Show filters
1,123 topics marked with the following tags:
Displaying 1-10 of 1,123
Sort by:
Attacker Value
Unknown

CVE-2020-25223

Disclosure Date: September 25, 2020 (last updated October 18, 2023)
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Attacker Value
Unknown

CVE-2018-15133

Disclosure Date: August 09, 2018 (last updated December 06, 2023)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
0
Attacker Value
Unknown

CVE-2021-31955

Disclosure Date: June 08, 2021 (last updated October 07, 2023)
Windows Kernel Information Disclosure Vulnerability
Attacker Value
Unknown

CVE-2024-30040

Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Windows MSHTML Platform Security Feature Bypass Vulnerability
Attacker Value
Unknown

CVE-2024-30051

Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Windows DWM Core Library Elevation of Privilege Vulnerability
Attacker Value
Unknown

CVE-2024-4671

Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Attacker Value
Unknown

CVE-2020-0968

Disclosure Date: April 15, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
Attacker Value
Unknown

CVE-2020-8467

Disclosure Date: March 18, 2020 (last updated December 06, 2023)
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
Attacker Value
Unknown

CVE-2019-17026

Disclosure Date: March 02, 2020 (last updated October 06, 2023)
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
Attacker Value
Unknown

CVE-2014-0130

Disclosure Date: May 07, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
0