Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48978 | 1 Ncr | 1 Itm Web Terminal | 2025-07-09 | N/A | 9.8 CRITICAL |
| An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. | |||||
| CVE-2024-37743 | 1 Mmz-001 | 1 Knowledgegpt | 2025-07-09 | N/A | 9.8 CRITICAL |
| An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component. | |||||
| CVE-2024-39962 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-07-09 | N/A | 9.8 CRITICAL |
| D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. | |||||
| CVE-2025-45479 | 2025-07-08 | N/A | 9.8 CRITICAL | ||
| Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. | |||||
| CVE-2025-49302 | 2025-07-08 | N/A | 10.0 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. This issue affects Easy Stripe: from n/a through 1.1. | |||||
| CVE-2025-42967 | 2025-07-08 | N/A | 9.9 CRITICAL | ||
| SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2024-8581 | 1 Lollms | 1 Lollms Web Ui | 2025-07-08 | N/A | 9.1 CRITICAL |
| A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Traversal error. | |||||
| CVE-2024-56518 | 1 Hazelcast | 1 Management Center | 2025-07-07 | N/A | 9.8 CRITICAL |
| Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | |||||
| CVE-2024-35314 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-07-07 | N/A | 9.8 CRITICAL |
| A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2025-49029 | 2025-07-03 | N/A | 9.1 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0. | |||||
| CVE-2024-24421 | 1 Linuxfoundation | 1 Magma | 2025-07-03 | N/A | 9.8 CRITICAL |
| A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet. | |||||
| CVE-2024-36622 | 1 Raspap | 1 Raspap-webgui | 2025-07-02 | N/A | 9.8 CRITICAL |
| In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter. | |||||
| CVE-2025-32798 | 1 Anaconda | 1 Conda-build | 2025-07-02 | N/A | 9.8 CRITICAL |
| Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yaml files. This approach evaluates user-defined expressions without proper sanitization, which allows arbitrary code to be executed during the build process. As a result, the integrity of the build environment is compromised, and unauthorized commands or file operations may be performed. The vulnerability stems from the inherent risk of using eval() on untrusted input in a context intended to control dynamic build configurations. By directly interpreting selector expressions, conda-build creates a potential execution pathway for malicious code, violating security assumptions. This issue has been patched in version 25.4.0. | |||||
| CVE-2024-48359 | 1 Qualitor | 1 Qualitor | 2025-07-01 | N/A | 9.8 CRITICAL |
| Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. | |||||
| CVE-2024-24780 | 1 Apache | 1 Iotdb | 2025-07-01 | N/A | 9.8 CRITICAL |
| Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. | |||||
| CVE-2024-37770 | 1 B1ackc4t | 1 14finger | 2025-07-01 | N/A | 9.1 CRITICAL |
| 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | |||||
| CVE-2024-39236 | 1 Gradio Project | 1 Gradio | 2025-06-27 | N/A | 9.8 CRITICAL |
| Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself. | |||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | |||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | |||||
| CVE-2024-47208 | 1 Apache | 1 Ofbiz | 2025-06-24 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | |||||