Falhas do tipo CWE-918

2.119 resultados

CVE-2021-40438CRITICALmod_proxy SSRFEPSS 100.0%KEV CVE-2021-21985CRITICALThe vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plEPSS 100.0%KEV CVE-2021-26855CRITICALMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 100.0%KEV CVE-2024-21893HIGHA server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) EPSS 100.0%KEV CVE-2021-34473CRITICALMicrosoft Exchange Server Remote Code Execution VulnerabilityEPSS 100.0%KEV CVE-2022-41040HIGHMicrosoft Exchange Server Elevation of Privilege VulnerabilityEPSS 99.9%KEV CVE-2021-22986CRITICALOn BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 EPSS 99.9%KEV CVE-2021-22054HIGHVMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5EPSS 97.7%KEV CVE-2025-61884HIGHVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected aEPSS 97.6%KEV CVE-2024-45507HIGHApache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCEEPSS 93.2%CVE-2021-27905—SSRF vulnerability with the Replication handlerEPSS 93.1%CVE-2021-21311HIGHSSRF in adminerEPSS 90.5%KEV CVE-2023-41763MEDIUMSkype for Business Elevation of Privilege VulnerabilityEPSS 90.4%KEV CVE-2021-21973MEDIUMThe vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter ServEPSS 88.0%KEV CVE-2020-7796CRITICALZimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.EPSS 85.4%KEV CVE-2023-49785CRITICALNextChat vulnerable to Server-Side Request Forgery and Cross-site ScriptingEPSS 83.2%CVE-2023-48022CRITICALAnyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is tEPSS 81.5%CVE-2020-26258MEDIUMServer-Side Forgery Request can be activated unmarshalling with XStreamEPSS 81.4%CVE-2019-9621HIGHZimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3EPSS 80.9%KEV CVE-2021-21975HIGHServer Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network accessEPSS 78.4%KEV

← anteriorpágina 1 / 106próxima →