Show filters
16,408 Total Results
Displaying 11-20 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Very High
CVE-2023-28771
Disclosure Date: April 25, 2023 (last updated December 22, 2024)
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
5
Attacker Value
High
CVE-2023-23399
Disclosure Date: March 14, 2023 (last updated January 11, 2025)
Microsoft Excel Remote Code Execution Vulnerability
4
Attacker Value
Very High
CVE-2022-24990
Disclosure Date: February 07, 2023 (last updated October 08, 2023)
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
4
Attacker Value
Very High
CVE-2022-29464
Disclosure Date: April 18, 2022 (last updated February 23, 2025)
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
5
Attacker Value
Moderate
CVE-2020-5948 — F5 TMUI XSS vulnerability
Disclosure Date: December 11, 2020 (last updated February 22, 2025)
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.
5
Attacker Value
Low
CVE-2019-11358
Disclosure Date: April 20, 2019 (last updated February 17, 2024)
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6
Attacker Value
Moderate
CVE-2015-9251
Disclosure Date: January 18, 2018 (last updated November 08, 2023)
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6
Attacker Value
Moderate
CVE-2024-21413
Disclosure Date: February 13, 2024 (last updated January 12, 2025)
Microsoft Outlook Remote Code Execution Vulnerability
5
Attacker Value
High
CVE-2023-4911
Disclosure Date: October 03, 2023 (last updated January 28, 2025)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
4
Attacker Value
High
CVE-2022-30174
Disclosure Date: June 15, 2022 (last updated November 29, 2024)
Microsoft Office Remote Code Execution Vulnerability
3
