Show filters
80,072 Total Results
Displaying 21-30 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
High
CVE-2020-17087 Windows Kernel local privilege escalation 0day
Disclosure Date: November 11, 2020 (last updated January 01, 2024)
Windows Kernel Local Elevation of Privilege Vulnerability
13
Attacker Value
Very High
CVE-2020-11651
Disclosure Date: April 30, 2020 (last updated November 27, 2024)
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
6
Attacker Value
High
CVE-2023-27532
Disclosure Date: March 10, 2023 (last updated May 10, 2024)
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
11
Attacker Value
Very High
CVE-2021-41773
Disclosure Date: October 05, 2021 (last updated November 08, 2023)
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
11
Attacker Value
Very High
VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-219…
Disclosure Date: February 24, 2021 (last updated February 14, 2024)
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
13
Attacker Value
Very High
CVE-2020-14882 — Unauthenticated RCE in Console component of Oracle WebLogic Se…
Disclosure Date: October 21, 2020 (last updated December 28, 2020)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
12
Attacker Value
Very High
CVE-2023-21716
Disclosure Date: February 14, 2023 (last updated May 29, 2024)
Microsoft Word Remote Code Execution Vulnerability
9
Attacker Value
Very High
CVE-2022-26134
Disclosure Date: June 03, 2022 (last updated June 29, 2024)
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
11
Attacker Value
Very High
CVE-2018-13379 Path Traversal in Fortinet FortiOS
Disclosure Date: June 04, 2019 (last updated October 06, 2023)
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
9
Attacker Value
Very High
CVE-2023-48788
Disclosure Date: March 12, 2024 (last updated April 01, 2024)
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
8