Show filters
738 Total Results
Displaying 1-10 of 738
Sort by:
Attacker Value
Very High

CVE-2022-26318

Disclosure Date: March 04, 2022 (last updated February 23, 2025)
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
5
2
Attacker Value
Low

CVE-2019-11358

Disclosure Date: April 20, 2019 (last updated February 17, 2024)
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
6
1
Attacker Value
Unknown

CVE-2020-12116

Disclosure Date: May 07, 2020 (last updated February 21, 2025)
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
1
Attacker Value
Moderate

CVE-2019-17571

Disclosure Date: December 20, 2019 (last updated November 08, 2023)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Very High

CVE-2022-3405

Disclosure Date: May 03, 2023 (last updated February 24, 2025)
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Very High

CVE-2022-30995

Disclosure Date: May 03, 2023 (last updated February 24, 2025)
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
High

CVE-2021-3287

Disclosure Date: April 22, 2021 (last updated February 22, 2025)
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
High

CVE-2020-28653

Disclosure Date: February 03, 2021 (last updated November 28, 2024)
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Very High

CVE-2020-17530

Disclosure Date: December 11, 2020 (last updated February 22, 2025)
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
Attacker Value
Very High

CVE-2019-0230

Disclosure Date: September 14, 2020 (last updated February 22, 2025)
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
1
View More Topics  Next >