Show filters
524 topics marked with the following tags:
Displaying 31-40 of 524
Sort by:
Attacker Value
Very High

CVE-2017-6526

Disclosure Date: March 09, 2017 (last updated October 05, 2023)
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
Attacker Value
Low

CVE-2021-21956

Disclosure Date: November 22, 2021 (last updated October 07, 2023)
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.
Attacker Value
Moderate

CVE-2019-8451

Disclosure Date: September 11, 2019 (last updated October 06, 2023)
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Attacker Value
Very High

CVE-2020-26352

Disclosure Date: December 02, 2022 (last updated November 08, 2023)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
1
Attacker Value
High

CVE-2023-38490

Disclosure Date: July 27, 2023 (last updated October 08, 2023)
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods. XML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF). Kirby's `Xml::parse()` method used PHP's `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is…
Attacker Value
Very Low

CVE-2020-9340

Disclosure Date: February 22, 2020 (last updated October 06, 2023)
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
Attacker Value
Moderate

CVE-2023-37679

Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
Attacker Value
Low

CVE-2023-0297

Disclosure Date: January 14, 2023 (last updated October 08, 2023)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Attacker Value
Low

CVE-2020-9268

Disclosure Date: February 18, 2020 (last updated October 06, 2023)
SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Attacker Value
High

CVE-2021-26295

Disclosure Date: March 22, 2021 (last updated November 08, 2023)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.