1652 matches found
Nx Console Embedded Malicious Code Vulnerability
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory...
Fortinet FortiClient EMS Improper Access Control Vulnerability
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets CSS @import directives in email HTML...
Cisco SD-WAN Path Traversal Vulnerability
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user...
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...
ASUS Live Update Embedded Malicious Code Vulnerability
ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted produc...
Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability
Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially...
Adobe Experience Manager Forms Code Execution Vulnerability
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution...
Linux Kernel Heap Out-of-Bounds Write Vulnerability
Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS via heap memory corruption through user name space...
Microsoft Windows External Control of File Name or Path Vulnerability
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files...
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...
Zyxel DSL CPE OS Command Injection Vulnerability
Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request...
Mitel MiCollab Path Traversal Vulnerability
Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...
Reolink Multiple IP Cameras OS Command Injection Vulnerability
Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root...
Cleo Multiple Products Unauthenticated File Upload Vulnerability
Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autoru...
Palo Alto Networks Expedition OS Command Injection Vulnerability
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls...
Adobe Flash Player and AIR Use-After-Free Vulnerability
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code...
Apple iOS Information Disclosure Vulnerability
The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application...
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution...
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution...
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code...
D-Link Multiple Routers Remote Code Execution Vulnerability
A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file...
MiCollab, MiVoice Business Express Access Control Vulnerability
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system...
Microsoft GDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system...
Cisco Small Business Routers Improper Input Validation Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands...
Microsoft Windows Improper Input Validation Vulnerability
The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application...
Adobe Reader Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution...
Zabbix Frontend Improper Access Control Vulnerability
Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend...
Apple OS X Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context...
Nagios XI OS Command Injection
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
VMware Server Side Request Forgery in vRealize Operations Manager API
Server Side Request Forgery SSRF in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials...
Aviatrix Controller Unrestricted Upload of File
Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...
Kibana Arbitrary Code Execution
Kibana contain an arbitrary code execution flaw in the Timelion visualizer...
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office contains an unspecified vulnerability that allows for remote code execution...
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing...
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token...
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution...
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user...
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution...
Accellion FTA SQL Injection Vulnerability
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to documentroot.html...
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability
Accellion FTA contains a server-side request forgery SSRF vulnerability exploited via a crafted POST request to wmProgressstat.html...
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsof...
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts...
rConfig OS Command Injection Vulnerability
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution...
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles...
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network...
Widget Factory Joomla Content Editor Improper Access Control Vulnerability
Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users...
Linux Kernel Improper Authentication Vulnerability
Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 releaseagent feature...