Search Results (312698 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3980 1 Hitachienergy 3 Microscada Pro Sys600, Microscada Sys600, Microscada X Sys600 2025-08-27 8.8 High
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
CVE-2024-39546 1 Juniper 1 Junos Os Evolved 2025-08-27 7.3 High
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.  This issue affects Junos OS Evolved:  * All versions prior to 21.2R3-S8-EVO,  * 21.4 versions prior to  21.4R3-S6-EVO,  * 22.1 versions prior to 22.1R3-S5-EVO,  * 22.2 versions prior to 22.2R3-S3-EVO,  * 22.3 versions prior to 22.3R3-S3-EVO,  * 22.4 versions prior to 22.4R3-EVO,  * 23.2 versions prior to 23.2R2-EVO.
CVE-2024-3746 1 Measuresoft 1 Scadapro Server 2025-08-27 5.5 Medium
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.
CVE-2024-39118 1 Mommyheather 1 Advanced Backups 2025-08-27 5.5 Medium
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.
CVE-2024-30220 1 Planex 4 Mzk-mf300hp2, Mzk-mf300hp2 Firmware, Mzk-mf300n and 1 more 2025-08-27 8.8 High
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVE-2024-30039 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-08-27 5.5 Medium
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30030 1 Microsoft 1 Windows Server 2008 2025-08-27 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-30025 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-08-27 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30020 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-08-27 8.1 High
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-30018 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-08-27 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-30011 1 Microsoft 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more 2025-08-27 6.5 Medium
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-2931 1 Wpfront 1 Wpfront User Role Editor 2025-08-27 4.3 Medium
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.
CVE-2024-2689 2025-08-27 4.4 Medium
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.
CVE-2021-28165 5 Eclipse, Jenkins, Netapp and 2 more 28 Jetty, Jenkins, Cloud Manager and 25 more 2025-08-27 7.5 High
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
CVE-2021-20190 6 Apache, Debian, Fasterxml and 3 more 10 Nifi, Debian Linux, Jackson-databind and 7 more 2025-08-27 8.1 High
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-36518 5 Debian, Fasterxml, Netapp and 2 more 49 Debian Linux, Jackson-databind, Active Iq Unified Manager and 46 more 2025-08-27 7.5 High
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2020-35728 5 Debian, Fasterxml, Netapp and 2 more 42 Debian Linux, Jackson-databind, Service Level Manager and 39 more 2025-08-27 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVE-2020-14061 5 Debian, Fasterxml, Netapp and 2 more 20 Debian Linux, Jackson-databind, Active Iq Unified Manager and 17 more 2025-08-27 8.1 High
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
CVE-2019-12814 3 Debian, Fasterxml, Redhat 12 Debian Linux, Jackson-databind, Amq Streams and 9 more 2025-08-27 5.9 Medium
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CVE-2017-17485 4 Debian, Fasterxml, Netapp and 1 more 15 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 12 more 2025-08-27 9.8 Critical
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.