Server Software Component

CVE-2026-45321 is a critical supply-chain vulnerability affecting 42 TanStack packages, including TanStack/router, where 84 malicious versions were published to…

CVE-2025-52691 is a critical vulnerability in SmarterMail affecting the SmarterTools product, allowing unauthenticated attackers to upload arbitrary files to an…

CVE-2025-35939 affects Craft CMS versions prior to 5.7.5 and 4.15.3, allowing unauthenticated attackers to store arbitrary content, including PHP code, in serve…

CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer Metadata Uploader caused by insufficient authorization controls. This flaw allows un…

CVE-2025-3928 affects the Commvault Web Server, allowing remote authenticated attackers to compromise the system by creating and executing webshells. The vulner…

CVE-2025-24813 is a critical vulnerability in Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98, allowing …

CVE-2024-57968 is a critical vulnerability in Advantive VeraCore versions prior to 2024.4.2.1, allowing remote authenticated users to upload files to unintended…

CVE-2024-50623 is a critical remote code execution vulnerability in Cleo Harmony, VLTrader, and LexiCom versions prior to 5.8.0.21, caused by unrestricted file …

CVE-2024-11680 is a critical improper authentication vulnerability (CWE-306) affecting ProjectSend versions prior to r1720, allowing remote unauthenticated atta…

CVE-2024-39717 affects Versa Director, allowing authenticated Provider-Data-Center-Admin or Provider-Data-Center-System-Admin users to upload malicious files di…

CVE-2023-47246 is a critical path traversal vulnerability (CWE-22) in SysAid On-Premise versions prior to 23.3.36 that allows attackers to write files to the To…

CVE-2023-36847 is a missing authentication vulnerability in Juniper Networks Junos OS on EX Series devices, allowing unauthenticated network-based attackers to …

CVE-2023-36851 is a missing authentication vulnerability in Juniper Networks Junos OS on SRX Series devices, specifically affecting webauth_operation.php within…

CVE-2022-35914 is a critical PHP code injection vulnerability in the htmLawedTest.php file of the htmlawed module for GLPI through version 10.0.2. Classified un…

CVE-2017-11357 is a critical remote code execution vulnerability in Progress Telerik UI for ASP.NET AJAX prior to R2 2017 SP2, caused by improper input restrict…

CVE-2022-26500 is a path traversal vulnerability (CWE-22) in Veeam Backup & Replication versions 9.5U3, 9.5U4, 10.x, and 11.x, allowing remote authenticated use…

CVE-2022-41352 is a critical path traversal vulnerability (CWE-22) in Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0, allowing attackers to upload arb…

CVE-2022-26352 is a critical path traversal vulnerability in dotCMS versions 3.0 through 22.02 that allows attackers to upload files outside intended storage lo…

CVE-2022-27925 affects Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0, involving a directory traversal vulnerability in the mboximport functionality t…

CVE-2022-37042 is a critical vulnerability in Zimbra Collaboration Suite (ZCS) versions 8.8.15 and 9.0, classified as a path traversal and authentication bypass…

CVE-2021-26828 is a HIGH severity vulnerability (CVSS 8.8) in OpenPLC ScadaBR affecting versions through 0.9.1 on Linux and 1.12.4 on Windows. It allows remote …

CVE-2022-29464 is a critical remote code execution vulnerability in multiple WSO2 products, including API Manager, Identity Server, and Enterprise Integrator, c…

CVE-2017-11317 is a critical vulnerability in Progress Telerik UI for ASP.NET AJAX versions prior to R1 2017 and R2 before R2 2017 SP2, caused by weak encryptio…

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that allows unauthenticated remote attackers to upload files, poten…

CVE-2017-12617 is a remote code execution vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46, and 7.0.0 to 7.0.81 w…

CVE-2017-12615 is a remote code execution vulnerability in Apache Tomcat versions 7.0.0 through 7.0.79 on Windows when HTTP PUTs are enabled. It allows attacker…

