Total
1022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49362 | 1 Joplin Project | 1 Joplin | 2025-05-07 | N/A | 7.7 HIGH |
| Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. | |||||
| CVE-2024-31003 | 1 Axiosys | 1 Bento4 | 2025-05-07 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | |||||
| CVE-2024-31005 | 1 Axiosys | 1 Bento4 | 2025-05-07 | N/A | 8.1 HIGH |
| An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment | |||||
| CVE-2024-53268 | 1 Joplin Project | 1 Joplin | 2025-05-07 | N/A | 7.2 HIGH |
| Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-51243 | 1 Eladmin | 1 Eladmin | 2025-05-06 | N/A | 7.2 HIGH |
| The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java. | |||||
| CVE-2024-0220 | 1 Br-automation | 2 Automation Studio, Technology Guarding | 2025-05-06 | N/A | 8.3 HIGH |
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | |||||
| CVE-2024-13808 | 1 Wpxpro | 1 Xpro Addons For Elementor | 2025-05-06 | N/A | 8.8 HIGH |
| The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | |||||
| CVE-2022-32924 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2025-05-06 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-50379 | 1 Apache | 1 Ambari | 2025-05-05 | N/A | 8.8 HIGH |
| Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. | |||||
| CVE-2024-13738 | 2025-05-05 | N/A | 7.3 HIGH | ||
| The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. *It is unclear exactly which version the issue was patched in from the changelog. Therefore, we used the latest version at the time of verification. | |||||
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | |||||
| CVE-2024-28424 | 1 Zenml | 1 Zenml | 2025-05-05 | N/A | 8.8 HIGH |
| zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2021-21480 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2025-05-05 | 9.0 HIGH | 8.8 HIGH |
| SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. | |||||
| CVE-2022-3418 | 1 Soflyy | 1 Wp All Import | 2025-05-01 | N/A | 7.2 HIGH |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | |||||
| CVE-2024-43425 | 1 Moodle | 1 Moodle | 2025-05-01 | N/A | 8.1 HIGH |
| A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. | |||||
| CVE-2024-24520 | 1 Lepton-cms | 1 Leptoncms | 2025-05-01 | N/A | 7.8 HIGH |
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | |||||
| CVE-2024-30202 | 1 Gnu | 2 Emacs, Org Mode | 2025-05-01 | N/A | 7.8 HIGH |
| In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | |||||
| CVE-2022-40127 | 1 Apache | 1 Airflow | 2025-04-30 | N/A | 8.8 HIGH |
| A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. | |||||
| CVE-2024-53920 | 1 Gnu | 1 Emacs | 2025-04-30 | N/A | 7.8 HIGH |
| In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) | |||||
| CVE-2024-52945 | 1 Veritas | 1 Netbackup | 2025-04-30 | N/A | 7.8 HIGH |
| An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. | |||||