Show filters
580 topics marked with the following tags:
Displaying 31-40 of 580
Sort by:
Attacker Value
Low

CVE-2023-0297

Disclosure Date: January 14, 2023 (last updated October 08, 2023)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Attacker Value
Moderate

CVE-2023-37679

Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
Attacker Value
High

CVE-2024-49019

Disclosure Date: November 12, 2024 (last updated January 06, 2025)
Active Directory Certificate Services Elevation of Privilege Vulnerability
1
Attacker Value
High

CVE-2023-4220

Disclosure Date: November 28, 2023 (last updated December 05, 2023)
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Attacker Value
High

CVE-2021-26295

Disclosure Date: March 22, 2021 (last updated November 08, 2023)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Attacker Value
Low

CVE-2020-9268

Disclosure Date: February 18, 2020 (last updated November 27, 2024)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Attacker Value
Moderate

CVE-2022-31661

Disclosure Date: August 05, 2022 (last updated October 08, 2023)
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to 'root'.
Attacker Value
Very High

CVE-2019-16662

Disclosure Date: October 28, 2019 (last updated November 27, 2024)
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
Attacker Value
High

CVE-2021-22707

Disclosure Date: July 21, 2021 (last updated November 28, 2024)
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.
Attacker Value
High

CVE-2020-35846

Disclosure Date: December 30, 2020 (last updated November 28, 2024)
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.