Show filters
139 Total Results
Displaying 1-10 of 139
Sort by:
Attacker Value
Very High
CVE-2024-55956
Disclosure Date: December 13, 2024 (last updated December 21, 2024)
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
1
Attacker Value
Very High
CVE-2024-53704
Disclosure Date: January 09, 2025 (last updated January 28, 2025)
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
2
Attacker Value
Very High
CVE-2024-47575
Disclosure Date: October 23, 2024 (last updated January 15, 2025)
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
5
Attacker Value
Very High
CVE-2024-5806
Disclosure Date: June 25, 2024 (last updated January 17, 2025)
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
4
Attacker Value
Very High
CVE-2024-4040
Disclosure Date: April 22, 2024 (last updated April 27, 2024)
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
8
Attacker Value
Very High
CVE-2024-3400
Disclosure Date: April 12, 2024 (last updated December 21, 2024)
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
15
Attacker Value
Very High
CVE-2024-28995
Disclosure Date: June 06, 2024 (last updated July 18, 2024)
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
5
Attacker Value
Moderate
CVE-2024-27199
Disclosure Date: March 04, 2024 (last updated December 18, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
3
Attacker Value
Very High
CVE-2024-27198
Disclosure Date: March 04, 2024 (last updated March 06, 2024)
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
5
Attacker Value
Very High
CVE-2024-21893
Disclosure Date: January 31, 2024 (last updated December 21, 2024)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
8