CVE number
1
CVE-2017-5638
2
CVE-2017-9805
3
CVE-2018-7600
4
CVE-2020-14750
5
CVE-2020-25213
6
CVE-2020-17496
7
CVE-2020-11651
8
CVE-2017-12611
9
CVE-2017-7657
10
CVE-2021-29441
11
CVE-2020-14179
12
CVE-2013-4547
13
CVE-2019-0230
14
CVE-2018-11776
15
CVE-2020-7961
Drag to adjust the number of frozen columns
Vendor
Product
CVSS V3 Score
CVSS V3 Severity
CWE ID
CWE Description
Exploit Link
Type Exploit
Ransomware Associations
APT groups
Malware
CISA Alert
Patches
Apache
Apache Struts 2 remote code execution (RCE) vulnerability
10
CRITICAL
CWE-20
Improper Input Validation
https://www.exploit-db.com/exploits/41570
webapps
Cerber| Hermes | Hermes 2.1 | WannaCry
Zombie Spider | Lazarus Group
NA
https://us-cert.cisa.gov/ncas/alerts/aa20-133a
https://cwiki.apache.org/confluence/display/WW/S2-045
Apache
Apache Struts 2 REST plugin XStream RCE vulnerability
8.1
HIGH
CWE-502
Deserialization of Untrusted Data
https://www.exploit-db.com/exploits/42627
remote
Cerber
NA
https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax
Drupal
Drupal Core RCE vulnerability
9.8
CRITICAL
CWE-20
Improper Input Validation
https://www.exploit-db.com/exploits/44449
webapps
VevoLocker | Muhstik | Petya | Satan
Sea Turtle | Kelvin SecTeam
NA
https://us-cert.cisa.gov/ncas/alerts/aa20-133a
https://groups.drupal.org/security/faq-2018-002
Oracle
Oracle WebLogic Server RCE vulnerability
9.8
CRITICAL
Prophet Spider
NA
https://us-cert.cisa.gov/ncas/current-activity/2020/11/02/oracle-releases-out-band-security-alert
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
WordPress
WordPress File Manager (wp filemanager) plugin RCE vulnerability
9.8
CRITICAL
CWE-434
Unrestricted Upload of File with Dangerous Type
https://www.exploit-db.com/exploits/49178
webapps
NA
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
vBulletin
vBulletin 'subwidgetConfig' unauthenticated RCE vulnerability
9.8
CRITICAL
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
NA
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch
SaltStack
SaltStack Salt authorization weakness vulnerability
9.8
CRITICAL
CWE-306
Missing Authentication for Critical Function
https://www.exploit-db.com/exploits/48421
remote
NA
https://us-cert.cisa.gov/ncas/current-activity/2020/05/01/saltstack-patches-critical-vulnerabilities-salt
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html
vBulletin
Apache Struts OGNL expression RCE vulnerability
9.8
CRITICAL
CWE-20
Improper Input Validation
https://www.exploit-db.com/exploits/44556
remote
NA
https://struts.apache.org/docs/s2-053.html
Eclipse
Eclipse Jetty chunk length parsing integer overflow vulnerability
9.8
CRITICAL
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
NA
https://security.netapp.com/advisory/ntap-20181014-0001/
Alibaba
Alibaba Nacos AuthFilter authentication bypass vulnerability
9.8
CRITICAL
CWE-290
Authentication Bypass by Spoofing
https://github.com/advisories/GHSA-36hp-jr8h-556f
NA
https://github.com/alibaba/nacos/pull/4703
Atlassian
Atlassian Jira information disclosure vulnerability
5.3
MEDIUM
NA
https://jira.atlassian.com/browse/JRASERVER-71536
Nginx
Nginx crafted URI string handling access restriction bypass vulnerability
8
HIGH
CWE-116
Improper Encoding or Escaping of Output
https://www.exploit-db.com/exploits/38846
remote
NA
http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html
Apache
Apache Struts 2 RCE vulnerability
9.8
CRITICAL
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
https://www.exploit-db.com/exploits/49068
remote
NA
https://us-cert.cisa.gov/ncas/current-activity/2020/08/14/apache-releases-security-advisory-struts-2
https://cwiki.apache.org/confluence/display/ww/s2-059
Apache
Apache Struts OGNL expression RCE vulnerability
8.1
HIGH
CWE-20
Improper Input Validation
https://www.exploit-db.com/exploits/45367
remote
Locky | Lucky | Satan
TA505 | Dungeon Spider
NA
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
Liferay
Liferay Portal untrusted deserialization vulnerability
9.8
CRITICAL
CWE-502
Deserialization of Untrusted Data
https://www.exploit-db.com/exploits/48332
remote
NA
https://portal.liferay.dev/learn/security/known-vulnerabilities
15 records

Alert

Lorem ipsum
Okay
View larger version
Download CSV