Show filters
580 topics marked with the following tags:
Displaying 31-40 of 580
Sort by:
Attacker Value
Low
CVE-2023-0297
Disclosure Date: January 14, 2023 (last updated October 08, 2023)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
1
Attacker Value
Moderate
CVE-2023-37679
Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
2
Attacker Value
High
CVE-2024-49019
Disclosure Date: November 12, 2024 (last updated January 06, 2025)
Active Directory Certificate Services Elevation of Privilege Vulnerability
1
Attacker Value
High
CVE-2023-4220
Disclosure Date: November 28, 2023 (last updated December 05, 2023)
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
1
Attacker Value
High
CVE-2021-26295
Disclosure Date: March 22, 2021 (last updated November 08, 2023)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
3
Attacker Value
Low
CVE-2020-9268
Disclosure Date: February 18, 2020 (last updated November 27, 2024)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
0
Attacker Value
Moderate
CVE-2022-31661
Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
1
Attacker Value
Very High
CVE-2019-16662
Disclosure Date: October 28, 2019 (last updated November 27, 2024)
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
1
Attacker Value
High
CVE-2021-22707
Disclosure Date: July 21, 2021 (last updated November 28, 2024)
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
1
Attacker Value
High
CVE-2020-35846
Disclosure Date: December 30, 2020 (last updated November 28, 2024)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
3