CVE-2009-1151 is a critical static code injection vulnerability in phpMyAdmin versions 2.11.x prior to 2.11.9.5 and 3.x prior to 3.1.3.1, allowing remote attack…

CVE-2020-1938 is a critical vulnerability in Apache Tomcat versions 9.0.0.M1 through 9.0.0.30, 8.5.0 through 8.5.50, and 7.0.0 through 7.0.99, caused by a defau…

CVE-2017-9841 is a critical remote code execution vulnerability in PHPUnit versions before 4.8.28 and 5.x before 5.6.3, classified under CWE-94 Improper Neutral…

CVE-2016-3088 is a critical remote code execution vulnerability in Apache ActiveMQ 5.x versions prior to 5.14.0, classified under CWE-434 Improper Restriction o…

CVE-2021-27860 is a critical vulnerability in FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1, allowing remote unauthenti…

CVE-2020-8655 is a privilege escalation vulnerability in EyesOfNetwork 5.3 caused by a flawed sudoers configuration. It allows the apache user to execute arbitr…

CVE-2012-3152 is a critical vulnerability in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 affecting the Oracle Reports Developer component. It allo…

CVE-2020-8243 is a high-severity vulnerability in Ivanti Pulse Connect Secure versions prior to 9.1R8.2 that allows authenticated attackers to upload custom tem…

CVE-2021-20022 affects SonicWall Email Security version 10.0.9.x, allowing a post-authenticated attacker to upload arbitrary files to the remote host. This vuln…

CVE-2017-9248 is a critical vulnerability in Progress Telerik UI for ASP.NET AJAX and Sitefinity affecting versions prior to R2 2017 SP1 and 10.0.6412.0 respect…

CVE-2021-36741 is a HIGH severity (CVSS 8.8) improper input validation vulnerability (CWE-434) in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, an…

CVE-2021-22005 is a critical arbitrary file upload vulnerability in VMware vCenter Server's Analytics service, classified under CWE-22 (Path Traversal). It allo…

CVE-2020-25213 is a critical remote code execution vulnerability in the WordPress File Manager plugin (wp-file-manager) prior to version 6.9, classified under C…

CVE-2019-8394 is a medium severity vulnerability (CVSS 6.5) in Zoho ManageEngine ServiceDesk Plus versions prior to 10.0 build 10012, classified under CWE-434 (…

CVE-2018-4063 is a high-severity remote code execution vulnerability in Sierra Wireless AirLink ES450 firmware version 4.9.3, classified under CWE-434. It allow…

CVE-2026-6443 affects all versions of plugins developed by Essentialplugin for WordPress, resulting from a supply-chain compromise where a malicious actor embed…

CVE-2026-6555 is a critical remote code execution vulnerability in ProSolution WP Client for WordPress versions up to and including 2.0.0, classified under CWE-…

The Piotnet Forms plugin for WordPress versions up to 2.1.40 contains a critical arbitrary file upload vulnerability due to missing file type validation in the …

CVE-2026-4885 is a critical vulnerability in the Piotnet Addons for Elementor Pro WordPress plugin affecting versions up to 7.1.70. It allows unauthenticated at…

CVE-2018-25335 is a critical arbitrary file upload vulnerability in WordPress Plugin Peugeot Music version 1.0, classified under CWE-306. It allows unauthentica…

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability (CWE-306) that allows unauthenticated attackers to upload malicious PHP files via crafted POST r…

CVE-2026-1830 is a critical Remote Code Execution vulnerability in the Quick Playground WordPress plugin versions up to 1.3.1. The flaw stems from insufficient …

CVE-2026-6271 is a critical vulnerability in the Career Section plugin for WordPress, affecting versions up to and including 1.7. The flaw allows unauthenticate…

CVE-2018-25353 is a HIGH severity vulnerability (CVSS 8.8) in Redaxo CMS Mediapool Addon versions 5.5.1 and older, classified under CWE-863. It allows authentic…