Show filters
12,628 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High

CVE-2021-40578

Disclosure Date: December 07, 2021 (last updated October 07, 2023)
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
Attacker Value
Very High

CVE-2020-17132

Disclosure Date: December 10, 2020 (last updated December 30, 2023)
Microsoft Exchange Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2020-2038

Disclosure Date: September 09, 2020 (last updated October 07, 2023)
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
Attacker Value
Moderate

CVE-2020-14295

Disclosure Date: June 17, 2020 (last updated November 08, 2023)
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Attacker Value
Very High

CVE-2023-20273

Disclosure Date: October 25, 2023 (last updated November 07, 2023)
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Attacker Value
High

CVE-2023-41179

Disclosure Date: September 19, 2023 (last updated October 08, 2023)
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
Attacker Value
Moderate

CVE-2023-28128

Disclosure Date: May 09, 2023 (last updated October 08, 2023)
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
Attacker Value
High

CVE-2023-21932

Disclosure Date: April 18, 2023 (last updated October 08, 2023)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS V…
Attacker Value
High

CVE-2022-43769

Disclosure Date: April 03, 2023 (last updated October 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 
Attacker Value
Very High

CVE-2022-41800

Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.