368308 matches found
CVE-2002-0370
CVE-2002-0370 refers to a buffer overflow/unchecked buffer in ZIP decompression in Windows ZIP handling affecting Windows 98 with Plus! Pack, XP, ME, Lotus Notes R4–R6, Verity KeyView, and StuffIt Expander before 7.0. OpenVAS and Nessus entries corroborate the MS02-054 fix. The vulnerability can ...
CVE-2023-0329
CVE-2023-0329 affects the Elementor Website Builder WordPress plugin prior to 3.12.2. The issue is a SQL injection caused by improper sanitization/escaping of the Replace URL parameter in the Tools module before it is used in a SQL statement. Exploitation requires privileges of an Administrator, ...
CVE-2020-25506
Summary of vulnerability (CVE-2020-25506) : D-Link DNS-320 firmware v2.06B01 Revision Ax is vulnerable to a command-injection in the system_mgr.cgi component. The issue arises because the HTTP parameter f_ntp_server is not sanitized, enabling remote arbitrary command execution. The NUCLEI templat...
CVE-2020-5410
CVE-2020-5410 affects VMware/Tanzu Spring Cloud Config Server. Versions 2.2.x before 2.2.3 and 2.1.x before 2.1.9 (and older unsupported) are vulnerable to a directory-traversal where a crafted URL can cause the server to serve arbitrary configuration files. Root cause: inadequate validation in t...
CVE-2020-8657
Incident summary (CVE-2020-8657): EyesOfNetwork 5.3 is affected by a hardcoded API key vulnerability. The default API key (EONAPI_KEY) is stored in include/api_functions.php for API version 2.4.2, enabling an attacker to calculate/guess the admin access token and potentially gain administrative a...
CVE-2013-1331
CVE-2013-1331 is a buffer overflow in Microsoft Office 2003 SP3 and Office for Mac 2011 triggered when parsing PNG data embedded in an Office document, allowing remote attackers to execute arbitrary code. The vulnerability can be exploited through crafted PNG content, potentially via documents th...
CVE-2025-0611
Summary: CVE-2025-0611 affects Google Chrome’s V8 engine prior to 132.0.6834.110, where object corruption could allow a remote attacker to trigger heap corruption via a crafted HTML page. The vulnerability is categorized as High severity (CVSS: NETWORK, NONE/LOW impacts on confidentiality, integr...
CVE-2021-4102
CVE-2021-4102 is a use-after-free vulnerability in Google Chrome’s V8 engine. Affected component: V8 within Chrome prior to version 96.0.4664.110. Root cause: use-after-free that could enable heap corruption via a crafted HTML page. Impact: remote code execution with high severity (per CVSS metri...
CVE-2016-0752
CVE-2016-0752 is a directory-traversal flaw in Rails’ Action View triggered when untrusted input is passed to render, allowing remote read of arbitrary files via a path containing .. and linked to incomplete fixes that affected Rails 3.2.x/4.x. The vulnerability stems from Action View’s rendering...
CVE-2022-34713
CVE-2022-34713 (DogWalk) is a remote code execution vulnerability in Microsoft Windows MSDT that is triggered when MSDT is invoked via the URL protocol from a calling application (e.g., Word). The CVSS 3.1 entry indicates a local attack vector with low attack complexity, no privileges required, b...
CVE-2019-3398
CVE-2019-3398 affects Atlassian Confluence Server and Data Center. A path traversal vulnerability in the downloadallattachments resource lets an attacker with page/blog permissions or admin rights write files to arbitrary locations, potentially leading to remote code execution on vulnerable insta...
CVE-2019-0797
CVE-2019-0797 is a Windows Win32k privilege-escalation vulnerability caused by the Win32k component failing to properly handle objects in memory, enabling local code execution with kernel privileges. Affected: Windows Win32k subsystem (Win32k.sys). Impact: elevated privileges to SYSTEM with poten...
CVE-2010-0188
CVE-2010-0188 is an Adobe Reader/Acrobat vulnerability in the PDF handling stack (notably LibTIFF-related parsing) that could allow denial of service or remote code execution via a crafted PDF. Affected products include Adobe Reader/Acrobat 8.x (before 8.2.1) and 9.x (before 9.3.1). Public analys...
CVE-2021-41357
CVE-2021-41357 is a Windows Win32k privilege-escalation vulnerability (local, low complexity, no user interaction) with CVSS v3.1 base score 7.8 (high). Affected component is Win32k; root cause involves elevation of privileges on Windows systems. Public disclosures in the connected documents indi...
CVE-2021-25296
CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...
CVE-2019-10068
Kentico CMS is affected by a remote code execution vulnerability (CVE-2019-10068) due to insecure .NET object deserialization during staging service processing. Affected versions include Kentico 12.0.x before 12.0.15, 11.x before 11.0.48, 10.x before 10.0.52, and 9.x. The issue can be triggered v...
