CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
2,235
Total CVEs
1,590
CISA KEV
41
Known Exploits
8.8
Avg CVSS Score
Showing 20 of 2,235 CVEs
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.