Vulnerabilities in n/a
159,628 resultsCVE-2015-2051HIGHThe D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands viaEPSS 97.1%KEVCVE-2022-28219—Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.EPSS 97.0%CVE-2020-11455—LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.EPSS 97.0%CVE-2017-8291HIGHArtifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile EPSS 97.0%KEVCVE-2016-9299—The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized EPSS 96.9%CVE-2015-0014—Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7EPSS 96.9%CVE-2010-3962HIGHUse-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors relateEPSS 96.9%KEVCVE-2021-25299—Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/ssEPSS 96.9%CVE-2019-5544CRITICALOpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be inEPSS 96.8%KEVCVE-2015-3306—The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.EPSS 96.8%CVE-2012-0392—The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to EPSS 96.8%CVE-2021-37344—Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements usedEPSS 96.8%CVE-2019-17662—ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authenEPSS 96.8%CVE-2021-22502CRITICALRemote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability couldEPSS 96.7%KEVCVE-2001-0500—Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackeEPSS 96.7%CVE-2011-3544CRITICALUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remotEPSS 96.7%KEVCVE-2020-25223CRITICALA remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11EPSS 96.7%KEVCVE-2023-35708—In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL EPSS 96.7%CVE-2019-20499—D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionalitEPSS 96.6%CVE-2019-9194—elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.EPSS 96.6%