Total
3602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46509 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-09-12 | N/A | 9.8 CRITICAL |
| An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | |||||
| CVE-2023-43352 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-12 | N/A | 7.8 HIGH |
| An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | |||||
| CVE-2023-46010 | 1 Seacms | 1 Seacms | 2024-09-11 | N/A | 9.8 CRITICAL |
| An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | |||||
| CVE-2024-7627 | 1 Bitapps | 1 File Manager | 2024-09-11 | N/A | 8.1 HIGH |
| The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. | |||||
| CVE-2024-41127 | 1 Monkeytype | 1 Monkeytype | 2024-09-11 | N/A | 9.6 CRITICAL |
| Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0. | |||||
| CVE-2024-6940 | 1 Dedecms | 1 Dedecms | 2024-09-10 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271995. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-44410 | 1 Dlink | 2 Di-8300, Di-8300 Firmware | 2024-09-10 | N/A | 9.8 CRITICAL |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | |||||
| CVE-2024-44411 | 2024-09-10 | N/A | 9.8 CRITICAL | ||
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | |||||
| CVE-2024-29014 | 1 Sonicwall | 1 Netextender | 2024-09-10 | N/A | 8.8 HIGH |
| Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | |||||
| CVE-2024-29178 | 1 Apache | 1 Streampark | 2024-09-10 | N/A | 8.8 HIGH |
| On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 | |||||
| CVE-2024-44724 | 2024-09-10 | N/A | 7.2 HIGH | ||
| AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value. | |||||
| CVE-2023-49001 | 1 Indibrowser | 1 Indi Browser | 2024-09-09 | N/A | 9.8 CRITICAL |
| An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | |||||
| CVE-2020-36767 | 2 Linux, Vareille | 2 Linux Kernel, Tinyfiledialogs | 2024-09-09 | N/A | 7.5 HIGH |
| tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. | |||||
| CVE-2023-39333 | 2024-09-09 | N/A | 5.3 MEDIUM | ||
| Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | |||||
| CVE-2024-39714 | 2024-09-09 | N/A | 9.9 CRITICAL | ||
| A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. | |||||
| CVE-2024-38651 | 2024-09-09 | N/A | 8.5 HIGH | ||
| A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. | |||||
| CVE-2024-39715 | 2024-09-09 | N/A | 8.5 HIGH | ||
| A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | |||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-09-09 | N/A | 7.8 HIGH |
| NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | |||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2024-09-09 | N/A | 7.8 HIGH |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | |||||
| CVE-2021-33635 | 1 Openeuler | 1 Isula | 2024-09-09 | N/A | 7.8 HIGH |
| When malicious images are pulled by isula pull, attackers can execute arbitrary code. | |||||