Vulnerabilities in n/a
159,574 resultsCVE-2014-6271CRITICALGNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attacEPSS 100.0%KEVCVE-2021-21985CRITICALThe vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plEPSS 100.0%KEVCVE-2019-19781CRITICALAn issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory TEPSS 100.0%KEVCVE-2019-11510CRITICALIn Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attackEPSS 100.0%KEVCVE-2022-29464CRITICALCertain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint withEPSS 100.0%KEVCVE-2023-44487HIGHThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, asEPSS 100.0%KEVCVE-2023-1389HIGHTP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form oEPSS 100.0%KEVCVE-2021-22005CRITICALThe vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 4EPSS 100.0%KEVCVE-2021-35464CRITICALForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitatioEPSS 100.0%KEVCVE-2020-5902CRITICALIn BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User InteEPSS 100.0%KEVCVE-2014-0160HIGHThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remEPSS 100.0%KEVCVE-2017-9841CRITICALUtil/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST daEPSS 100.0%KEVCVE-2015-1635CRITICALHTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote aEPSS 100.0%KEVCVE-2014-3566LOWThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for manEPSS 100.0%CVE-2017-7921CRITICALAn Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I EPSS 100.0%KEVCVE-2012-1823CRITICALsapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle queEPSS 100.0%KEVCVE-2013-2251CRITICALApache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:,EPSS 100.0%KEVCVE-2022-22954CRITICALVMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A maliEPSS 100.0%KEVCVE-2019-16920CRITICALUnauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when theEPSS 100.0%KEVCVE-2023-50387HIGHCertain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of serEPSS 100.0%