| 0.945840000 |
CVE-2023-42793 |
1.000000000 |
2025-06-25 |
|
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Reference: http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html |
| 0.945770000 |
CVE-2024-27198 |
1.000000000 |
2025-06-25 |
|
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible Reference: https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive |
| 0.945320000 |
CVE-2023-23752 |
1.000000000 |
2025-06-25 |
|
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. Reference: https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html |
| 0.945160000 |
CVE-2023-44487 |
0.999990000 |
2025-06-25 |
|
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Reference: http://www.openwall.com/lists/oss-security/2023/10/10/6 |
| 0.944890000 |
CVE-2024-27199 |
0.999990000 |
2025-06-25 |
|
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible Reference: https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive |
| 0.944890000 |
CVE-2018-7600 |
0.999990000 |
2025-06-25 |
|
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. Reference: http://www.securityfocus.com/bid/103534 |
| 0.944870000 |
CVE-2022-22965 |
0.999980000 |
2025-06-25 |
|
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Reference: http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html |
| 0.944870000 |
CVE-2018-1000861 |
0.999980000 |
2025-06-25 |
|
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. Reference: http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html |
| 0.944860000 |
CVE-2019-3396 |
0.999980000 |
2025-06-25 |
|
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. Reference: http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html |
| 0.944850000 |
CVE-2023-35078 |
0.999970000 |
2025-06-25 |
|
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Reference: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability |