Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9082 | 3 Opensourcebms, Thinkphp, Zzzcms | 3 Open Source Background Management System, Thinkphp, Zzzphp | 2025-03-14 | 8.8 High |
| ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | ||||
| CVE-2024-40585 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2025-03-14 | 5.9 Medium |
| An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below eventlog may allow any low privileged user with access to event log section to retrieve certificate private key and encrypted password logged as system log. | ||||
| CVE-2020-10199 | 1 Sonatype | 1 Nexus | 2025-03-14 | 8.8 High |
| Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | ||||
| CVE-2016-11021 | 1 Dlink | 2 Dcs-930l, Dcs-930l Firmware | 2025-03-14 | 7.2 High |
| setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | ||||
| CVE-2020-10189 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-03-14 | 9.8 Critical |
| Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. | ||||
| CVE-2019-7483 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2025-03-14 | 7.5 High |
| In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | ||||
| CVE-2019-7481 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2025-03-14 | 7.5 High |
| Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. | ||||
| CVE-2023-45588 | 2025-03-14 | 7.8 High | ||
| An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. | ||||
| CVE-2019-18935 | 1 Telerik | 1 Ui For Asp.net Ajax | 2025-03-14 | 9.8 Critical |
| Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.) | ||||
| CVE-2019-16759 | 1 Vbulletin | 1 Vbulletin | 2025-03-14 | 9.8 Critical |
| vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | ||||
| CVE-2019-16057 | 1 Dlink | 2 Dns-320, Dns-320 Firmware | 2025-03-14 | 9.8 Critical |
| The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. | ||||
| CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-03-14 | 7.8 High |
| Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | ||||
| CVE-2020-29557 | 1 Dlink | 6 Dir-825, Dir-825\/a, Dir-825\/ac and 3 more | 2025-03-14 | 9.8 Critical |
| An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. | ||||
| CVE-2020-16846 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2025-03-14 | 9.8 Critical |
| An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | ||||
| CVE-2020-25213 | 1 Webdesi9 | 1 File Manager | 2025-03-14 | 10 Critical |
| The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. | ||||
| CVE-2020-17496 | 1 Vbulletin | 1 Vbulletin | 2025-03-14 | 9.8 Critical |
| vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. | ||||
| CVE-2020-9377 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2025-03-14 | 8.8 High |
| D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-11899 | 2 Dell, Treck | 7 Wyse 5030, Wyse 5030 Firmware, Wyse 5050 All-in-one and 4 more | 2025-03-14 | 5.4 Medium |
| The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | ||||
| CVE-2020-8816 | 1 Pi-hole | 1 Pi-hole | 2025-03-14 | 7.2 High |
| Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | ||||
| CVE-2023-33300 | 2025-03-14 | 4.8 Medium | ||
| A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port. | ||||