Total
3602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31315 | 2024-08-27 | N/A | 7.5 HIGH | ||
| Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. | |||||
| CVE-2024-27756 | 2024-08-27 | N/A | 8.8 HIGH | ||
| GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. | |||||
| CVE-2024-5466 | 2 Zoho, Zohocorp | 4 Manageengine Remote Monitoring And Management, Manageengine Opmanager, Manageengine Opmanager Msp and 1 more | 2024-08-27 | N/A | 8.8 HIGH |
| Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | |||||
| CVE-2024-25180 | 2024-08-26 | N/A | 9.8 CRITICAL | ||
| An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | |||||
| CVE-2024-33225 | 2024-08-26 | N/A | 7.8 HIGH | ||
| An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | |||||
| CVE-2024-25089 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-08-26 | N/A | 9.8 CRITICAL |
| Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | |||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-08-26 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | |||||
| CVE-2024-24396 | 1 Stimulsoft | 1 Dashboard.js | 2024-08-26 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. | |||||
| CVE-2024-22514 | 1 Ispyconnect | 1 Agent Dvr | 2024-08-26 | N/A | 8.8 HIGH |
| An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | |||||
| CVE-2023-49109 | 2024-08-26 | N/A | 9.8 CRITICAL | ||
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | |||||
| CVE-2024-43404 | 1 Megacord | 1 Megabot | 2024-08-26 | N/A | 9.8 CRITICAL |
| MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0. | |||||
| CVE-2024-42599 | 2024-08-26 | N/A | 8.8 HIGH | ||
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | |||||
| CVE-2022-45177 | 1 Liveboxcloud | 1 Vdesk | 2024-08-26 | N/A | 7.5 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. | |||||
| CVE-2024-37084 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-08-26 | N/A | 8.8 HIGH |
| In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | |||||
| CVE-2024-7656 | 2024-08-26 | N/A | 8.8 HIGH | ||
| The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2024-31380 | 2024-08-26 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. | |||||
| CVE-2024-40453 | 1 Squirrelly | 1 Squirrelly | 2024-08-23 | N/A | 9.8 CRITICAL |
| squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. | |||||
| CVE-2024-41304 | 2024-08-23 | N/A | 5.4 MEDIUM | ||
| An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2024-7559 | 2024-08-23 | N/A | 8.8 HIGH | ||
| The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-41623 | 1 D3dsecurity | 2 D8801, D8801 Firmware | 2024-08-23 | N/A | 9.8 CRITICAL |
| An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload | |||||