Total
3602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31819 | 2024-08-28 | N/A | 9.8 CRITICAL | ||
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | |||||
| CVE-2024-30565 | 2024-08-28 | N/A | 8.8 HIGH | ||
| An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. | |||||
| CVE-2024-27705 | 2024-08-28 | N/A | 7.6 HIGH | ||
| Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. | |||||
| CVE-2024-40530 | 2024-08-28 | N/A | 9.8 CRITICAL | ||
| A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | |||||
| CVE-2024-29399 | 2024-08-28 | N/A | 7.6 HIGH | ||
| An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | |||||
| CVE-2023-43301 | 1 Linecorp | 1 Line | 2024-08-28 | N/A | 8.2 HIGH |
| An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-24333 | 2024-08-28 | N/A | 8.8 HIGH | ||
| A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi. | |||||
| CVE-2024-42845 | 2024-08-28 | N/A | 8.0 HIGH | ||
| An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. | |||||
| CVE-2024-21682 | 2024-08-28 | N/A | 7.2 HIGH | ||
| This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program. | |||||
| CVE-2023-51387 | 1 Apache | 1 Hertzbeat | 2024-08-28 | N/A | 8.8 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. | |||||
| CVE-2023-42890 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-08-28 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2024-24278 | 2024-08-27 | N/A | 7.5 HIGH | ||
| An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. | |||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-08-27 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | |||||
| CVE-2024-23727 | 2024-08-27 | N/A | 8.4 HIGH | ||
| The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | |||||
| CVE-2023-51015 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-08-27 | N/A | 9.8 CRITICAL |
| TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi | |||||
| CVE-2023-43481 | 1 Tcl | 1 Browser Tv Web - Browsehere | 2024-08-27 | N/A | 9.8 CRITICAL |
| An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | |||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-08-27 | N/A | 5.3 MEDIUM |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
| CVE-2018-8938 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. | |||||
| CVE-2024-36268 | 1 Apache | 1 Inlong | 2024-08-27 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251 | |||||
| CVE-2024-42756 | 2024-08-27 | N/A | 8.8 HIGH | ||
| An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page | |||||