| CVE ID | Title | Severity | References | ||
|---|---|---|---|---|---|
| upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | CRITICAL | 10.00 | KEV | 2024. 10. 29. | |
| CVE-2024-51378 |
| getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. |
CRITICAL |
10.00 |
KEV |
| 2024. 10. 29. |
| CVE-2024-3400 | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | CRITICAL | 10.00 | KEV KISA | 2024. 04. 12. |
| CVE-2023-40044 | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | CRITICAL | 10.00 | KEV | 2023. 09. 27. |
| CVE-2021-22205 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | CRITICAL | 10.00 | KEV | 2021. 04. 23. |
| CVE-2026-1731 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | CRITICAL | 9.95 | KEV KISA | 2026. 02. 06. |
| CVE-2025-53770 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | CRITICAL | 9.90 | KEV KISA | 2025. 07. 20. |
| CVE-2024-55956 | In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | CRITICAL | 9.90 | KEV | 2024. 12. 13. |
| CVE-2024-40711 | A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | CRITICAL | 9.90 | KEV KISA | 2024. 09. 07. |
| CVE-2023-47246 | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | CRITICAL | 9.90 | KEV | 2023. 11. 10. |
| CVE-2023-22518 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability. Atlassian Cloud sites a | CRITICAL | 9.90 | KEV KISA | 2023. 10. 31. |
| CVE-2023-46747 | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | CRITICAL | 9.90 | KEV KISA | 2023. 10. 26. |
| CVE-2023-43208 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | CRITICAL | 9.90 | KEV | 2023. 10. 26. |
| CVE-2023-22515 | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this | CRITICAL | 9.90 | KEV | 2023. 10. 04. |
| CVE-2023-42793 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | CRITICAL | 9.90 | KEV | 2023. 09. 19. |
| CVE-2023-38035 | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | CRITICAL | 9.90 | KEV | 2023. 08. 21. |
| CVE-2023-35078 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | CRITICAL | 9.90 | KEV | 2023. 07. 25. |
| CVE-2023-3519 | Unauthenticated remote code execution | CRITICAL | 9.90 | KEV KISA | 2023. 07. 19. |
| CVE-2023-27350 | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | CRITICAL | 9.90 | KEV | 2023. 04. 20. |
| CVE-2022-21587 | Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Avai | CRITICAL | 9.90 | KEV | 2022. 10. 18. |