Total
3602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40487 | 2024-08-23 | N/A | 7.6 HIGH | ||
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. | |||||
| CVE-2023-50810 | 2024-08-23 | N/A | 6.0 MEDIUM | ||
| In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp. | |||||
| CVE-2022-21797 | 3 Debian, Fedoraproject, Joblib Project | 3 Debian Linux, Fedora, Joblib | 2024-08-23 | N/A | 9.8 CRITICAL |
| The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | |||||
| CVE-2024-31032 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | |||||
| CVE-2024-25502 | 2024-08-22 | N/A | 9.8 CRITICAL | ||
| Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | |||||
| CVE-2024-42598 | 2024-08-22 | N/A | 6.7 MEDIUM | ||
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | |||||
| CVE-2024-37287 | 1 Elastic | 1 Kibana | 2024-08-22 | N/A | 7.2 HIGH |
| A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution. | |||||
| CVE-2024-30568 | 2024-08-21 | N/A | 9.8 CRITICAL | ||
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. | |||||
| CVE-2024-30845 | 2024-08-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | |||||
| CVE-2024-37109 | 1 Wishlistmember | 1 Wishlist Member | 2024-08-21 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. | |||||
| CVE-2024-7899 | 1 Innocms | 1 Innocms | 2024-08-20 | 5.8 MEDIUM | 7.2 HIGH |
| A vulnerability, which was classified as critical, has been found in InnoCMS 0.3.1. This issue affects some unknown processing of the file /panel/pages/1/edit of the component Backend. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-38458 | 1 Xenforo | 1 Xenforo | 2024-08-20 | N/A | 8.8 HIGH |
| Xenforo before 2.2.16 allows code injection. | |||||
| CVE-2024-32350 | 2024-08-20 | N/A | 8.8 HIGH | ||
| TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary. | |||||
| CVE-2023-48643 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_plus.cfg configuration file. These are executed when a client sends an authorization request with a username that has pre-authorization directives configured. However, it is possible to inject additional commands into these checks because strings from TACACS+ packets are used as command-line arguments. If the installation lacks a a pre-shared secret (there is no pre-shared secret by default), then the injection can be triggered without authentication. (The attacker needs to know a username configured to use a pre-authorization command.) NOTE: this is related to CVE-2023-45239 but the issue is in the original Shrubbery product, not Meta's fork. | |||||
| CVE-2024-43202 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. | |||||
| CVE-2024-31011 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | |||||
| CVE-2024-29276 | 2024-08-20 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component. | |||||
| CVE-2023-33206 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2024-08-19 | N/A | 6.8 MEDIUM |
| Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. | |||||
| CVE-2024-37885 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-08-19 | N/A | 7.8 HIGH |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0. | |||||
| CVE-2024-42634 | 2024-08-19 | N/A | 9.8 CRITICAL | ||
| A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | |||||