Show filters
64,967 Total Results
Displaying 21-30 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
High

CVE-2020-0796 - SMBGhost

Disclosure Date: March 12, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
Attacker Value
Very High

CVE-2019-19781

Disclosure Date: November 05, 2019 (last updated October 06, 2023)
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Attacker Value
High

CVE-2022-22965

Disclosure Date: April 01, 2022 (last updated October 07, 2023)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Attacker Value
Moderate

CVE-2022-0342

Disclosure Date: March 28, 2022 (last updated October 07, 2023)
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
Attacker Value
Very High

CVE-2021-22893

Disclosure Date: April 23, 2021 (last updated January 14, 2024)
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
Attacker Value
Very High

CVE-2021-26857

Disclosure Date: March 03, 2021 (last updated December 30, 2023)
Microsoft Exchange Server Remote Code Execution Vulnerability
Attacker Value
Low

CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability

Disclosure Date: July 22, 2020 (last updated February 22, 2024)
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
Attacker Value
Very High

CVE-2020-7961

Disclosure Date: March 20, 2020 (last updated January 29, 2021)
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Attacker Value
High

CVE-2019-18935

Disclosure Date: December 11, 2019 (last updated November 08, 2023)
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Attacker Value
Very High

CVE-2024-21893

Disclosure Date: January 31, 2024 (last updated February 02, 2024)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.