1652 matches found
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for denial of service...
Apple iOS and iPadOS Use-After-Free Vulnerability
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges...
Adobe Commerce and Magento Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API...
Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device...
Microsoft Office Excel Remote Code Execution Vulnerability
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a...
Google Chromium Loader Insufficient Policy Enforcement Vulnerability
Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page...
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Common Log File System CLFS Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally...
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution...
NUUO NVRmini2 Devices Missing Authentication Vulnerability
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Oracle Agile Product Lifecycle Management PLM contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure...
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user...
Qlik Sense Path Traversal Vulnerability
Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints...
Multiple Ruckus Wireless Products CSRF and RCE Vulnerability
Ruckus Wireless Access Point AP software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery CSRF or remote code execution RCE. This vulnerability impacts Ruckus ZoneDirector,...
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation...
Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability
Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution...
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product...
QNAP Photo Station Path Traversal Vulnerability
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and...
Red Hat JBoss Information Disclosure Vulnerability
Unauthenticated access to the JBoss Application Server Web Console /web-console is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information...
Microsoft Silverlight Information Disclosure Vulnerability
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...
WhatsApp Cross-Site Scripting Vulnerability
A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading...
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution...
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution...
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands...
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
There is a vulnerability in the implementation of the Common Industrial Protocol CIP feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service...
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
Synacor Zimbra Collaboration Suite ZCS contains an improper restriction of XML external entity XXE vulnerability in the mailboxd component...
Linux Kernel Improper Privilege Management Vulnerability
Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access...
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affect...
Multiple DrayTek Vigor Routers Web Management Page Vulnerability
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution...
IBM Data Risk Manager Remote Code Execution Vulnerability
IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�...
IBM Data Risk Manager Directory Traversal Vulnerability
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system...
Microsoft Windows Kernel Information Disclosure Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process...
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...
Netis WF2419 Devices Remote Code Execution Vulnerability
Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine...
Citrix Session Recording Deserialization of Untrusted Data Vulnerability
Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server...
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an...
Linux Kernel Out-of-Bounds Read Vulnerability
Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information...
Reolink RLC-410W IP Camera OS Command Injection Vulnerability
Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality...
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...
Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization ASLR bypass...
Grafana Authentication Bypass Vulnerability
Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss...
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service DoS...
Microsoft Windows Kernel Privilege Escalation Vulnerability
The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application...