Weaknesses of type CWE-706

57 results

CVE-2020-15505CRITICALA remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, EPSS 99.7%KEV CVE-2021-40539CRITICALZoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execuEPSS 99.0%KEV CVE-2024-27292HIGHDocassemble unauthorized access through URL manipulationEPSS 69.5%CVE-2020-26233HIGHRemote Code Execution in Git Credential Manager CoreEPSS 5.9%CVE-2022-27778—A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--reEPSS 3.5%CVE-2014-125125HIGHA10 Networks AX Loadbalancer Path TraversalEPSS 1.9%CVE-2021-37315CRITICALIncorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attacEPSS 1.1%CVE-2021-37214HIGHLarvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-3EPSS 1.1%CVE-2022-29445MEDIUMWordPress Popup Box plugin <= 2.1.2 - Authenticated Local File Inclusion (LFI) vulnerabilityEPSS 1.0%CVE-2022-31089HIGHInvalid file request can crashe parse-serverEPSS 0.9%CVE-2023-31814CRITICALD-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.EPSS 0.9%CVE-2024-35198CRITICALTorchServe bypass allowed_urls configurationEPSS 0.8%CVE-2023-28643MEDIUMPotential share collision for recipients when caching is enabled in nextcloud serverEPSS 0.8%CVE-2021-37213MEDIUMLarvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2EPSS 0.8%CVE-2024-27295HIGHDirectus MySQL accent insensitive email matchingEPSS 0.7%CVE-2021-37215MEDIUMLarvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4EPSS 0.7%CVE-2022-30258CRITICALAn issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domainEPSS 0.7%CVE-2022-30257CRITICALAn issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. A revoked domainEPSS 0.7%CVE-2024-57785MEDIUMZenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.EPSS 0.7%CVE-2024-52515MEDIUMNextcloud Server has incomplete sanitization of SVG files allows to embed other images into previewsEPSS 0.7%

← previouspage 1 / 3next →