1643 matches found
SolarWinds Virtualization Manager Privilege Escalation Vulnerability
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo...
Microsoft Windows Server Buffer Overflow Vulnerability
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services IIS 6.0 which allows remote attackers to execute code via a long header beginning with "If: http://" in a PROPFIND request...
Cisco Identity Services Engine Injection Vulnerability
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an...
Microsoft Windows NTFS Information Disclosure Vulnerability
Microsoft Windows New Technology File System NTFS contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portio...
Paessler PRTG Network Monitor OS Command Injection Vulnerability
Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console...
Joomla! Improper Access Control Vulnerability
Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints...
F5 BIG-IP Configuration Utility SQL Injection Vulnerability
F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747...
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061...
Red Hat Polkit Incorrect Authorization Vulnerability
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation...
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...
Microsoft Windows Open Type Font Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system...
SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files...
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC...
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data...
Android Framework Privilege Escalation Vulnerability
Android Framework contains an unspecified vulnerability that allows for privilege escalation...
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
Zyxel ATP, USG FLEX, USG FLEX 50W, USG20W-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service DoS conditions and remote code execution on an affected device...
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...
RARLAB UnRAR Directory Traversal Vulnerability
RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract unpack operation...
SAP NetWeaver Information Disclosure Vulnerability
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request...
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution...
Microsoft Edge Memory Corruption Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...
Citrix Multiple Products Remote Code Execution Vulnerability
A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability al...
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution...
Primetek Primefaces Remote Code Execution Vulnerability
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...
GeoVision Devices OS Command Injection Vulnerability
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Ivanti Cloud Services Appliance CSA contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS...
Fortinet FortiClient EMS SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests...
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution...
Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability
Synacor Zimbra Collaboration Suite ZCS allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts...
Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability
Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution...
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application...
Microsoft Windows Search Remote Code Execution Vulnerability
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory...
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service DoS...
Dasan GPON Routers Command Injection Vulnerability
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...
Kentico Xperience Deserialization of Untrusted Data Vulnerability
Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution...
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability
An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor CP that allows a privileged attacker to remotely cause a denial of service...
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE I...
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability
Cisco Secure Firewall Adaptive Security ASA Appliance and Secure Firewall Threat Defense FTD Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362...
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
Microsoft Windows New Technology File System NTFS contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally...
Progress Kemp LoadMaster OS Command Injection Vulnerability
Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...
Microsoft Windows Hyper-V Privilege Escalation Vulnerability
Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges...
Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...
D-Link DSL-2750B Devices Command Injection Vulnerability
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter...
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution...
TerraMaster OS Remote Command Execution Vulnerability
TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...
Oracle E-Business Suite Unspecified Vulnerability
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator...