Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24107 | 1 Hour Of Code Python 2015 Project | 1 Hour Of Code Python 2015 | 2025-03-13 | N/A | 9.8 CRITICAL |
| hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2019-10758 | 1 Mongo-express Project | 1 Mongo-express | 2025-03-13 | 9.0 HIGH | 9.9 CRITICAL |
| mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. | |||||
| CVE-2019-7609 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2025-03-13 | 10.0 HIGH | 10.0 CRITICAL |
| Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2025-03-13 | 7.5 HIGH | 10.0 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | |||||
| CVE-2024-11635 | 1 Iptanus | 1 Wordpress File Upload | 2025-03-13 | N/A | 9.8 CRITICAL |
| The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. | |||||
| CVE-2023-52381 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 9.8 CRITICAL |
| Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
| CVE-2024-52765 | 1 H3c | 2 Gr-1800ax, Gr-1800ax Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | |||||
| CVE-2025-27407 | 2025-03-12 | N/A | 9.0 CRITICAL | ||
| graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue. | |||||
| CVE-2022-22954 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | |||||
| CVE-2025-26936 | 2025-03-10 | N/A | 10.0 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0. | |||||
| CVE-2022-45553 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 9.8 CRITICAL |
| An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. | |||||
| CVE-2023-24776 | 1 Funadmin | 1 Funadmin | 2025-03-06 | N/A | 9.8 CRITICAL |
| Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | |||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2025-03-06 | N/A | 9.8 CRITICAL |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | |||||
| CVE-2023-22889 | 1 Smartbear | 1 Zephyr Enterprise | 2025-03-05 | N/A | 9.8 CRITICAL |
| SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. | |||||
| CVE-2024-53944 | 2025-03-04 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq endpoint fails to sanitize shell metacharacters sent via JSON parameters, thus allowing attackers to execute arbitrary OS commands with root privileges. | |||||
| CVE-2025-27554 | 2025-03-01 | N/A | 9.9 CRITICAL | ||
| ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred. | |||||
| CVE-2023-25344 | 2 Swig-templates Project, Swig Project | 2 Swig-templates, Swig | 2025-02-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function. | |||||
| CVE-2023-24795 | 1 Jcgcn.com | 2 Jhr-n916r, Jhr-n916r Firmware | 2025-02-26 | N/A | 9.8 CRITICAL |
| Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483. | |||||
| CVE-2024-47051 | 2025-02-26 | N/A | 9.1 CRITICAL | ||
| This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. | |||||