Lucene search
K
CveMost viewed

367935 matches found

CVE
CVE
added 2013/03/13 12:0 a.m.1016 views

CVE-2013-0074

CVE-2013-0074 (Microsoft Silverlight) affects Silverlight 5 and the 5 Developer Runtime prior to 5.1.20125.0. The root cause is improper validation of pointers during HTML object rendering, leading to a pointer-dereference memory corruption that can allow remote code execution via a crafted Silve...

9.3CVSS9.3AI score0.81868EPSS
In wildExploits8References5Affected Software1
CVE
CVE
added 2008/02/07 8:0 p.m.1016 views

CVE-2008-0655

CVE-2008-0655 affects Adobe Acrobat/Reader (before 8.1.2). Connected advisories confirm multiple vulnerabilities in Adobe Reader/Acrobat, including JS API DOC.print could silently trigger printing, and PDF processing flaws that could enable arbitrary code execution. Red Hat RHSA-2008:0144 documen...

9.3CVSS6.4AI score0.36844EPSS
In wildExploits2References21Affected Software1
CVE
CVE
added 2007/09/18 9:0 p.m.1016 views

CVE-2007-3010

CVE-2007-3010 affects Alcatel-Lucent OmniPCX Enterprise Communication Server (R7.1 and earlier). The web-based masterCGI script in the Unified Maintenance Tool allows remote arbitrary command execution via shell metacharacters in the user parameter during a ping action, enabling an attacker to ru...

10CVSS7.3AI score0.97407EPSS
In wildExploits8References10Affected Software1
CVE
CVE
added 2018/07/09 7:0 p.m.1015 views

CVE-2018-5002

CVE-2018-5002 affects Adobe Flash Player, up to version 29.0.0.171, with a stack-based buffer overflow that could allow arbitrary code execution in the context of the current user. Connected advisories indicate a remediation upgrade to Flash Player 30.0.0.113 (or newer) to fix this issue, and som...

10CVSS7.9AI score0.25353EPSS
In wildExploits0References7Affected Software1
CVE
CVE
added 2017/02/22 11:0 p.m.1015 views

CVE-2017-6077

CVE-2017-6077 affects NETGEAR DGN2200 routers (firmware up to 10.0.0.50). The vulnerability is a remote code execution via ping.cgi: an authenticated attacker can inject shell metacharacters in the ping_IPAddr field of an HTTP POST, enabling arbitrary OS command execution. The issue is tied to th...

10CVSS9.2AI score0.68201EPSS
In wildExploits5References3Affected Software1
CVE
CVE
added 2016/02/10 8:0 p.m.1015 views

CVE-2016-0984

CVE-2016-0984 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that enables arbitrary code execution. Affected products include Flash Player Windows/macOS (before 18.0.0.329 and 19.x prior to 20.0.0.306) and Linux (before 11.2.202.569), as well as Adobe AIR bef...

9.3CVSS8.9AI score0.55375EPSS
In wildExploits2References10Affected Software1
CVE
CVE
added 2023/02/06 7:16 p.m.1014 views

CVE-2023-0669

Fortra GoAnywhere MFT is affected by CVE-2023-0669, a pre-authentication deserialization vulnerability in the License Response Servlet that enables remote code execution by deserializing attacker-controlled objects. Exploitation and PoCs exist in public exploits/analyses; vendors patched the issu...

7.2CVSS7.4AI score0.99999EPSS
In wildExploits12References9Affected Software1
CVE
CVE
added 2021/03/09 12:0 a.m.1014 views

CVE-2021-21300

Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...

8CVSS7.7AI score0.88644EPSS
Exploits5References14Affected Software1
CVE
CVE
added 2021/02/10 10:25 a.m.1014 views

CVE-2021-23874

CVE-2021-23874 affects McAfee Total Protection (MTP) versions prior to 16.0.30. The vulnerability is an Arbitrary Process Execution leading to local privilege escalation and code execution by a local user, bypassing MTP self-defense. Affected component: MTP privilege management; root cause: impro...

8.2CVSS8.1AI score0.01026EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2019/04/23 6:16 p.m.1014 views

CVE-2019-2616

CVE-2019-2616 affects Oracle Fusion Middleware’s BI Publisher/XML Publisher in versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 . It is a XML External Entity (XXE) injection in the BI Publisher Security subcomponent, allowing an unauthenticated, network-accessible attacker (via HTTP) to read server da...