CVE-2013-5065
NDProxy.sys in the Windows kernel is affected by a local privilege escalation flaw (CVE-2013-5065) caused by improper input validation in the NDPROXY driver. A crafted IOCTL path allows a local attacker to exploit a NULL pointer dereference to escalate privileges on affected systems. Public explo...
CVE-2020-1027
CVE-2020-1027 is a Windows privilege-escalation vulnerability affecting Windows kernel memory handling and the CSRSS subsystem. The Windows kernel path (memory object handling) enabled local privilege escalation via write-what-where style abuse in kernel fault paths, while the CSRSS path allowed ...
CVE-2021-36783
CVE-2021-36783 (Rancher info-disclosure) affects SUSE Rancher where credentials, passwords and API tokens stored in cleartext are exposed via API endpoints to authenticated users (Cluster Owners/Members, Project Owners/Members). Affected: Rancher versions before 2.6.4 (and 2.5.x before 2.5.13). R...
CVE-2018-20058
CVE-2018-20058 describes a local file path traversal in Evernote for macOS prior to 7.6, affecting the attachment preview feature (MACOSNOTE-28634). The vulnerability path is local file access via the attachment preview, enabling potential leakage of files present on the user’s system. The NVD en...
CVE-2018-8405
Technical details (exploit vector, affected products/versions, root cause specifics, and mitigations) are not publicly disclosed in the provided connected documents. Monitor for updates from authoritative sources.
CVE-2017-0005
Technical details (affected product/version, root cause, fix) are not provided in the supplied documents; public details are high-level. Monitor for updates from official advisories and CVE feeds.
CVE-2013-1675
CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...
CVE-2021-42258
BillQuick Web Suite SQL Injection (CVE-2021-42258) affects BEQ BillQuick Web Suite 2018–2021 prior to 22.0.9.1. The vulnerability is an SQL injection in the txtID/username parameter that enables unauthenticated remote code execution, including the potential to run code as MSSQLSERVER$ via xp_cmds...
CVE-2019-7194
CVE-2019-7194 is a QNAP Photo Station path-traversal vulnerability (external control of file name/path) that allows remote access to or modification of files. Affected: QNAP Photo Station (versions 5.2.11, 5.4.9, 5.7.10, and 6.0.3 or earlier). Impact per sources: remote access/modification of sys...
CVE-2020-8243
CVE-2020-8243 affects Pulse Connect Secure, specifically the admin web interface prior to 9.1R8.2. An authenticated attacker can upload a custom template to achieve arbitrary code execution via the admin UI. The CVSSv3 base score is 7.2 (High) with network access, low attack complexity, and high ...
CVE-2020-8816
CVE-2020-8816 : Pi-hole Web (AdminLTE) 4.3.2 is vulnerable to Remote Code Execution via a crafted DHCP static lease. Exploitation requires privileged dashboard access and is authenticated; the flaw arises from how DHCP static leases are processed, enabling an attacker with dashboard privileges to...
CVE-2025-24367
CVE-2025-24367 affects Cacti, an open-source monitoring framework. The flaw allows an authenticated Cacti user to abuse graph creation and graph template functionality to write arbitrary PHP scripts in the web root, leading to remote code execution on the server. Impact is remote code execution w...
CVE-2020-5847
Unraid 6.8.0 and earlier contains two CVEs: CVE-2020-5847 (remote code execution via insecure use of PHP extract) and CVE-2020-5849 (authentication bypass). Reports and exploit references (Metasploit module and Exploit-DB) confirm practical impact: authenticated admin access can be gained, then a...
CVE-2019-0541
CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...
CVE-2024-21413
Summary of CVE-2024-21413 (Microsoft Outlook / Moniker Link): A vulnerability in Outlook where crafted Moniker Link URLs (often via file:///UNC paths) can trigger an automatic SMB access, potentially leaking the user’s NTLM hash to an attacker. Multiple PoCs on GitHub demonstrate delivering malic...
CVE-2021-40870
Summary (CVE-2021-40870) : Aviatrix Controller 6.x before 6.5-1804.1922 is affected by an unrestricted file upload via a directory traversal flaw that enables an unauthenticated attacker to execute arbitrary code. The base vulnerability is described in the primary CVE record, which lists the affe...
CVE-2020-36775
CVE-2020-36775 affects the Linux kernel’s f2fs subsystem. The vulnerability was tied to a potential deadlock in the f2fs_write_compressed_pages() path, mitigated by using f2fs_trylock_op() (consistent with the approach used in f2fs_write_single_data_page()) to avoid deadlocks. The concrete fix is...
