| CVE-2019-0752 | | 0.28 | — | 0.92 | KEV | Apr 9, 2019 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. |
| CVE-2018-20250 | | 0.28 | — | 0.93 | KEV | Feb 5, 2019 | In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. |
| CVE-2018-15982 | | 0.28 | — | 0.94 | KEV | Jan 18, 2019 | Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2018-8453 | | 0.28 | — | 0.81 | KEV | Oct 10, 2018 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
| CVE-2018-11138 | | 0.28 | — | 0.93 | KEV | May 31, 2018 | The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. |
| CVE-2018-6789 | | 0.28 | — | 0.86 | KEV | Feb 8, 2018 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. |
| CVE-2018-4878 | | 0.28 | — | 0.94 | KEV | Feb 6, 2018 | A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. |
| CVE-2025-49706 | | 0.27 | — | 0.75 | KEV | Jul 8, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2024-21338 | | 0.27 | — | 0.79 | KEV | Feb 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2022-21999 | | 0.27 | — | 0.72 | KEV | Feb 9, 2022 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2018-8440 | | 0.27 | — | 0.75 | KEV | Sep 13, 2018 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
| CVE-2025-49704 | | 0.26 | — | 0.60 | KEV | Jul 8, 2025 | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| CVE-2025-5777 | | 0.26 | — | 0.65 | KEV | Jun 17, 2025 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
| CVE-2024-55591 | | 0.26 | — | 0.94 | KEV | Jan 14, 2025 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. |
| CVE-2024-53704 | | 0.26 | — | 0.94 | KEV | Jan 9, 2025 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. |
| CVE-2024-50623 | | 0.26 | — | 0.94 | KEV | Oct 27, 2024 | In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. |
| CVE-2024-41713 | | 0.26 | — | 0.94 | KEV | Oct 21, 2024 | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. |
| CVE-2024-21412 | | 0.26 | — | 0.94 | KEV | Feb 13, 2024 | Internet Shortcut Files Security Feature Bypass Vulnerability |
| CVE-2023-47246 | | 0.26 | — | 0.94 | KEV | Nov 10, 2023 | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. |
| CVE-2023-41266 | | 0.26 | — | 0.94 | KEV | Aug 29, 2023 | A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. |
| CVE-2023-35082 | | 0.26 | — | 0.94 | KEV | Aug 15, 2023 | An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. |
| CVE-2023-35078 | | 0.26 | — | 0.94 | KEV | Jul 25, 2023 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
| CVE-2023-38203 | | 0.26 | — | 0.94 | KEV | Jul 20, 2023 | Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. |
| CVE-2023-28252 | | 0.26 | — | 0.62 | KEV | Apr 11, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2022-42475 | | 0.26 | — | 0.94 | KEV | Jan 2, 2023 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. |
| CVE-2022-41080 | | 0.26 | — | 0.94 | KEV | Nov 9, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2021-20038 | | 0.26 | — | 0.94 | KEV | Dec 8, 2021 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. |
| CVE-2021-42287 | | 0.26 | — | 0.94 | KEV | Nov 10, 2021 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42278 | | 0.26 | — | 0.94 | KEV | Nov 10, 2021 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-35211 | | 0.26 | — | 0.94 | KEV | Jul 14, 2021 | Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability. |
| CVE-2020-0787 | | 0.26 | — | 0.59 | KEV | Mar 12, 2020 | An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. |
| CVE-2019-7481 | | 0.26 | — | 0.94 | KEV | Dec 17, 2019 | Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100 version 9.0.0.3 and earlier. |
| CVE-2019-16057 | | 0.26 | — | 0.94 | KEV | Sep 16, 2019 | The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. |
| CVE-2018-6530 | | 0.26 | — | 0.94 | KEV | Mar 6, 2018 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. |
| CVE-2025-22457 | | 0.25 | — | 0.56 | KEV | Apr 3, 2025 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. |
| CVE-2024-30088 | | 0.25 | — | 0.88 | KEV | Jun 11, 2024 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-21762 | | 0.25 | — | 0.93 | KEV | Feb 9, 2024 | A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests |
| CVE-2024-1086 | | 0.25 | — | 0.85 | KEV | Jan 31, 2024 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. |
| CVE-2023-41265 | | 0.25 | — | 0.92 | KEV | Aug 29, 2023 | An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. |
| CVE-2023-29300 | | 0.25 | — | 0.94 | KEV | Jul 12, 2023 | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. |
| CVE-2023-36884 | | 0.25 | — | 0.93 | KEV | Jul 11, 2023 | Windows Search Remote Code Execution Vulnerability |
| CVE-2023-27997 | | 0.25 | — | 0.90 | KEV | Jun 13, 2023 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. |
| CVE-2023-28461 | | 0.25 | — | 0.89 | KEV | Mar 15, 2023 | Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." |
| CVE-2023-27532 | | 0.25 | — | 0.84 | KEV | Mar 10, 2023 | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. |
| CVE-2022-27593 | | 0.25 | — | 0.93 | KEV | Sep 8, 2022 | An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later |
| CVE-2022-29499 | | 0.25 | — | 0.89 | KEV | Apr 26, 2022 | The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA. |
| CVE-2022-27924 | | 0.25 | — | 0.91 | KEV | Apr 20, 2022 | Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. |
| CVE-2022-24682 | | 0.25 | — | 0.89 | KEV | Feb 9, 2022 | An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. |
| CVE-2021-22941 | | 0.25 | — | 0.88 | KEV | Sep 23, 2021 | Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller. |
| CVE-2021-20028 | | 0.25 | — | 0.83 | KEV | Aug 4, 2021 | Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier |
