Vulnerabilities in n/a

159,628 results

CVE-2015-7450CRITICALSerialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products alloEPSS 97.7%KEV CVE-2019-18818—strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-pEPSS 97.6%CVE-2013-0422CRITICALMultiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanEPSS 97.6%KEV CVE-2021-36380CRITICALSunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiaEPSS 97.6%KEV CVE-2013-5211—The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplificatEPSS 97.5%CVE-2021-3378—FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFileEPSS 97.5%CVE-2016-3714HIGHThe (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x beforEPSS 97.5%KEV CVE-2021-26812—Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to EPSS 97.5%CVE-2016-8869—The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remoteEPSS 97.4%CVE-2019-9082HIGHThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\appEPSS 97.4%KEV CVE-2020-12116—Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitraryEPSS 97.4%CVE-2007-3010CRITICALmasterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to exeEPSS 97.4%KEV CVE-2019-0230—Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code exeEPSS 97.4%CVE-2016-6601—Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to reaEPSS 97.4%CVE-2018-17456—Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows rEPSS 97.4%CVE-2020-25213CRITICALThe File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because EPSS 97.3%KEV CVE-2015-1641HIGHMicrosoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, EPSS 97.3%KEV CVE-2019-7256CRITICALLinear eMerge E3-Series devices allow Command Injections.EPSS 97.1%KEV CVE-2012-1420—The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.EPSS 97.1%CVE-2023-37679—A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hostingEPSS 97.1%

← previouspage 9 / 7,982next →