CVE-2022-25487
|
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. |
thedigicraft |
Atom CMS |
2025-07-07 12:00:53 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-1335
|
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the... |
Apache Software Foundation |
Apache Tika |
2025-07-06 12:00:53 UTC |
The Shadowserver (via CIRCL) |
CVE-2019-15642
|
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval... |
Webmin |
Webmin |
2025-07-06 12:00:44 UTC |
The Shadowserver (via CIRCL) |
CVE-2017-6090
|
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute... |
PhpCollab |
PhpCollab |
2025-07-06 12:00:35 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-1000130
|
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on... |
Jolokia |
Jolokia agent |
2025-07-06 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-5777
|
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread |
NetScaler |
ADC, Gateway |
2025-07-04 12:00:14 UTC |
The Shadowserver (via CIRCL) |
CVE-2019-12276
|
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated... |
GrandNode |
GrandNode |
2025-07-02 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-25237
|
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the... |
Bonitasoft |
Bonita Web |
2025-07-02 12:00:24 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-31602
|
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has... |
Hitachi Vantara |
Pentaho |
2025-07-02 12:00:13 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-33564
|
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a... |
markevans |
dragonfly |
2025-07-01 12:00:43 UTC |
The Shadowserver (via CIRCL) |
CVE-2019-20933
|
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may... |
InfluxData |
InfluxDB |
2025-07-01 12:00:31 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-35813
|
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. |
Sitecore |
Experience Manager, Experience Platform, Experience Commerce |
2025-07-01 12:00:22 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-21389
|
BuddyPress privilege escalation via REST API |
buddypress |
BuddyPress |
2025-07-01 12:00:15 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-6554
|
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.... |
Google |
Chrome |
2025-07-01 07:30:28 UTC |
CyberInsider |
CVE-2019-9733
|
An issue was discovered in JFrog Artifactory 6.7.3. By default, the access-admin account is used to reset the password of the admin account in case... |
JFrog |
Artifactory |
2025-06-29 12:00:26 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-42640
|
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability... |
adonespitogo |
angular-base64-upload |
2025-06-27 12:01:47 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-43360
|
ZoneMinder Time-based SQL Injection |
ZoneMinder |
zoneminder |
2025-06-27 12:01:40 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-8856
|
Backup and Staging by WP Time Capsule <= 1.22.21 - Unauthenticated Arbitrary File Upload |
revmakx |
Backup and Staging by WP Time Capsule |
2025-06-27 12:01:33 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-50498
|
WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability |
LUBUS |
WP Query Console |
2025-06-27 12:01:26 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-6396
|
Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim |
aimhubio |
aimhubio/aim |
2025-06-27 12:01:19 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-8877
|
SQL Injection |
Riello |
Netman 204 |
2025-06-27 12:01:13 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-7954
|
SPIP porte_plume Plugin Arbitrary PHP Execution |
SPIP |
SPIP |
2025-06-27 12:01:06 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-39914
|
FOG has a command injection in /fog/management/export.php?filename= |
FOGProject |
fogproject |
2025-06-27 12:00:59 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-29895
|
Cacti command injection in cmd_realtime.php |
Cacti |
cacti |
2025-06-27 12:00:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-44849
|
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. |
Qualitor |
Qualitor |
2025-06-27 12:00:42 UTC |
The Shadowserver (via CIRCL) |