Show filters
474 topics marked with the following tags:
Displaying 21-30 of 474
Sort by:
Attacker Value
Very High
CVE-2020-8010 Nimbus protocol allows unauth read/write/execute
Disclosure Date: February 18, 2020 (last updated October 06, 2023)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
1
Attacker Value
Very Low
CVE-2022-35737
Disclosure Date: August 03, 2022 (last updated March 28, 2024)
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
2
Attacker Value
Low
CVE-2019-19908
Disclosure Date: June 19, 2019 (last updated October 06, 2023)
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
0
Attacker Value
High
CVE-2022-21874
Disclosure Date: January 11, 2022 (last updated December 21, 2023)
Windows Security Center API Remote Code Execution Vulnerability
1
Attacker Value
Moderate
CVE-2023-37679
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
2
Attacker Value
Moderate
CVE-2020-8091
Disclosure Date: January 27, 2020 (last updated October 06, 2023)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
1
Attacker Value
Very High
CVE-2020-15506
Disclosure Date: July 07, 2020 (last updated October 07, 2023)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
1
Attacker Value
High
CVE-2021-26295
Disclosure Date: March 22, 2021 (last updated November 08, 2023)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
3
Attacker Value
Low
CVE-2023-0297
Disclosure Date: January 14, 2023 (last updated October 08, 2023)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
1
Attacker Value
Very High
CVE-2024-0204
Disclosure Date: January 22, 2024 (last updated January 30, 2024)
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
3