Exploitation of Remote Services

CVE-2026-20127 is a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager that allows unauthenticated remote attackers to…

CVE-2024-37079 is a critical heap-overflow vulnerability in VMware vCenter Server affecting the DCERPC protocol implementation, allowing remote code execution v…

CVE-2025-47827 affects IGEL OS versions prior to 11, allowing a Secure Boot bypass due to improper cryptographic signature verification in the igel-flash-driver…

CVE-2023-20109 is a memory corruption vulnerability (CWE-787) in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS and IOS XE Software, all…

CVE-2025-22225 is a high-severity (CVSS 8.2) arbitrary write vulnerability in VMware ESXi, classified under CWE-787 and CWE-123. It allows a malicious actor wit…

CVE-2020-2883 is a critical vulnerability in Oracle WebLogic Server affecting versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0, allowing unauthentica…

CVE-2020-14644 is a critical vulnerability in Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, allowing unauthenticated attackers to comp…

VMware vCenter Server contains a critical out-of-bounds write vulnerability (CWE-787) in its DCERPC protocol implementation, allowing remote code execution with…

CVE-2023-46604 is a critical Remote Code Execution vulnerability in Apache ActiveMQ caused by insecure deserialization in the Java OpenWire protocol marshaller.…

CVE-2016-6415 is an information disclosure vulnerability in Cisco IOS, IOS XE, and IOS XR IKEv1 implementations that allows remote attackers to obtain sensitive…

CVE-2016-8735 is a critical remote code execution vulnerability in Apache Tomcat versions before 6.0.48, 7.0.73, 8.0.39, 8.5.7, and 9.0.0.M12 when JmxRemoteLife…

CVE-2023-21839 is a high-severity vulnerability (CVSS 7.5) affecting Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0. It allows unauthent…

CVE-2010-2568 is a remote code execution vulnerability in Microsoft Windows Shell affecting Windows XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, …

CVE-2018-7445 is a critical buffer overflow vulnerability in the MikroTik RouterOS SMB service, classified under CWE-119. It allows unauthenticated remote attac…

CVE-2017-0147 is a high-severity information disclosure vulnerability affecting the SMBv1 server in various Microsoft Windows versions, including Vista SP2, Win…

CVE-2022-20821 is a medium severity vulnerability in Cisco IOS XR Software affecting the health check RPM within the NOSi container. It allows an unauthenticate…

CVE-2008-4250 is a critical remote code execution vulnerability in the Microsoft Windows Server service affecting Windows 2000 through Windows 7 Pre-Beta. The f…

CVE-2019-0703 is an information disclosure vulnerability in the Windows SMB Server that allows attackers to obtain sensitive information via crafted requests. T…

CVE-2019-3568 is a critical buffer overflow vulnerability in the WhatsApp VOIP stack affecting Android, iOS, Windows Phone, and Tizen versions prior to specific…

CVE-2021-42278 is a high-severity elevation of privilege vulnerability in Microsoft Active Directory Domain Services with a CVSS v3.1 score of 7.5. The vulnerab…

CVE-2017-0148 is a high-severity remote code execution vulnerability in the SMBv1 server component of various Microsoft Windows operating systems, including Win…

CVE-2017-0146 is a high-severity remote code execution vulnerability in the SMBv1 server component of various Microsoft Windows operating systems, including Vis…

CVE-2014-6324 is a high-severity authentication bypass vulnerability in the Microsoft Windows Kerberos Key Distribution Center (KDC) affecting Windows Server 20…

CVE-2022-20708 affects Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, allowing attackers to execute arbitrary code, elevate privileges, byp…

CVE-2022-20700 is a critical vulnerability affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers, with a CVSS v3.1 score of 10.0. The fla…

CVE-2017-6740 is a high-severity buffer overflow vulnerability (CWE-119) in the SNMP subsystem of Cisco IOS and IOS XE Software, affecting all SNMP versions. It…

CVE-2008-3431 is a local privilege escalation vulnerability in Sun xVM VirtualBox versions prior to 1.6.4, caused by improper validation of buffer data in the V…

CVE-2020-0796 is a critical remote code execution vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, classified under CWE-119. It carri…

CVE-2017-8464 is a remote code execution vulnerability in the Windows Shell affecting multiple versions of Microsoft Windows, including Server 2008, 7, 8, 10, a…

CVE-2017-0145 is a high-severity remote code execution vulnerability in the SMBv1 server component of various Microsoft Windows operating systems, including Win…

CVE-2017-0144 is a remote code execution vulnerability in the SMBv1 server component of various Microsoft Windows operating systems, including Vista SP2, Window…

CVE-2014-1812 is a high-severity vulnerability in Microsoft Windows Group Policy implementation affecting Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows…

CVE-2019-0708 is a critical remote code execution vulnerability in Microsoft Remote Desktop Services (formerly Terminal Services) classified under CWE-416. It a…

CVE-2020-1472 is a medium severity elevation of privilege vulnerability in Microsoft Netlogon (CVSS v3.1 score 5.5) affecting Windows domain controllers. It all…

CVE-2020-2555 is a critical vulnerability in Oracle Coherence affecting versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, and 12.2.1.4.0, classified under CWE-502 (Dese…

CVE-2020-3992 is a critical memory corruption vulnerability (use-after-free) in the OpenSLP service of VMware ESXi versions 7.0, 6.7, and 6.5. It allows remote …

CVE-2018-2628 is a critical vulnerability in Oracle WebLogic Server affecting versions 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3. It allows unauthenticated att…

CVE-2024-21182 is a high-severity vulnerability in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, allowing unauthenticated attackers to compromise t…

CVE-2018-13374 is an improper access control vulnerability (CWE-732) in Fortinet FortiOS versions 6.0.2, 5.6.7 and earlier, and FortiADC versions 6.1.0, 6.0.0 t…

CVE-2026-40033 is a high-severity heap-buffer-overflow vulnerability (CWE-122) in FreeRDP versions prior to 3.26.0. The flaw resides in the gdi_CacheToSurface f…

CVE-2026-49298 is a HIGH severity vulnerability (CVSS 8.8) in Apache Airflow affecting the KubernetesExecutor, where JWT tokens are exposed as command-line argu…

FastNetMon Community Edition through version 1.2.9 contains a configuration injection vulnerability in its Juniper router integration plugin due to unsanitized …

CVE-2026-48692 affects FastNetMon Community Edition through version 1.2.9, which exposes a gRPC API server on port 50052 without any authentication mechanism. T…

CVE-2026-45255 is a command injection vulnerability in the bsdinstall and bsdconfig utilities of OpenBSD, caused by improper shell escaping when processing Wi-F…

CVE-2026-46124 is a high-severity vulnerability in the Linux kernel's isofs module affecting NFS exports. It allows an authenticated attacker to pass an attacke…

CVE-2026-46114 is a high-severity information disclosure vulnerability in the Linux kernel's RDMA/rxe driver, specifically within the atomic_write_reply functio…

Rocket.Chat versions prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 contain an information disclosure vulnerability in the autoTranslate…

CVE-2026-44066 is a high severity vulnerability (CVSS 7.1) affecting Netatalk versions 3.1.0 through 4.4.2. It involves multiple heap out-of-bounds reads in the…

Exos 9300 instances utilize a predictable database password derived from static random values, the hostname, and a registry-readable string, allowing authentica…