Remote Procedure Call Runtime Remote Code Execution Vulnerability

Win32 File Enumeration Remote Code Execution Vulnerability

Windows SMB Remote Code Execution Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as...

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9....

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function...

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially ...

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users...

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. The vulner...

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. The vulne...

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. The vulnerabilit...

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and De...

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and S...

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox...

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox compo...

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. This makes it possible for ...

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not requi...

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not ...

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required ...