7.2CVSS6AI score0.92183EPSS
In wildExploits4References2Affected Software1
CVE
CVE
added 2016/01/13 2:0 a.m.1014 views

CVE-2016-0034

Microsoft Silverlight 5 is affected by a remote code execution vulnerability (CVE-2016-0034) due to mishandling of negative offsets during decoding. Versions prior to 5.1.41212.0 are vulnerable; successful exploitation via a crafted web page can lead to arbitrary code execution or DoS. Several co...

9.3CVSS8.8AI score0.69709EPSS
In wildExploits1References3Affected Software1
CVE
CVE
added 2015/10/15 10:0 a.m.1014 views

CVE-2015-7645

CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....

9.3CVSS8.7AI score0.68396EPSS
In wildExploits0References15Affected Software1
CVE
CVE
added 2017/10/27 9:0 p.m.1013 views

CVE-2017-15945

The CVE-2017-15945 issue affects Gentoo package installation scripts for dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera prior to 2017-09-29. The root cause is misused chown calls on user-writable directory trees, enabling a local user with acc...

7.8CVSS7.6AI score0.00366EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2016/08/25 9:0 p.m.1013 views

CVE-2016-4655

CVE-2016-4655 is an iOS kernel information-disclosure vulnerability that allowed memory disclosure via a crafted app on affected iOS versions (pre-9.3.5). The connected docs include PoC exploit references (Trident for iOS

7.1CVSS4.3AI score0.33353EPSS
In wildExploits7References10Affected Software1
CVE
CVE
added 2011/12/07 7:0 p.m.1013 views

CVE-2011-2462

Adobe Reader/Acrobat U3D memory corruption vulnerability (CVE-2011-2462) affects Adobe Reader X (10.1.1) and earlier on Windows/macOS; Adobe Reader 9.x up to 9.4.6 on Windows, macOS, UNIX; exploitation could allow remote code execution or DoS via crafted U3D content. The issue is in the U3D parse...

10CVSS9.6AI score0.86238EPSS
In wildExploits11References10Affected Software2
CVE
CVE
added 2011/10/12 1:0 a.m.1013 views

CVE-2011-2005

CVE-2011-2005 : Afd.sys in the Microsoft Windows XP (SP2/SP3) and Server 2003 (SP2) Ancillary Function Driver fails to properly validate user‑mode input before passing to kernel mode, enabling local privilege escalation. Exploitation climbs from a crafted user‑mode application to SYSTEM privilege...

7.8CVSS6.2AI score0.31761EPSS
In wildExploits12References3Affected Software2
CVE
CVE
added 2009/12/15 2:0 a.m.1013 views

CVE-2009-4324

Adobe Reader/Acrobat (Windows/macOS) is affected by CVE-2009-4324 due to a use-after-free in Doc.media.newPlayer inside Multimedia.api. A crafted PDF with ZLib streams can trigger remote code execution. The vulnerability is reported as exploited in the wild in December 2009. Affected versions inc...

9.3CVSS7.2AI score0.81863EPSS
In wildExploits21References22Affected Software2
CVE
CVE
added 2025/03/31 11:9 a.m.1012 views

CVE-2025-3022

CVE-2025-3022 concerns an OS command injection in E-Solutions E-Management. Multiple sources confirm the vulnerability is triggered via the client parameter to /data/apache/e-management/api/api3.php, allowing an attacker to execute arbitrary commands on the server. The CVE is rated critical (CVSS...

9.3CVSS7.8AI score0.01014EPSS
Exploits0References1
CVE
CVE
added 2022/04/15 2:20 p.m.1012 views

CVE-2022-20747

The CVE-2022-20747 concern is Cisco SD-WAN vManage Software Information Disclosure via the History API. Root cause: insufficient API authorization checks on the underlying OS, enabling an authenticated, lower-privileged user to access sensitive information. Affected component: History API in Cisc...

6.5CVSS6.4AI score0.00852EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2016/02/16 3:0 p.m.1012 views

CVE-2016-2388

CVE-2016-2388 affects SAP NetWeaver AS JAVA (notably 7.4; referenced in SAP Security Note 2256846) where the Universal Worklist Configuration enables remote disclosure of sensitive user information via a crafted HTTP request. Documented impact is information disclosure with network-based access a...

