Show filters
12,753 Total Results
Displaying 21-30 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Moderate

CVE-2021-41947

Disclosure Date: October 08, 2021 (last updated October 07, 2023)
A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.
Attacker Value
Very High

CVE-2020-2038

Disclosure Date: September 09, 2020 (last updated October 07, 2023)
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
Attacker Value
Moderate

CVE-2024-38023

Disclosure Date: July 09, 2024 (last updated July 12, 2024)
Microsoft SharePoint Server Remote Code Execution Vulnerability
Attacker Value
Very High

CVE-2022-41800

Disclosure Date: December 07, 2022 (last updated November 08, 2023)
In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Attacker Value
Low

CVE-2022-38108

Disclosure Date: October 19, 2022 (last updated October 08, 2023)
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Attacker Value
Moderate

CVE-2022-24734

Disclosure Date: March 09, 2022 (last updated October 07, 2023)
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
Attacker Value
Moderate

CVE-2021-38603

Disclosure Date: August 12, 2021 (last updated October 07, 2023)
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Attacker Value
Very High

CVE-2021-20022

Disclosure Date: April 09, 2021 (last updated October 07, 2023)
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
Attacker Value
Low

CVE-2021-21431

Disclosure Date: April 09, 2021 (last updated October 07, 2023)
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1.
Attacker Value
Moderate

CVE-2020-17144

Disclosure Date: December 10, 2020 (last updated December 30, 2023)
Microsoft Exchange Remote Code Execution Vulnerability