Show filters
139 Total Results
Displaying 1-10 of 139
Sort by:
Attacker Value
Very High

CVE-2024-55956

Disclosure Date: December 13, 2024 (last updated December 21, 2024)
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
Attacker Value
Very High

CVE-2024-53704

Disclosure Date: January 09, 2025 (last updated January 28, 2025)
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
2
Attacker Value
Very High

CVE-2024-47575

Disclosure Date: October 23, 2024 (last updated January 15, 2025)
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Attacker Value
Very High

CVE-2024-5806

Disclosure Date: June 25, 2024 (last updated January 17, 2025)
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
Attacker Value
Very High

CVE-2024-4040

Disclosure Date: April 22, 2024 (last updated April 27, 2024)
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
Attacker Value
Very High

CVE-2024-3400

Disclosure Date: April 12, 2024 (last updated December 21, 2024)
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
Attacker Value
Very High

CVE-2024-28995

Disclosure Date: June 06, 2024 (last updated July 18, 2024)
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Attacker Value
Moderate

CVE-2024-27199

Disclosure Date: March 04, 2024 (last updated December 18, 2024)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Attacker Value
Very High

CVE-2024-27198

Disclosure Date: March 04, 2024 (last updated March 06, 2024)
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Attacker Value
Very High

CVE-2024-21893

Disclosure Date: January 31, 2024 (last updated December 21, 2024)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.