5.3CVSS5AI score0.51553EPSS
In wildExploits10References8Affected Software1
CVE
CVE
added 2021/05/25 6:27 p.m.1011 views

CVE-2021-27562

CVE-2021-27562 affects Arm Trusted Firmware M through 1.2; the NS world can trigger a system halt, overwrite secure data, or print secure data via NSPE handler mode. CVSS indicates low–medium overall risk (LOCAL, LOW IT, HIGH availability impact). Public sources confirm details across NVD, CISA K...

5.5CVSS6.4AI score0.03093EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2018/08/15 5:0 p.m.1011 views

CVE-2018-8414

CVE-2018-8414 is a Windows Shell remote code execution vulnerability where the Windows Shell fails to validate file paths. If a user opens a specially crafted file, an attacker could run arbitrary code in the user’s context. The vulnerability affects Windows 10 and related shells. Microsoft relea...

9.3CVSS8.9AI score0.73968EPSS
In wildExploits0References4Affected Software5
CVE
CVE
added 2018/02/08 7:0 a.m.1011 views

CVE-2018-0125

CVE-2018-0125 affects Cisco RV132W/RV134W routers. The web interface suffers from incomplete input validation in HTTP requests, allowing an unauthenticated attacker to execute arbitrary code with root privileges or trigger a device reload (DoS). Affected products: RV132W ADSL2+ Wireless-N VPN Rou...

10CVSS9.9AI score0.54763EPSS
In wildExploits1References4Affected Software1
CVE
CVE
added 2015/06/10 1:0 a.m.1011 views

CVE-2015-1770

CVE-2015-1770 affects Microsoft Office 2013 SP1 and Office 2013 RT SP1, via uninitialized memory use in Office components when processing crafted Office documents, enabling remote code execution. The vulnerability’s impact is high (CVE/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with network vector and ...

9.3CVSS7.5AI score0.35105EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2021/03/26 1:37 p.m.1010 views

CVE-2021-22506

Mode C: Affected product is Micro Focus Access Manager prior to version 5.0. The connected documents describe an Information Leakage vulnerability (CVE-2021-22506) in the Access Manager, arising from an advance configuration exposure that could disclose information. The Nessus entry additionally ...

7.5CVSS7.6AI score0.25695EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2015/07/14 9:0 p.m.1010 views

CVE-2015-2425

Technical details about CVE-2015-2425 are not publicly available in the provided connected documents. Current sources confirm IE11 memory corruption remote code execution vector, but specifics (affected versions, root cause, fixes) are not disclosed here. Monitor for updates.

9.3CVSS7.6AI score0.44851EPSS
In wildExploits0References3Affected Software1
CVE
CVE
added 2015/04/21 10:0 a.m.1010 views

CVE-2015-1701

CVE-2015-1701 is a Win32k.sys kernel-mode privilege-escalation flaw affecting Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2. The issue stems from improper handling within win32k, notably around the ClientCopyImage/SetWindowLongPtr path, enabling a crafted user-mode input to execute code...

7.8CVSS7.3AI score0.562EPSS
In wildExploits38References9Affected Software4
CVE
CVE
added 2021/01/12 2:7 p.m.1008 views

CVE-2021-3129

CVE-2021-3129 affects Laravel Ignition (and Laravel < 8.4.2) where insecure use of file_get_contents()/file_put_contents in debug mode allows unauthenticated RCE. Exploitable versions: Laravel Ignition < 2.5.2 and Laravel

9.8CVSS9.7AI score0.99943EPSS
In wildExploits36References5Affected Software1
CVE
CVE
added 2020/10/28 5:55 p.m.1008 views

CVE-2018-19949

CVE-2018-19949 is a remote command-injection vulnerability in QNAP QTS File Station. Multiple connected sources confirm that, if exploited, remote attackers could run arbitrary commands, with a high-severity impact (NVD CVSS v3.1: CRITICAL, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). QNAP has issued fi...

9.8CVSS9.6AI score0.24449EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2018/03/28 10:0 p.m.1008 views

CVE-2018-0155

CVE-2018-0155 affects Cisco Catalyst 4500/4500-X switches where the BFD offload has insufficient error handling for incomplete BFD headers. An unauthenticated remote attacker can send crafted BFD messages to trigger a crash in the iosd process and potentially cause system reloads, resulting in Do...

