Show filters
93,852 Total Results
Displaying 241-250 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
High

CVE-2023-21707

Disclosure Date: February 14, 2023 (last updated February 24, 2025)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attack Vector: NetworkPrivileges: LowUser Interaction: None
3
1
Attacker Value
Moderate

CVE-2023-0315

Disclosure Date: January 16, 2023 (last updated February 24, 2025)
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
3
1
Attacker Value
Very High

CVE-2022-44877

Disclosure Date: January 05, 2023 (last updated February 24, 2025)
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
Very High

CVE-2022-41622

Disclosure Date: December 07, 2022 (last updated February 24, 2025)
In all versions,  BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
3
1
Attacker Value
Low

CVE-2022-1471

Disclosure Date: December 01, 2022 (last updated February 24, 2025)
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
Moderate

CVE-2022-41080

Disclosure Date: November 09, 2022 (last updated January 11, 2025)
Microsoft Exchange Server Elevation of Privilege Vulnerability
Attack Vector: NetworkPrivileges: LowUser Interaction: None
3
1
Attacker Value
Very High

CVE-2022-32744

Disclosure Date: August 25, 2022 (last updated February 24, 2025)
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
3
1
Attacker Value
Very High

CVE-2022-31656

Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
High

CVE-2022-26352

Disclosure Date: July 17, 2022 (last updated February 24, 2025)
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
High

CVE-2022-2143

Disclosure Date: June 28, 2022 (last updated February 24, 2025)
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
View More Topics  < Previous  Next >