Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2011/04/19 12:0 a.m.•47 views

Webkit Detached Body Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...

9CVSS2.8AI score0.03923EPSS
Exploits2References2
Zero Day Initiative
Zero Day Initiative
•added 2011/04/12 12:0 a.m.•47 views

Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

10CVSS5.6AI score0.71129EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
•added 2010/08/09 12:0 a.m.•47 views

Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

10CVSS3AI score0.0504EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2010/06/16 12:0 a.m.•47 views

Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded image data within SWF files. The...

10CVSS4AI score0.06751EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/05 12:0 a.m.•47 views

Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability

This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when moving DOM nodes in...

10CVSS3.2AI score0.05773EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2010/04/02 12:0 a.m.•47 views

Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of web worker threads...

10CVSS3.5AI score0.06006EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/09/10 12:0 a.m.•47 views

Mozilla Firefox TreeColumns Dangling Pointer Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the redrawing of tree columns contained...

9.3CVSS3.3AI score0.04623EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2009/08/11 12:0 a.m.•47 views

Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the processing of malicious parameters to the...

9.3CVSS3.9AI score0.6202EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2008/12/04 12:0 a.m.•47 views

Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities

These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The first vulnerability results in a cache location and a user...

5CVSS1.3AI score0.03451EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2008/07/17 12:0 a.m.•47 views

Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption function used while...

10CVSS4.2AI score0.04267EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
•added 2024/10/16 12:0 a.m.•46 views

Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

8.8CVSS7.5AI score0.01497EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/05/22 12:0 a.m.•46 views

(Pwn2Own) Microsoft Windows CLFS Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log Fil...

8.8CVSS7AI score0.05275EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/09/12 12:0 a.m.•46 views

Microsoft Windows CLFS Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.4CVSS6.2AI score0.05356EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/08/14 12:0 a.m.•46 views

Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability. The specific flaw exists within the FortiClient Logging daemon. The product applies insufficient access controls to...

8.8CVSS7.3AI score0.00701EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/06/08 12:0 a.m.•46 views

VMware Aria Operations for Networks createSupportBundle Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Aria Operations for Networks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createSupportBundle method. The issue results from the lack of...

9.8CVSS7.4AI score0.98281EPSS
Exploits7References1
Zero Day Initiative
Zero Day Initiative
•added 2023/04/11 12:0 a.m.•46 views

Microsoft Windows Bluetooth BNEP Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of...

7.6CVSS8.7AI score0.06585EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/03/15 12:0 a.m.•46 views

Microsoft Windows win32kfull Bitmap Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS8.3AI score0.00273EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/02/09 12:0 a.m.•46 views

VMware vRealize Log Insight setConfig Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vRealize Log Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setConfig function. The issue results from the lack of authentication...

8.1CVSS3AI score0.81011EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/20 12:0 a.m.•46 views

RARLAB WinRAR ZIP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

2.5CVSS2.4AI score0.23043EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•46 views

Microsoft Windows GreStartDocInternal Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS8.2AI score0.00476EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•46 views

Microsoft 3D Builder GLB File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

6.6CVSS7.5AI score0.00939EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/01/18 12:0 a.m.•46 views

Microsoft Exchange GetTorusCmdletConfigurationEntries Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Exchange. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7CVSS7.8AI score0.00569EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/12/21 12:0 a.m.•46 views

VMware ESXi TCP/IP Memory Corruption Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the TCPIP kernel...

7.8CVSS3.4AI score0.0034EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/11/03 12:0 a.m.•46 views

SAP 3D Visual Enterprise Author OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

3.3CVSS3AI score0.00242EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/09/01 12:0 a.m.•46 views

ManageEngine NetFlow Analyzer getNmapInitialOption Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine NetFlow Analyzer. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNmapInitialOption function. The issue results from the lack of proper...

7.2CVSS4.8AI score0.77618EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/08/18 12:0 a.m.•46 views

(Pwn2Own) Microsoft Windows partmgr Improper Authorization Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the partmgr.sys...

8.8CVSS5.2AI score0.00484EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/07/15 12:0 a.m.•47 views

(Pwn2Own) Inductive Automation Ignition Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

8.8CVSS4.2AI score0.43103EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/06/01 12:0 a.m.•46 views

Microsoft Visual Studio VSIX Auto Update Deserialization of Untrusted Data Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VSIX Aut...

8.4CVSS5.6AI score0.00753EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/10 12:0 a.m.•46 views

Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Print Spooler...

7CVSS6.2AI score0.1209EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/10 12:0 a.m.•46 views

Microsoft Windows CreateObjectHandler Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS6.8AI score0.00848EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/09 12:0 a.m.•46 views

Zoom Client Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Zoom Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. By creati...

7.8CVSS5.9AI score0.0037EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/03/23 12:0 a.m.•46 views

(Pwn2Own) HP LaserJet Pro MFP M283fdw CFF Font Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PostScript interpreter. Crafted data in a CFF font can...

4.3CVSS2.6AI score0.07022EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/02/14 12:0 a.m.•46 views

(Pwn2Own) Sonos One Speaker Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of...

8.8CVSS3.7AI score0.04085EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•46 views

Bentley MicroStation CONNECT JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS5AI score0.02041EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/12/08 12:0 a.m.•46 views

Bentley View JT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...

7.8CVSS5.9AI score0.02041EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/12/08 12:0 a.m.•46 views

Bentley View BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP...

7.8CVSS5.9AI score0.02123EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/11/22 12:0 a.m.•46 views

Commvault CommCell CVSearchService Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper validation prio...

9.8CVSS9.1AI score0.05424EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/10/13 12:0 a.m.•46 views

Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF...

8.8CVSS3.7AI score0.00972EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2021/08/26 12:0 a.m.•46 views

Microsoft Windows Canonical Display Driver DrvStrokePath Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the cdd.dll driver...

8.8CVSS5.7AI score0.01294EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/08/03 12:0 a.m.•46 views

(Pwn2Own) Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate...

7.8CVSS4.1AI score0.00246EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/28 12:0 a.m.•46 views

Adobe After Effects JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe After Effects. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing...

7.8CVSS4.2AI score0.02438EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/28 12:0 a.m.•46 views

Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Media Encoder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS4.1AI score0.01865EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/19 12:0 a.m.•46 views

Siemens JT2Go SGI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SGI...

7.8CVSS4.3AI score0.01574EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2021/07/19 12:0 a.m.•46 views

Microsoft SharePoint Missing Check of Message Integrity Vulnerability

This vulnerability allows network-adjacent attackers to tamper with update data on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of SharePoint Help updates. The issue results from a missing...

3.5CVSS1.5AI score0.04445EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/17 12:0 a.m.•46 views

Siemens JT2Go TIFF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF...

7.8CVSS4.2AI score0.0191EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2021/06/02 12:0 a.m.•46 views

OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS4.6AI score0.01419EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2021/04/21 12:0 a.m.•46 views

Parallels Desktop Tools Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tool...

8.8CVSS5.6AI score0.00452EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/21 12:0 a.m.•46 views

Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...

6.5CVSS3.7AI score0.0043EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/02/04 12:0 a.m.•46 views

Siemens Comfort Panel Telnet Service Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Comfort Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 22 by default. The issue results fro...

9.8CVSS4.1AI score0.05176EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/02/04 12:0 a.m.•46 views

Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

3.3CVSS4AI score0.00854EPSS
Exploits0References1
Total number of security vulnerabilities5000