Vulnerabilities in n/a

159,628 results

CVE-2019-17558HIGHApache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template canEPSS 98.6%KEV CVE-2012-4681CRITICALMultiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to EPSS 98.5%KEV CVE-2024-50623CRITICALIn Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download thEPSS 98.5%KEV CVE-2016-3088CRITICALThe Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTEPSS 98.5%KEV CVE-2008-2992HIGHStack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file tEPSS 98.5%KEV CVE-2018-12998—A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration ManageEPSS 98.5%CVE-2009-1122—The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows reEPSS 98.4%CVE-2018-12613—An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the serveEPSS 98.4%CVE-2023-29084HIGHZoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.EPSS 98.4%CVE-2017-15944CRITICALPalo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to executeEPSS 98.3%KEV CVE-2018-1000861CRITICALA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/corEPSS 98.3%KEV CVE-2016-1555CRITICAL(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 EPSS 98.3%KEV CVE-2020-35847—Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.EPSS 98.3%CVE-2012-1457—The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.EPSS 98.3%CVE-2015-8562—Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via tEPSS 98.3%CVE-2022-22947CRITICALIn spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway ActuatEPSS 98.3%KEV CVE-2023-20887CRITICALAria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations forEPSS 98.2%KEV CVE-2018-11409—Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonEPSS 98.2%CVE-2020-15920—There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with adminiEPSS 98.2%CVE-2012-0507CRITICALUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier,EPSS 98.2%KEV

← previouspage 7 / 7,982next →