Adobe ColdFusion - Access Control Bypass

An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install. id: CVE-2023-29298 info: name: Adobe ColdFusion - Access Control Bypass author:...

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

GeoServer RCE in Evaluating Property Name Expressions

In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expression...

ConnectWise ScreenConnect 23.9.7 - Authentication Bypass

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. id: CVE-2024-1709 info: name: ConnectWise ScreenConnect 23.9.7 -...

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

Apache OFBiz - Improper Authorization & Remote Code Execution

Improper Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met...

Apache OFBiz Directory Traversal - Remote Code Execution

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.13 id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: |...

PaloAlto Networks Expedition - Remote Code Execution

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. id: CVE-2024-946...

Atlassian Confluence - Remote Code Execution

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server...

WordPress Chop Slider 3 - Blind SQL Injection

WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to getscript/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive informatio...

Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...

WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. i...

PhpMyAdmin Scripts - Remote Code Execution

PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow...

Jira Server and Data Center - Information Disclosure

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before...

Sophos UTM Preauth - Remote Code Execution

Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11. id: CVE-2020-25223 info: name: Sophos UTM Preauth - Remote Code Execution author: gy741 severity: critical description: Sophos SG UTMA WebAdmin is susceptibl...

CrushFTP - Authentication Bypass

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. id: CVE-2025-31161 info: name: CrushFTP - Authenticati...

Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution

The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

Apache OFBiz 17.12.03 - Cross-Site Scripting

Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request. id: CVE-2020-9496 info: name: Apache OFBiz 17.12.03 - Cross-Site Scripting author: dwisiswant0 severity: medium description: Apache OFBiz 17.12.03 contains cross-site scripting a...

Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled. id: CVE-2020-7796 info: name: Zimbra Collaboration Suite 8.8.15 Patch 7 - Server-Side Request Forgery author: gy741 severity: critical...

Grafana 3.0.1-7.0.1 - Server-Side Request Forgery

Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network...

Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution

Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS. id: CVE-2020-7961 info: name: Liferay Portal Unauthenticated 7.2.1 CE GA2 - Remote Code Execution author: dwisiswant0 severity: critical description: Liferay Portal prior to 7.2.1 ...

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

Netsweeper <=6.4.3 - Python Code Injection

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. id: CVE-2020-13167 info: name: Netsweeper =6.4.4 to mitiga...

Mida eFramework <=2.9.0 - Remote Command Execution

Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative root privileges. No authentication is required. id: CVE-2020-15920 info: name: Mida eFramework =2.9.0 - Remote Command Execution author: dwisiswant0 severity: critical description: Mida eFramewor...

Agentejo Cockpit <0.11.2 - NoSQL Injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller. id: CVE-2020-35847 info: name: Agentejo Cockpit 0.11.2 - NoSQL Injection author: dwisiswant0 severity: critical description: | Agentejo Cockpit before 0.11.2 allows NoS...

Gogs 0.5.5 - 0.12.2 - Remote Code Execution

Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but n...

SolarWinds Orion API - Auth Bypass

SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance...

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

Windows Server Update Service - Insecure Deserialization

Windows Server Update Service contains an insecure deserialization vulnerability caused by deserialization of untrusted data. An unauthorized attacker with network access can exploit this to execute arbitrary code remotely, potentially leading to full system compromise. id: CVE-2025-59287 info:...

F5 BIG-IP - Unauthenticated RCE via AJP Smuggling

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution RCE. The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass...

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

MOVEit Transfer - Remote Code Execution

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

Metabase < 0.46.6.1 - Remote Code Execution

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

Ruckus Wireless Admin - Remote Code Execution

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request. id: CVE-2023-25717 info: name: Ruckus Wireless Admin - Remote Code Execution author: parthmalhotra,pdresearch severity: critical description: | Ruckus Wireless Admin through 10.4 allows Remote...

Altenergy Power Control Software C1.2.5 - Remote Command Injection

Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/settimezone parameter, because of settimezone in models/managementmodel.php. An attacker can potentially obtain sensitive information, modify data, and/or execut...

Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

ManageEngine ADManager Plus - Command Injection

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. id: CVE-2023-29084 info: name: ManageEngine ADManager Plus - Command Injection author: rootxharsh,iamnoooob,pdresearch severity: high description: | Zoho ManageEngine...

Joomla! Webservice - Password Disclosure

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. id: CVE-2023-23752 info: name: Joomla! Webservice - Password Disclosure author: badboycxcc,Sascha Brendel severity: medium description: | An issue was discovered in...

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. id: CVE-2023-23333 info: name: SolarView Compact 6.00 - OS Command Injection author: Mr-xn severity: critical description: ...

Citrix Bleed - Leaking Session Tokens

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA ?virtual?server. id: CVE-2023-4966 info: name: Citrix Bleed - Leaking Session Tokens author: DhiyaneshDK severity: high description: | Sensiti...

CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution RCE. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in...

GitLab - Account Takeover via Password Reset

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to a...

Apache Druid Kafka Connect - Remote Code Execution

The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API id: CVE-2023-25194 info: name: Apache Druid Kafka Conne...

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via confmail.php. id: CVE-2022-29303 info: name: SolarView Compact 6.00 - OS Command Injection author: badboycxcc severity: critical description: | SolarView Compact 6.00 was discovered to contain a command injecti...

F5 BIG-IP iControl - REST Auth Bypass RCE

F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication. id: CVE-2022-1388 info: name: F5 BIG-IP...

D-Link DNS-320 - Unauthenticated Remote Code Execution

D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a systemmgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters fntpserver, which in turn leads to arbitrary command execution. id: CVE-2020-25506 info: name:...

MantisBT <=2.30 - Arbitrary Password Reset/Admin Access

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirmhash value to verify.php. id: CVE-2017-7615 THIS TEMPLATE IS ONLY FOR DETECTING To carry out further attacks, please see reference2 below. This template works by guessing user ID. MantisBT...

Joomla! <3.7.1 - SQL Injection

Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-8917 info: name: Joomla! 3.7.1 - SQL Injection...

HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass

HPE Integrated Lights-out 4 iLO 4 prior to 2.53 was found to contain an authentication bypass and code execution vulnerability. id: CVE-2017-12542 info: name: HPE Integrated Lights-out 4 ILO4 2.53 - Authentication Bypass author: pikpikcu severity: critical description: HPE Integrated Lights-out 4...

Lucee Admin - Remote Code Execution

Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability. id: CVE-2021-21307 info: name: Lucee Admin - Remote Code Execution author: dhiyaneshDk severity: critical description: Lucee Admin before versions 5.3.7.47, 5.3.6.68 or...