An OGNL injection vulnerability present in ActionChainResult class of xwork jar file would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
This module exploits a vulnerability in Microsoft MSDT, which can be leveraged to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to open a malicious document.
An athentication bypass present in iControl REST of F5 BIG-IP allows unauthenticated remote attackers to execute OS commands as root.
The customError.ftl filter in VMware Workspace ONE Access allows remote attackers to achieve remote code execution via server-side template injection.
An unsafe data binding used to populate an object from request parameters (either query parameters or form data) to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications allows unauthenticated attackers to upload and execute a JSP file in the Tomcat virtual file system webapps directory.
A deserialization vulnerability present in the OpenssoEngineController component of Oracle Access Manager allows a unauthenticated attacker with network access via HTTP to execute system commands.
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
This module exploits a vulnerability in Apache APISIX batch requests plugin to perform a remote code execution.
An authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate and a file upload present in ExecuteUploadManagerPerformUpload allows an unauthenticated attacker to execute system commands with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE)
Description: JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by Apache James, allows unauthenticated attackers to execute system commands.