System Information Library for Node.JS Command Injection

In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote...

Aviatrix Controller Unrestricted Upload of File

Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal...

Drupal core Un-restricted Upload of File

Improper sanitization in the extension file names is present in Drupal core...

Apache Airflow Command Injection

A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...

Microsoft Exchange Server Information Disclosure

Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target...

October CMS Improper Authentication

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request...

Oracle Business Intelligence Enterprise Edition Path Transversal

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...

Palo Alto Networks PAN-OS Remote Code Execution Vulnerability

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled...

Google Chrome Media Use-After-Free Vulnerability

Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page...

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP...

Oracle WebLogic Server, Injection

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services...

Exim Mail Transfer Agent (MTA) Improper Input Validation

Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...

Kibana Arbitrary Code Execution

Kibana contain an arbitrary code execution flaw in the Timelion visualizer...

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...

VMware vCenter Server Improper Access Control

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization...

Hikvision Improper Input Validation

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation...

Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference

Synacor Zimbra Collaboration Suite ZCS contains an improper restriction of XML external entity XXE vulnerability in the mailboxd component...

FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...

Microsoft WinVerifyTrust function Remote Code Execution

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

Fortinet FortiOS and FortiProxy Improper Authorization

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password...

Fortinet FortiOS and FortiProxy Out-of-bounds Write

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users...

IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands...

Google Chromium V8 Use-After-Free Vulnerability

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

Microsoft Windows AppX Installer Spoofing Vulnerability

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability...

Realtek Jungle SDK Remote Code Execution Vulnerability

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution...

Apache Solr DataImportHandler Code Injection Vulnerability

The optional Apache Solr module DataImportHandler contains a code injection vulnerability...

Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

Embedthis GoAhead Remote Code Execution Vulnerability

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked...

MongoDB mongo-express Remote Code Execution Vulnerability

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method...

Zoho Desktop Central Authentication Bypass Vulnerability

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server...

Linux Kernel Improper Privilege Management Vulnerability

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access...

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...

Fuel CMS SQL Injection Vulnerability

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items...

Pi-Hole AdminLTE Remote Code Execution Vulnerability

Pi-hole Web v4.3.2 aka AdminLTE allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease...

Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution...

Red Hat JBoss Application Server Remote Code Execution Vulnerability

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data...

Apache Log4j2 Remote Code Execution Vulnerability

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution...

Apache HTTP Server-Side Request Forgery (SSRF)

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

Qualcomm Multiple Chipsets Improper Input Validation Vulnerability

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution...

MikroTik Router OS Directory Traversal Vulnerability

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

Microsoft Exchange Server Remote Code Execution Vulnerability

An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution...

ExifTool Remote Code Execution Vulnerability

Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

Microsoft Windows Win32k Privilege Escalation Vulnerability

Unspecified vulnerability allows for an authenticated user to escalate privileges...

Microsoft Excel Security Feature Bypass

A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution...

Apache HTTP Server Privilege Escalation Vulnerability

Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute code with the privileges of the parent process usually root by manipulating the scoreboard...

Apache Struts Remote Code Execution Vulnerability

Forced Object-Graph Navigation Language OGNL evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution...

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or...

Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability

Citrix StoreFront Server contains an XML External Entity XXE processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information...