Search Results (1501 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8243 1 Ivanti 2 Connect Secure, Policy Secure 2025-10-30 7.2 High
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.
CVE-2020-8260 1 Ivanti 1 Connect Secure 2025-10-30 7.2 High
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVE-2024-21893 1 Ivanti 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure 2025-10-30 8.2 High
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.
CVE-2024-29824 1 Ivanti 1 Endpoint Manager 2025-10-30 8.8 High
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-40711 1 Veeam 2 Backup \& Replication, Veeam Backup \& Replication 2025-10-30 9.8 Critical
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 8 Debian Linux, Fedora, Leap and 5 more 2025-10-30 7.5 High
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2020-8193 1 Citrix 8 4000-wo, 4100-wo, 5000-wo and 5 more 2025-10-30 6.5 Medium
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVE-2022-23131 1 Zabbix 1 Zabbix 2025-10-30 9.1 Critical
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
CVE-2022-23134 3 Debian, Fedoraproject, Zabbix 3 Debian Linux, Fedora, Zabbix 2025-10-30 3.7 Low
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
CVE-2018-6961 1 Vmware 1 Nsx Sd-wan By Velocloud 2025-10-30 8.1 High
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
CVE-2020-3952 1 Vmware 1 Vcenter Server 2025-10-30 9.8 Critical
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CVE-2020-3992 1 Vmware 2 Cloud Foundation, Esxi 2025-10-30 9.8 Critical
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
CVE-2021-21972 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-10-30 9.8 Critical
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVE-2021-21973 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-10-30 5.3 Medium
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVE-2021-21985 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-10-30 9.8 Critical
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVE-2021-22005 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-10-30 9.8 Critical
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVE-2022-22947 2 Oracle, Vmware 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more 2025-10-30 10 Critical
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVE-2022-22954 2 Linux, Vmware 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more 2025-10-30 9.8 Critical
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVE-2022-22963 3 Oracle, Redhat, Vmware 29 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 26 more 2025-10-30 9.8 Critical
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE-2022-22965 6 Cisco, Oracle, Redhat and 3 more 45 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 42 more 2025-10-30 9.8 Critical
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.