in Hitron CHITA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress Modern Events Calendar Lite Plugin Cross-Site Scripting (CVE-2022-0364)
A stored cross-site scripting vulnerability exists for the WordPress plugin Modern Events Calendar Lite. This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section...
Jenkins Matrix Project Plugin Cross-Site Scripting (CVE-2022-20615)
A stored cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin. This vulnerability is due to insufficient validation of node and label names, and label descriptions parameters...
TOTOLINK N600R Router Command Injection (CVE-2022-26186; CVE-2022-26188; CVE-2022-26189; CVE-2022-27411; CVE-2022-28905; CVE-2022-28906; CVE-2022-28907; CVE-2022-28908; CVE-2022-28909; CVE-2022-28910; CVE-2022-28911; CVE-2022-28912; CVE-2022-28913)
A command injection vulnerability exists in TOTOLINK N600R router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Pimcore Cross-Site Scripting (CVE-2022-0832)
A stored cross-site scripting vulnerability exists in Pimcore. This vulnerability is due to improper input validation...
TP-Link TL-R473G Command Injection (CVE-2022-34555)
A command injection vulnerability exists in TP-Link TL-R473G. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
H2 Database Remote Code Execution (CVE-2022-23221)
A remote code execution vulnerability exists in H2 Database console. This vulnerability is due to improper input validation when handling a specific JDBC URL...
D-Link DIR882 Command Injection (CVE-2022-28895; CVE-2022-28896)
A command injection vulnerability exists in D-Link DIR882. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
OpenSSL Buffer Overflow (CVE-2022-3786)
A buffer overflow vulnerability exists in OpenSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
OpenSSL Buffer Overflow (CVE-2022-3602; CVE-2022-3786)
A buffer overflow vulnerability exists in OpenSSL. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
AtomCMS SQL Injection (CVE-2022-24223)
An SQL injection vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
TypeORM FindOne Authentication Bypass (CVE-2022-33171)
An authentication bypass vulnerability exists in TypeORM FindOne. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
WordPress Ninja Forms Plugin Arbitrary File Upload (CVE-2022-0888)
An arbitrary file upload vulnerability exists in WordPress Ninja Forms plugin. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...
Atlassian Bitbucket Command Injection (CVE-2022-36804)
A command injection vulnerability exists in Atlassian Bitbucket. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Acquia Mautic Cross-Site Scripting (CVE-2022-25772)
A cross-site scripting vulnerability exists in Mautic. The vulnerability is due to improperly sanitized user metadata collected from tracking pixels...
Delta Electronics DIAEnergie SQL Injection (CVE-2022-1366)
An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to insufficient input validation when processing requests...
Oracle WebLogic Server Remote Code Execution (CVE-2021-2394)
A remote code execution vulnerability exists in Oracle WebLogic Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Linux Kernel Privilege Escalation (CVE-2022-0847)
A privilege escalation vulnerability exists in Linux Kernel. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...
OMRON CX-One Buffer Overflow (CVE-2022-21137)
A stack-based overflow exists in OMRON CX-One CX-FLnet module. The vulnerability is due to input validation error when processing a parameter...
Pulse Connect Secure HTTP Request Smuggling (CVE-2022-21826)
An HTTP Request Smuggling vulnerability exists in Pulse Connect Secure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PublicCMS Remote Code Execution (CVE-2022-23389)
A remote code execution vulnerability exists in PublicCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Moxa MXView Denial of Service (CVE-2017-7456)
A denial of service vulnerability exists in Moxa MXView. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Advantech iView SQL Injection (CVE-2022-2136)
A SQL injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation for the ipaddress parameter during the updatePROMFile process...
Tenda Routers Command Injection (CVE-2022-24170; CVE-2022-24171; CVE-2022-28572; CVE-2022-34595; CVE-2022-34596; CVE-2022-34597)
A command injection vulnerability exists in Tenda Routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Dolibarr ERP and CRM Code Injection (CVE-2022-0819)
A code injection vulnerability exists in the Dolibarr ERP/CRM package. The vulnerability is due to insufficient input validation on user provided data...
Zoho ManageEngine SQL Injection (CVE-2022-27908)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the Inventory Reports module...