Show filters
12,785 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2023-20867
Disclosure Date: June 13, 2023 (last updated June 28, 2024)
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
4
Attacker Value
High
CVE-2022-22957
Disclosure Date: April 13, 2022 (last updated October 07, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.
3
Attacker Value
Very High
CVE-2021-40578
Disclosure Date: December 07, 2021 (last updated October 07, 2023)
Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter.
3
Attacker Value
Very High
CVE-2020-17132
Disclosure Date: December 10, 2020 (last updated December 30, 2023)
Microsoft Exchange Remote Code Execution Vulnerability
3
Attacker Value
Moderate
CVE-2020-14295
Disclosure Date: June 17, 2020 (last updated November 08, 2023)
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
3
Attacker Value
Very High
CVE-2023-20273
Disclosure Date: October 25, 2023 (last updated November 07, 2023)
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
2
Attacker Value
High
CVE-2023-41179
Disclosure Date: September 19, 2023 (last updated October 08, 2023)
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.
Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.
2
Attacker Value
Moderate
CVE-2023-28128
Disclosure Date: May 09, 2023 (last updated October 08, 2023)
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
2
Attacker Value
High
CVE-2022-43769
Disclosure Date: April 03, 2023 (last updated October 08, 2023)
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
2
Attacker Value
Very High
CVE-2021-41675
Disclosure Date: October 29, 2021 (last updated October 07, 2023)
A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .
2