Show filters
32,133 Total Results
Displaying 21-30 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Moderate

CVE-2020-3580

Disclosure Date: October 21, 2020 (last updated October 29, 2020)
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
Attacker Value
Very High

CVE-2020-9691

Disclosure Date: July 29, 2020 (last updated July 30, 2020)
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
Attacker Value
Low

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

Disclosure Date: April 15, 2020 (last updated September 02, 2020)
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Attacker Value
Low

CVE-2019-11358

Disclosure Date: April 20, 2019 (last updated March 17, 2021)
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Attacker Value
Very High

CVE-2021-43141

Disclosure Date: November 03, 2021 (last updated November 06, 2021)
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
Attacker Value
Low

CVE-2021-38406

Disclosure Date: September 09, 2021 (last updated October 05, 2021)
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process.
Attacker Value
Unknown

CVE-2021-34803

Disclosure Date: June 16, 2021 (last updated June 22, 2021)
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.
Attacker Value
High

CVE-2021-28550

Disclosure Date: May 11, 2021 (last updated September 16, 2021)
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Attacker Value
Unknown

CVE-2021-31195

Disclosure Date: May 11, 2021 (last updated May 18, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198.
Attacker Value
Very High

CVE-2021-27065

Disclosure Date: March 03, 2021 (last updated July 27, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.