A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect f…

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI comman…

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x…

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Iv…

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Ga…

The HTTP/2 protocol allows a denial of service (server resource consumption) because request ca…

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized user…

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restr…

This vulnerability allows remote attackers to bypass authentication on affected installations o…

All versions of Confluence Data Center and Server are affected by this unexploited vulnerabilit…

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance …

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command …

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injecti…

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The …

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exis…

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect f…

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) …

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choos…

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession…

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read parti…

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exis…

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A …

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input …

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allo…

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6…

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1,…

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 bef…

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Termi…

An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet F…

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers t…

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 h…

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Wi…

GNU Bash through 4.3 processes trailing strings after function definitions in the values of env…

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterminist…

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle …

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administra…

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build …

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expression…