CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-7445	High	85.9%	MikroTikRouterOS	In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.	Sep 8, 2022	KEV
CVE-2017-5521	High	93.8%	NETGEARMultiple Devices	Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.	Sep 8, 2022	KEV
CVE-2018-13374	High	3.8%	FortinetFortiOS and FortiADC	Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.	Sep 8, 2022	KEV
CVE-2022-22536	High	93.8%	SAPMultiple Products	SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.	Aug 18, 2022	KEV
CVE-2022-26138	High	94.3%	AtlassianConfluence	Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.	Jul 29, 2022	KEV
CVE-2016-2388	High	62.3%	SAPNetWeaver	The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.	Jun 9, 2022	KEV
CVE-2010-0738	High	90.9%	Red HatJBoss	The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.	May 25, 2022	KEV
CVE-2019-0703	High	23.2%	MicrosoftWindows	An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.	May 23, 2022	KEV
CVE-2010-5330	High	47.1%	UbiquitiAirOS	Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.	Apr 15, 2022	KEV
CVE-2018-11138	High	93.4%	QuestKACE System Management Appliance	The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.	Mar 25, 2022	KEV
CVE-2017-12615	High	94.2%	ApacheTomcat	When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.	Mar 25, 2022	KEV
CVE-2017-12617	High	94.4%	ApacheTomcat	When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.	Mar 25, 2022	KEV
CVE-2009-1151	High	93.0%	phpMyAdminphpMyAdmin	Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.	Mar 25, 2022	KEV
CVE-2014-0130	High	45.4%	RailsRuby on Rails	Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.	Mar 25, 2022	KEV
CVE-2019-0543	High	16.6%	MicrosoftWindows	A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.	Mar 15, 2022	KEV
CVE-2020-5135	High	25.0%	SonicWallSonicOS	A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.	Mar 15, 2022	KEV
CVE-2019-1322	High	36.5%	MicrosoftWindows	A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.	Mar 15, 2022	KEV
CVE-2016-0099	High	90.4%	MicrosoftWindows	A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.	Mar 3, 2022	KEV
CVE-2016-3088	High	94.3%	ApacheActiveMQ	The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request	Feb 10, 2022	KEV
CVE-2020-0796	High	94.4%	MicrosoftSMBv3	A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.	Feb 10, 2022	KEV

CVE-2018-7445KEV

High

In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.

MikroTikEPSS 85.9%

CVE-2017-5521KEV

High

Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

NETGEAREPSS 93.8%

CVE-2018-13374KEV

High

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.

FortinetEPSS 3.8%

CVE-2022-22536KEV

High

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.

SAPEPSS 93.8%

CVE-2022-26138KEV

High

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

AtlassianEPSS 94.3%

CVE-2016-2388KEV

High

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

SAPEPSS 62.3%

CVE-2010-0738KEV

High

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Red HatEPSS 90.9%

CVE-2019-0703KEV

High

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.

MicrosoftEPSS 23.2%

CVE-2010-5330KEV

High

Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

UbiquitiEPSS 47.1%

CVE-2018-11138KEV

High

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

QuestEPSS 93.4%

CVE-2017-12615KEV

High

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

ApacheEPSS 94.2%

CVE-2017-12617KEV

High

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

ApacheEPSS 94.4%

CVE-2009-1151KEV

High

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

phpMyAdminEPSS 93.0%

CVE-2014-0130KEV

High

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.

RailsEPSS 45.4%

CVE-2019-0543KEV

High

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

MicrosoftEPSS 16.6%

CVE-2020-5135KEV

High

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

MicrosoftEPSS 90.4%

CVE-2016-3088KEV

High

The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

ApacheEPSS 94.3%

CVE-2020-0796KEV

High

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

MicrosoftEPSS 94.4%

1 2 3 4 5 6 7