Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
OLE Automation Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633.
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software.
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
Microsoft SharePoint Server Remote Code Execution Vulnerability
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
Microsoft Exchange Server Remote Code Execution Vulnerability
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Remote Code Execution Vulnerability
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217 for Windows and Linux platforms. This vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on 2025-04-28.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability