Vulnerabilities in n/a

159,602 results

CVE-2018-7600CRITICALDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because oEPSS 100.0%KEV CVE-2020-8515CRITICALDrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code executiEPSS 100.0%KEV CVE-2022-44877CRITICALlogin/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commaEPSS 100.0%KEV CVE-2019-9670CRITICALmailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, asEPSS 100.0%KEV CVE-2021-20090CRITICALA path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= EPSS 100.0%KEV CVE-2014-0195—The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properlEPSS 100.0%CVE-2024-45519CRITICALThe postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.EPSS 100.0%KEV CVE-2014-8361CRITICALThe miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploiEPSS 100.0%KEV CVE-2014-3704—The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements,EPSS 100.0%CVE-2020-25506CRITICALD-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary EPSS 100.0%KEV CVE-2015-7297—SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aEPSS 100.0%CVE-2012-0158HIGHThe (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft OfficeEPSS 100.0%KEV CVE-2018-10562CRITICALAn issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request toEPSS 100.0%KEV CVE-2021-3129CRITICALIgnition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of iEPSS 99.9%KEV CVE-2020-10189CRITICALZoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImageEPSS 99.9%KEV CVE-2022-35405CRITICALZoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This alEPSS 99.9%KEV CVE-2015-3113HIGHHeap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11EPSS 99.9%KEV CVE-2014-7169CRITICALGNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variablEPSS 99.9%KEV CVE-2022-22963CRITICALIn Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user toEPSS 99.9%KEV CVE-2012-1456—The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.EPSS 99.9%

← previouspage 2 / 7,981next →