DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.1 use a weak encryption algorithm to protect input parameters. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code execution. id: CVE-2018-15811 info: name: DotNetNuke...

WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery

WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can...

VMware vRealize Log Insight - Improper Access Control to RCE

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. id: CVE-2022-31704 info: name: VMware vRealize Log Insight - Improper Acces...

D-Link DIR-600M - Authentication Bypass

D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication...

WordPress Google Maps <7.11.18 - SQL Injection

WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute...

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

D-Link Routers - Remote Command Injection

D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...

Apache APISIX Dashboard <2.10.1 - API Unauthorized Access

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin.' While all APIs and authentication middleware are developed based on framework droplet, some API directly use the interface of framework gin thus bypassing...

Apache ShenYu Admin Unauth Access

Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. id: CVE-2022-23944 info: name: Apache ShenYu Admin Unauth Access author: cckuakilong severity: critical description: Apach...

CHIYU TCP/IP Converter - Cross-Site Scripting

CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi. id: CVE-2021-31250 info: name: CHIYU TCP/IP Converter - Cross-Site Scripting author: geeknik...

BillQuick Web Suite SQL Injection

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xpcmdshell. id: CVE-2021-42258 info: name: BillQuick Web Suite SQL Injection...

Jellyfin 10.7.2 - Server Side Request Forgery

Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. id: CVE-2021-29490 info: name: Jellyfin 10.7.2 - Server Side Request Forgery author: alph4byt3 severity: medium description: |...

Apache Airflow - Unauthenticated Variable Import

Apache Airflow Airflow =2.0.0 and =2.0.0 and 2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution...

SDT-CW3B1 1.1.0 - OS Command Injection

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. id: CVE-2021-46422 info: name: SDT-CW3B1 1.1.0 - OS Command Injection author: badboycxcc,prajiteshsingh severity: critical description: ...

XStream <1.4.17 - Remote Code Execution

XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of...

RealTek Jungle SDK - Arbitrary Command Injection

There is a command injection vulnerability on the "formWsc" page of the management interface. Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system. id: CVE-2021-35395 info: name: RealTek Jungle SDK - Arbitrary Command Injection...

Resourcespace - Cross-Site Scripting

ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. id: CVE-2021-41951 info: name: Resourcespace - Cross-Site Scripting author: coldfish severity: medium description: ResourceSpac...

Jellyfin <10.7.0 - Local File Inclusion

Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk. id: CVE-2021-21402 info: name: Jellyfin 10.7.0 - Local File Inclusion author: dwisiswant0 severity: medium...

Apache OFBiz <17.12.06 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. id: CVE-2021-26295 info: name: Apache OFBiz 17.12.06 - Arbitrary Code Execution author: madrobot severity: critical description: | Apache OFBiz...

Telesquare TLR-2855KS6 - Arbitrary File Deletion

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. id: CVE-2021-46419 info: name: Telesquare TLR-2855KS6 - Arbitrary File Deletion author: DhiyaneshDK severity: critical description: | An unauthorized file deleti...

Apache Struts <2.3.1.1 - Remote Code Execution

Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information,...

Netsweeper - Authentication Bypass

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. id: CVE-2014-9618 info: name: Netsweeper - Authentication...

Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)

An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. id: CVE-2012-3153 info: name: Oracle Forms &...

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server Oracle Fusion Middleware component: WLS Core Components is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated...

Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting

Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application. id: CVE-2021-26812 info: name: Moodle...

Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

MobileIron Core - Remote Unauthenticated API Access

Ivanti Endpoint Manager Mobile EPMM, formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. id: CVE-2023-35082 info: name: MobileIron Core - Remote...

Apache Struts 2 - Remote Command Execution

Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a...

Apache Struts 2.0.0-2.5.25 - Remote Code Execution

Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. id: CVE-2020-17530 info: name: Apache Struts 2.0.0-2.5.25 - Remote Code Execution author: pikpikcu severity: critical...

Grafana - XSS / Open Redirect / SSRF via Client Path Traversal

An open redirect vulnerability in Grafana can be chained with other issues, such as XSS or SSRF, to increase impact. An attacker may exploit the redirect to target internal services or deliver malicious JavaScript, potentially leading to internal data exposure or account takeover. id: CVE-2025-41...

XWiki Platform - Remote Code Execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

Juniper J-Web - Remote Code Execution

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands id: CVE-2023-36845 info: name: Juniper J-Web - Remote Code...

SolarWinds Web Help Desk - Hardcoded Credential

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. id: CVE-2024-28987 info: name: SolarWinds Web Help Desk - Hardcoded Credential author:...

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

XWiki < 4.10.15 - Sensitive Information Disclosure

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

Fortra GoAnywhere MFT - Remote Code Execution

Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet. id: CVE-2023-0669 info: name: Fortra GoAnywhere MFT - Remote...

n8n - Remote Code Execution via Expression Injection

n8n 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication. id: CVE-2025-68613 info: name: n8n - Remote Code...

Apache Tomcat Path Equivalence - Remote Code Execution

Path Equivalence- 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. id: CVE-2025-24813 info: name: Apache Tomcat Path Equivalence - Remote Code Execution...

Ivanti Connect Secure - Stack-based Buffer Overflow

Ivanti Connect Secure 22.7R2.5, Ivanti Policy Secure 22.7R1.2, and Ivanti Neurons for ZTA gateways 22.7R2.3 contain a stack-based buffer overflow in the clientCapabilities parameter handling. This vulnerability allows remote unauthenticated attackers to execute arbitrary code through IF-T TLS...

Cleo Harmony < 5.8.0.24 - File Upload Vulnerability

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. id: CVE-2024-55956 info: name: Cleo Harmony...

WP Time Capsule Plugin - Remote Code Execution

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticat...

Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection

A command injection vulnerability in web components of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. id: CVE-2024-21887 info: name: Ivanti Connect Secure...

SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

DotNetNuke 07.04.00 - Administration Authentication Bypass

The installation wizard in DotNetNuke DNN before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. id: CVE-2015-2794 info: name: DotNetNuke 07.04.00 - Administration Authentication Bypass author: 0xr2r severity...

Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection

The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

Adobe ColdFusion - Local File Read

Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier id: CVE-2023-26360 info: name: Adobe ColdFusion - Local File Read author:...