High Severity Vulnerabilities

Found 12791 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

vBulletin 5.6.1 nodeId SQL injection

CVE-2020-12720

CWE-94

High

Unauthenticated Arbitrary File Read vulnerability in VMware vCenter

-

CWE-22

High

WordPress Duplicator plugin Unauthenticated Arbitrary File Download

-

CWE-22

High

WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS)

CVE-2019-17231

CWE-79

High

Cross site scripting (XSS) in ASP.NET via ResolveUrl

-

CWE-79

High

Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)

CVE-2020-35847

CWE-89

High

AppWeb Authentication Bypass (CVE-2018-8715)

CVE-2018-8715

CWE-287

High

Unauthenticated OGNL injection in Confluence Server and Data Center

CVE-2021-26084

CWE-917

High

Dragonfly Arbitrary File Read/Write (CVE-2021-33564)

CVE-2021-33564

CWE-20

High

Ghost CMS Theme Preview XSS (CVE-2021-29484)

CVE-2021-29484

CWE-79

High

GoCD information disclosure (CVE-2021-43287)

CVE-2021-43287

CWE-200

High

Grav CMS Unauthenticated RCE (CVE-2021-21425)

CVE-2021-21425

CWE-284

High

Laravel Terminal open

-

CWE-200

High

ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)

CVE-2021-40539

CWE-287

High

Oracle E-Business Suite Information Disclosure

-

CWE-200

High

Apache OFBiz SOAPService Deserialization RCE

CVE-2021-26295

CWE-502

High

Request Smuggling

-

CWE-444

High

RethinkDB administrative interface publicly exposed

-

CWE-200

High

SearchBlox Local File Inclusion (CVE-2020-35580)

CVE-2020-35580

CWE-22

High

Sitecore XP Deserialization RCE (CVE-2021-42237)

CVE-2021-42237

CWE-502

High

Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)

CVE-2021-27850

CWE-200

High

VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability

CVE-2021-21975

CWE-918

High

Web Cache Poisoning via semicolon query separator

-

CWE-44

High

Deserialization of Untrusted Data (XStream)

CVE-2020-26217

CWE-502

High

Zimbra Collaboration Suite SSRF (CVE-2020-7796)

CVE-2020-7796

CWE-918

High

Vulnerable package dependencies [high]

-

CWE-1104

High

Apache Airflow Experimental API Auth Bypass CVE-2020-13927

CVE-2020-13927

CWE-200

High

Apache Airflow default credentials

-

CWE-798

High

Apache Airflow Unauthorized Access Vulnerability

-

CWE-200

High

Apache Flink jobmanager/logs Path Traversal

CVE-2020-17519

CWE-22

High

Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)

CVE-2021-41773

CWE-22

High

Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)

CVE-2021-40438

CWE-918

High

Apache Shiro authentication bypass

CVE-2020-17523

CWE-287

High

BuddyPress REST API Privilege Escalation

CVE-2021-21389

CWE-269

High

Unrestricted access to Caddy API interface

-

CWE-200

High

Client Side Template Injection

-

CWE-116

High

Delve Debugger Unauthorized Access Vulnerability

-

CWE-200

High

ExpressJs Local File Read via the layout parameter

-

CWE-22

High

F5 iControl REST unauthenticated remote command execution vulnerability

CVE-2021-22986

CWE-78

High

ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)

CVE-2021-35464

CWE-502

High

ForgeRock OpenAM Deserialization RCE (CVE-2021-29156)

CVE-2021-29156

CWE-74

High

GitLab ExifTool RCE (CVE-2021-22205)

CVE-2021-22205

CWE-918

High

Grafana Plugin Dir Traversal (CVE-2021-43798)

CVE-2021-43798

CWE-200

High

Grandnode Path Traversal (CVE-2019-12276)

CVE-2019-12276

CWE-22

High

Unrestricted access to Haproxy Data Plane API

-

CWE-200

High

HTTP/2 pseudo-header server side request forgery

-

CWE-918

High

Web Cache Poisoning through HTTP/2 pseudo-headers

-

CWE-44

High

Unrestricted access to Kong Gateway API

-

CWE-200

High

Lucee Server Arbitrary File Creation

CVE-2021-21307

CWE-22

High

Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability

CVE-2021-26855

CWE-918

High

Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)

CVE-2021-34473

CWE-918

High

SSRF via logo_uri in MITREid Connect

CVE-2021-26715

CWE-918

High

Alibaba Nacos Authentication Bypass (CVE-2021-29441)

CVE-2021-29441

CWE-287

High

Node.js Debugger Unauthorized Access Vulnerability

-

CWE-200

High

Node.js Inspector Unauthorized Access Vulnerability

-

CWE-200

High

ntopng Authentication Bypass (CVE-2021-28073)

CVE-2021-28073

CWE-287

High

Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface

CVE-2020-2036

CWE-79

High

Python Debugger Unauthorized Access Vulnerability

-

CWE-200

High

qdPM Information Disclosure

-

CWE-260

High

SAML Consumer Service XML entity injection (XXE)

-

CWE-611

High

Missing Authentication Check in SAP Solution Manager

CVE-2020-6207

CWE-287

High

SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit

-

CWE-78

High

spring-boot-actuator-logview Path Traversal

CVE-2021-21234

CWE-22

High

Virtual Host locations misconfiguration

-

CWE-200

High

VMware vCenter Server Unauthorized Remote Code Execution

CVE-2021-21972

CWE-78

High

AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)

CVE-2021-23758

CWE-502

High

ASP.NET connection strings stored in plaintext

-

CWE-16

High

Authentication bypass via MongoDB operator injection

-

CWE-943

High

Bonita Authorization Bypass (CVE-2022-25237)

CVE-2022-25237

CWE-863

High

Unauthenticated remote code execution vulnerability in Confluence Server and Data Center

CVE-2022-26134

CWE-917

High

DotCMS unrestricted file upload (CVE-2022-26352)

CVE-2022-26352

CWE-434

High

.NET JSON.NET Deserialization RCE

-

CWE-502

High

Email Header Injection (Invicti IAST)

-

CWE-20

High

Jenkins Git Plugin missing permission check (CVE-2022-36883)

CVE-2022-36883

CWE-862

High

ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)

CVE-2020-10189

CWE-502

High