CVE & Exploit Intelligence Database

CVE-2021-37144 9.1 CRITICAL EPSS 0.00

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

CWE-706 Jul 30, 2021

CVE-2021-31920 6.5 MEDIUM EPSS 0.00

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

CWE-706 May 27, 2021

CVE-2021-32054 6.1 MEDIUM 1 Writeup EPSS 0.00

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.

CWE-706 May 14, 2021

CVE-2021-31933 7.2 HIGH 1 PoC Analysis EPSS 0.15

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.

CWE-706 Apr 30, 2021

CVE-2021-27306 7.5 HIGH EPSS 0.01

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

CWE-706 Mar 18, 2021

CVE-2020-4719 4.9 MEDIUM EPSS 0.00

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.

CWE-706 Mar 02, 2021

CVE-2020-35566 5.3 MEDIUM EPSS 0.00

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.

CWE-706 Feb 16, 2021

CVE-2020-23448 9.8 CRITICAL EPSS 0.00

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

CWE-306 Jan 26, 2021

CVE-2021-24122 5.9 MEDIUM EPSS 0.54

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.

CWE-200 Jan 14, 2021

CVE-2020-35894 7.5 HIGH EPSS 0.00

An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.

CWE-706 Dec 31, 2020

CVE-2020-35623 7.5 HIGH EPSS 0.00

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

CWE-20 Dec 21, 2020

CVE-2020-26233 7.3 HIGH 2 PoCs Analysis EPSS 0.16

Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET Core that runs on Windows and macOS. In Git Credential Manager Core before version 2.0.289, when recursively cloning a Git repository on Windows with submodules, Git will first clone the top-level repository and then recursively clone all submodules by starting new Git processes from the top-level working directory. If a malicious git.exe executable is present in the top-level repository then this binary will be started by Git Credential Manager Core when attempting to read configuration, and not git.exe as found on the %PATH%. This only affects GCM Core on Windows, not macOS or Linux-based distributions. GCM Core version 2.0.289 contains the fix for this vulnerability, and is available from the project's GitHub releases page. GCM Core 2.0.289 is also bundled in the latest Git for Windows release; version 2.29.2(3). As a workaround, users should avoid recursively cloning untrusted repositories with the --recurse-submodules option.

CWE-706 Dec 08, 2020

CVE-2020-13311 4.3 MEDIUM EPSS 0.00

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user interface.

CWE-706 Sep 14, 2020

CVE-2020-15505 9.8 CRITICAL KEV 2 PoCs Analysis NUCLEI EPSS 0.94

A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.

CWE-706 Jul 07, 2020

CVE-2020-12279 9.8 CRITICAL 1 Writeup EPSS 0.05

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

CWE-706 Apr 27, 2020

CVE-2020-12278 9.8 CRITICAL 1 Writeup EPSS 0.06

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.

CWE-706 Apr 27, 2020

CVE-2020-10574 9.8 CRITICAL EPSS 0.00

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.

CWE-706 Mar 14, 2020

CVE-2019-19921 7.0 HIGH EPSS 0.00

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

CWE-706 Feb 12, 2020

CVE-2019-1351 7.5 HIGH 1 PoC Analysis EPSS 0.23

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

CWE-706 Jan 24, 2020

CVE-2019-12837 4.3 MEDIUM EPSS 0.00

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.

CWE-706 Dec 31, 2019