8.6CVSS8.2AI score0.07747EPSS
In wildExploits0References5Affected Software2
CVE
CVE
added 2018/03/27 4:0 p.m.1008 views

CVE-2018-6882

Zimbra Collaboration Suite (ZCS) is affected by an XSS in ZmMailMsgView.getAttachmentLinkHtml. The vulnerability exists in ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7, allowing remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. Affected...

6.1CVSS6.1AI score0.23717EPSS
In wildExploits2References7Affected Software1
CVE
CVE
added 2009/06/10 6:0 p.m.1008 views

CVE-2009-1123

CVE-2009-1123 describes a Windows kernel local privilege escalation: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold/SP1/SP2); Server 2008 SP2 fail to validate changes to certain kernel objects, allowing local users to gain privileges via a crafted application. Affected components: ker...

7.8CVSS6.2AI score0.04918EPSS
In wildExploits1References8Affected Software5
CVE
CVE
added 2024/05/03 2:14 a.m.1007 views

CVE-2023-44446

CVE-2023-44446 affects GStreamer’s MXF demuxer (gstreamer1-plugins-bad-free, among others). The vulnerability is a use-after-free during MXF file parsing caused by not validating an object’s existence before operating on it. This can allow an attacker to execute code in the context of the affecte...

8.8CVSS8.8AI score0.01744EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/15 5:11 p.m.1007 views

CVE-2021-27561

CVE-2021-27561 affects Yealink Device Management (DM) platform, specifically DM 3.6.0.20. The vulnerability enables pre-auth, unauthenticated remote command execution via the URI /sm/api/v1/firewall/zone/services, yielding root access and high-severity impact (CVSS v3.1: 9.8, CRITICAL). The conne...

10CVSS9.7AI score0.82516EPSS
In wildExploits0References2Affected Software1
CVE
CVE
added 2026/05/08 12:0 a.m.1006 views

CVE-2025-69690

Netgate pfSense Community Edition 2.7.2 and 2.8.0 are affected by two authenticated RCE paths. First, unsafe deserialization in the module installer/backups allows a crafted backup XML containing a serialized PHP object with the post_reboot_commands property to execute commands with root privileg...

9.1CVSS6.3AI score0.00634EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2018/03/08 7:0 a.m.1006 views

CVE-2018-0147

CVE-2018-0147 affects Cisco Secure Access Control System (ACS) prior to 5.8 patch 9. The root cause is insecure Java deserialization of user-supplied content, allowing unauthenticated remote attackers to execute arbitrary commands with root privileges on affected devices. Public sources in the co...

10CVSS9.7AI score0.18554EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2017/05/26 8:0 p.m.1006 views

CVE-2017-8540

CVE-2017-8540 affects Microsoft Malware Protection Engine (MMPE) across Forefront/Defender deployments. The weakness arises from a use-after-free in the garbage collection system managing JavaScript objects during scanning of specially crafted files, enabling memory corruption and potential remot...

9.3CVSS6.3AI score0.71961EPSS
In wildExploits2References5Affected Software1
CVE
CVE
added 2016/11/18 9:0 p.m.1006 views

CVE-2016-8562

Siemens SIMATIC CP 1543-1 and SIPLUS NET CP 1543-1 (versions before 2.0.28) are affected by CVE-2016-8562. Under special conditions, SNMP variables on port 161/UDP, which should be read-only, can be written, potentially reducing availability or causing denial-of-service. The ICS advisory notes th...

7.5CVSS5.4AI score0.03624EPSS
In wildExploits0References5Affected Software1
CVE
CVE
added 2025/01/15 10:58 a.m.1005 views

CVE-2025-0443

CVE-2025-0443 affects Google Chrome/Chromium with insufficient data validation in Extensions, allowing privilege escalation when a user is tricked into specific UI gestures via a crafted HTML page. Connected sources confirm Chrome/Chromium and show remediation in Chrome 132.0.6834.83 (and Debian’...

