Show filters
90,899 Total Results
Displaying 81-90 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
High

CVE-2022-22972

Disclosure Date: May 20, 2022 (last updated November 29, 2024)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
Attacker Value
Very High

CVE-2022-27925

Disclosure Date: April 21, 2022 (last updated November 29, 2024)
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Attacker Value
Very High

CVE-2022-29464

Disclosure Date: April 18, 2022 (last updated July 03, 2024)
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Attacker Value
High

CVE-2021-42237

Disclosure Date: November 05, 2021 (last updated November 28, 2024)
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Attacker Value
Moderate

CVE-2021-40870

Disclosure Date: September 13, 2021 (last updated November 28, 2024)
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Attacker Value
Very High

CVE-2021-40539

Disclosure Date: September 07, 2021 (last updated November 28, 2024)
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Attacker Value
Very High

CVE-2021-21975

Disclosure Date: March 31, 2021 (last updated June 05, 2021)
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
Attacker Value
High

CVE-2021-25281

Disclosure Date: February 27, 2021 (last updated November 01, 2023)
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
Attacker Value
Moderate

CVE-2020-5948 — F5 TMUI XSS vulnerability

Disclosure Date: December 11, 2020 (last updated November 28, 2024)
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
Attacker Value
Low

CVE-2020-11984 — Multiple Vulnerabilities in Apache Web Server Could Allow for …

Disclosure Date: August 07, 2020 (last updated November 08, 2023)
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.