An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet F…

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed vers…

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Ve…

Cacti is an open source platform which provides a robust and extensible operational monitoring …

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connectio…

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 bef…

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A …

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1,…

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administra…

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-bet…

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The …

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that wou…

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11…

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6…

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in…

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Iv…

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An …

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allow…

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an atta…

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attack…

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI scrip…

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution aft…

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: throug…

All versions of Confluence Data Center and Server are affected by this unexploited vulnerabilit…

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version …

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older un…

There was a server-side template injection vulnerability in Jira Server and Data Center, in the…

A template injection vulnerability on older versions of Confluence Data Center and Server allow…

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZI…

<p>Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that a…

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) b…

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expression…

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <…

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP …

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Softwa…

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect f…

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance …

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023…