Show filters
1,121 topics marked with the following tags:
Displaying 1-10 of 1,121
Sort by:
Attacker Value
Unknown
CVE-2020-25223
Disclosure Date: September 25, 2020 (last updated October 18, 2023)
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
0
Attacker Value
Unknown
CVE-2018-15133
Disclosure Date: August 09, 2018 (last updated December 06, 2023)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
0
Attacker Value
Unknown
CVE-2021-31955
Disclosure Date: June 08, 2021 (last updated October 07, 2023)
Windows Kernel Information Disclosure Vulnerability
0
Attacker Value
Unknown
CVE-2024-30040
Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Windows MSHTML Platform Security Feature Bypass Vulnerability
0
Attacker Value
Unknown
CVE-2024-30051
Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Windows DWM Core Library Elevation of Privilege Vulnerability
0
Attacker Value
Unknown
CVE-2024-4671
Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
1
Attacker Value
Unknown
CVE-2020-0968
Disclosure Date: April 15, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
0
Attacker Value
Unknown
CVE-2020-8467
Disclosure Date: March 18, 2020 (last updated December 06, 2023)
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
0
Attacker Value
Unknown
CVE-2019-17026
Disclosure Date: March 02, 2020 (last updated October 06, 2023)
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
1
Attacker Value
Unknown
CVE-2014-0130
Disclosure Date: May 07, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
0