8.8CVSS6.7AI score0.00445EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/10/16 3:12 p.m.1005 views

CVE-2023-20198

Cisco IOS XE Web UI vulnerabilities CVE-2023-20198 and CVE-2023-20273 allow authenticated attackers to escalate to root via the Web UI due to input validation weaknesses, enabling privilege escalation and potential remote code execution. Cisco has released fixed builds: 17.3.8a (for the 17.3 trai...

10CVSS8.6AI score0.99571EPSS
In wildExploits26References2Affected Software1
CVE
CVE
added 2022/02/22 10:0 p.m.1005 views

CVE-2022-23635

Technical details for CVE-2022-23635 are not publicly available in the provided connected documents. Monitor for updates; no additional exploit, impact, or remediation details are present in the connected sources.

7.5CVSS7.5AI score0.01594EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/05/31 6:0 p.m.1005 views

CVE-2018-11138

CVE-2018-11138 affects Quest KACE System Management Appliance 8.0.318 where the unauthenticated /common/download_agent_installer.php endpoint can be abused to execute arbitrary commands as the web server user. The Core Security advisory and multiple sources confirm remote code execution via unaut...

10CVSS9.4AI score0.91931EPSS
In wildExploits7References3Affected Software1
CVE
CVE
added 2016/06/17 3:0 p.m.1005 views

CVE-2016-3643

SolarWinds Virtualization Manager

7.8CVSS7.6AI score0.03704EPSS
In wildExploits5References4Affected Software1
CVE
CVE
added 2011/06/16 8:21 p.m.1005 views

CVE-2011-1889

CVE-2011-1889 affects Microsoft Forefront Threat Management Gateway (TMG) 2010. The vulnerability is in the NSPLookupServiceNext function of the TMG Firewall Client Winsock provider, due to a memory corruption/bounds-checking flaw that enables remote code execution. Exploitation involved remote a...

10CVSS7.5AI score0.48368EPSS
In wildExploits1References7Affected Software1
CVE
CVE
added 2017/01/30 4:24 a.m.1004 views

CVE-2016-10174

The NETGEAR WNR2000v5 router is affected by a buffer overflow in the hidden_lang_avi parameter when invoking /apply.cgi?/lang_check.html. An unauthenticated attacker can cause remote code execution. Documentation and exploit sources (e.g., Metasploit module for WNR2000v5 and exploits in Exploit-D...

10CVSS9.9AI score0.8345EPSS
In wildExploits6References7Affected Software1
CVE
CVE
added 2014/10/15 10:0 a.m.1004 views

CVE-2014-4113

CVE-2014-4113 corresponds to a Windows kernel-win32k.sys local privilege escalation (MS14-058) affecting multiple Windows editions (e.g., Windows 7/8/8.1 and corresponding server variants). The vulnerability arises in win32k.sys kernel-mode drivers and allows a crafted user-mode application to ga...

7.8CVSS8AI score0.87042EPSS
In wildExploits22References12Affected Software9
CVE
CVE
added 2026/06/11 8:46 p.m.1003 views

CVE-2026-44249

Netty CVE-2026-44249 details a subnet filter bypass in netty-handler due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Affected are Netty versions prior to 4.1.135.Final and 4.2.15.Final. An attacker could bypass IPv6 subnet restrictions, allowing valid public IPs to bypass...

8.1CVSS5.4AI score0.00552EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2021/05/27 11:14 a.m.1003 views

CVE-2021-22907

CVE-2021-22907 is a local privilege escalation vulnerability in Citrix Workspace App for Windows caused by improper access control. The issue affects Citrix Workspace App on Windows in versions prior to 2105 and the 1912 LTSR branch prior to CU4. A local user with admin privileges could escalate ...

7.8CVSS7.7AI score0.00239EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/25 12:0 a.m.1003 views

CVE-2020-25223

CVE-2020-25223 is a remote code execution vulnerability in the WebAdmin interface of Sophos SG UTM, exploitable without authentication. The flaw allows an unauthenticated attacker to run arbitrary commands as root via a SID-based command injection in WebAdmin. Affected versions are Sophos SG UTM ...

10CVSS9.6AI score0.96693EPSS
In wildExploits9References6Affected Software1
CVE
CVE
added 2009/11/11 7:0 p.m.1003 views

CVE-2009-3129

CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...

9.3CVSS7.5AI score0.85731EPSS
In wildExploits10References11Affected Software4
Total number of security vulnerabilities5000