CVE-2021-27860
CVE-2021-27860 affects FatPipe WARP, IPVPN, and MPVPN web management interfaces. An unauthenticated remote attacker can upload arbitrary files to any location on the filesystem on affected devices running versions < 10.1.2r60p92 or
CVE-2016-7200
CVE-2016-7200 refers to a memory-corruption/remote-code-execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The Connected documents confirm this family of issues (ChakraCore/RCE vulnerabilities) and note it as a memory-corruption-based flaw triggered by a crafted site,...
CVE-2012-1710
CVE-2012-1710 affects Oracle WebCenter Forms Recognition in Oracle Fusion Middleware 10.1.3.5. Multiple ActiveX components (CroProj.dll and Sssplt30.ocx) are vulnerable to directory-traversal flaws that can allow arbitrary file creation/overwrite when a user visits a crafted page. This enables re...
CVE-2019-7195
CVE-2019-7195 is a QNAP Photo Station external file name/path control vulnerability. The CVE affects QNAP Photo Station on QTS with Photo Station versions prior to the fixes listed in QNAP NAS advisory NAS-201911-25 and related vendor advisories. The underlying issue is a path traversal/ improper...
CVE-2019-12384
CVE-2019-12384 affects FasterXML jackson-databind 2.x (pre-2.9.9.1) where failure to block logback-core in polymorphic deserialization can enable remote code execution depending on classpath contents. The Connected IBM documents corroborate broader jet deserialization gadget vulnerabilities in ja...
CVE-2018-8406
CVE-2018-8406 is a DirectX Graphics Kernel (DXGKRNL) privilege-escalation vulnerability caused by the DXGKRNL driver improperly handling memory objects. Affected products include Windows Server 2016 and Windows 10 (and Windows 10 Servers). The CVE is characterized by a local, low-complexity attac...
CVE-2017-16138
CVE-2017-16138 affects the mime Node.js module, with vulnerable versions including
CVE-2025-53770
CVE-2025-53770 is a critical remote code execution vulnerability in on-premises Microsoft SharePoint Server, achieved via deserialization of untrusted data and an unauthenticated POST to ToolPane.aspx. The attack chain typically bypasses authentication, retrieves MachineKey values from the web.co...
CVE-2022-32917
CVE-2022-32917 is a kernel-level remote code execution risk in Apple OSes addressed by fixes that implement improved bounds checks. Affected: macOS Big Sur 11.7, macOS Monterey 12.6, iOS 15.7, iPadOS 15.7, iOS 16. The issue allowed an application to execute arbitrary code with kernel privileges a...
CVE-2021-1906
CVE-2021-1906 affects Qualcomm Snapdragon GPU address management across Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables. Root cause: improper handling of address deregistration on failure can lead to a new GPU address allocation failure. CVSS reflects Medium seve...
CVE-2012-6708
CVE-2012-6708 concerns jQuery. In versions before 1.9.0, the library’s jQuery(strInput) would treat inputs containing the character ‘<’ as HTML payloads, conflating HTML with selectors and enabling XSS via crafted strings. The underlying issue was that any input containing ‘<’ could be misi...
CVE-2013-0629
CVE-2013-0629 is an Adobe ColdFusion directory traversal vulnerability affecting ColdFusion 9.0, 9.0.1, 9.0.2, and 10 when a password is not configured. It allows an attacker to access restricted directories via unspecified vectors and was exploited in the wild in January 2013. Connected sources ...
CVE-2005-2700
This CVE concerns the Apache mod_ssl module (ssl_engine_kernel.c) where configuring SSLVerifyClient optional at global vhost level fails to enforce SSLVerifyClient require in per-location contexts. Attackers could bypass intended access restrictions by omitting a client certificate. Affected comp...
CVE-2017-0222
CVE-2017-0222 and CVE-2017-0226 describe a remote code execution vulnerability in Microsoft’s Internet Explorer caused by improper access to memory objects. The root cause is memory corruption during object handling, leading to possible code execution in the current user context. CVSS data in the...
CVE-2016-6277
CVE-2016-6277 affects Netgear routers (R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, D6400, D7000, and possibly others) where remote attackers could execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. Root cause is unsanitized/crafted pat...
CVE-2022-3786
OpenSSL CVE-2022-3602 and CVE-2022-3786 describe buffer overflows in X.509 name-constraint processing triggered by crafted email addresses in certificates, potentially crashing the TLS client/server and, in some scenarios, enabling remote code execution. Documents confirm the issues affect OpenSS...
CVE-2010-4345
CVE-2010-4345 is a local privilege escalation in Exim up to version 4.72, where the exim user could gain root privileges by specifying an alternate configuration file with -C or via macro overrides (-D). Upstream fixes require changes to Exim behavior; newer builds drop root privileges when run w...