Show filters
1,134 topics marked with the following tags:
Displaying 1-10 of 1,134
Sort by:
Attacker Value
Unknown

CVE-2020-25223

Disclosure Date: September 25, 2020 (last updated October 18, 2023)
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Attacker Value
Unknown

CVE-2018-15133

Disclosure Date: August 09, 2018 (last updated June 11, 2024)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
Attacker Value
Unknown

CVE-2021-31955

Disclosure Date: June 08, 2021 (last updated October 07, 2023)
Windows Kernel Information Disclosure Vulnerability
Attacker Value
Unknown

CVE-2024-30040

Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Windows MSHTML Platform Security Feature Bypass Vulnerability
Attacker Value
Unknown

CVE-2024-30051

Disclosure Date: May 14, 2024 (last updated May 17, 2024)
Windows DWM Core Library Elevation of Privilege Vulnerability
Attacker Value
Unknown

CVE-2024-4978

Disclosure Date: May 23, 2024 (last updated June 01, 2024)
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
Attacker Value
Unknown

CVE-2020-0968

Disclosure Date: April 15, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
Attacker Value
Unknown

CVE-2019-17026

Disclosure Date: March 02, 2020 (last updated October 06, 2023)
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
Attacker Value
Unknown

CVE-2014-0130

Disclosure Date: May 07, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
0
Attacker Value
Unknown

CVE-2019-11580

Disclosure Date: June 03, 2019 (last updated October 06, 2023)
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.