Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote …

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the Ve…

Cacti is an open source platform which provides a robust and extensible operational monitoring …

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent…

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Softwa…

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to…

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Executi…

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelio…

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Informat…

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block…

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-mast…

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow…

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allow…

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 20…

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow r…

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote …

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) …

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and…

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX …

There was a server-side template injection vulnerability in Jira Server and Data Center, in the…

A template injection vulnerability on older versions of Confluence Data Center and Server allow…

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and…

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Ga…

Atlassian has been made aware of an issue reported by a handful of customers where external att…

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expression…

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses…

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX …

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect f…

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint.…

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and…

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that le…

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 h…

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-mast…

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a ma…

In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expressi…

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting …

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Informatio…

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an…

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It…

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a …