Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote …

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Ve…

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction o…

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Executi…

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelio…

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Softwa…

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to…

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow…

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and…

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow r…

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote …

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) …

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX …

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and…

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthe…

Atlassian has been made aware of an issue reported by a handful of customers where external att…

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses…

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect f…

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint.…

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and…

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 h…

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-mast…

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting …

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expressi…

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX …

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9…

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Informatio…

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a ma…

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 …

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain config…

In the case of instances where the SAML SSO authentication is enabled (non-default), session da…

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Ci…

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x be…

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (I…

Nacos is a platform designed for dynamic service discovery and configuration and service manage…

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to vi…

Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an a…

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deseri…

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input i…