Total
3592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39209 | 2024-08-01 | N/A | 6.3 MEDIUM | ||
| luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. | |||||
| CVE-2024-39165 | 2024-08-01 | N/A | 6.8 MEDIUM | ||
| QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product. | |||||
| CVE-2024-39002 | 2024-08-01 | N/A | 6.3 MEDIUM | ||
| rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38944 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. | |||||
| CVE-2024-37405 | 2024-08-01 | N/A | 6.5 MEDIUM | ||
| Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory. | |||||
| CVE-2024-36581 | 2024-08-01 | N/A | 7.6 HIGH | ||
| A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. | |||||
| CVE-2024-36531 | 2024-08-01 | N/A | 5.7 MEDIUM | ||
| nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. | |||||
| CVE-2024-36456 | 2024-08-01 | N/A | N/A | ||
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | |||||
| CVE-2024-31864 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
| CVE-2024-31822 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. | |||||
| CVE-2024-31621 | 2024-08-01 | N/A | 7.6 HIGH | ||
| An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | |||||
| CVE-2024-31396 | 2024-08-01 | N/A | 6.6 MEDIUM | ||
| Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server. | |||||
| CVE-2024-31022 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | |||||
| CVE-2024-31013 | 2024-08-01 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. | |||||
| CVE-2024-31003 | 2024-08-01 | N/A | N/A | ||
| Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | |||||
| CVE-2024-30868 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | |||||
| CVE-2024-30858 | 2024-08-01 | N/A | 9.8 CRITICAL | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | |||||
| CVE-2024-30567 | 2024-08-01 | N/A | 6.3 MEDIUM | ||
| An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. | |||||
| CVE-2024-29513 | 2024-08-01 | N/A | 7.8 HIGH | ||
| An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. | |||||
| CVE-2024-28424 | 2024-08-01 | N/A | 8.8 HIGH | ||
| zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | |||||