Total
3575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27986 | 1 Gnu | 1 Emacs | 2024-02-04 | N/A | 7.8 HIGH |
| emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. | |||||
| CVE-2023-0877 | 1 Froxlor | 1 Froxlor | 2024-02-04 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | |||||
| CVE-2022-43660 | 1 Sixapart | 1 Movable Type | 2024-02-04 | N/A | 7.2 HIGH |
| Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | |||||
| CVE-2021-39426 | 1 Seacms | 1 Seacms | 2024-02-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | |||||
| CVE-2023-23551 | 1 Controlbyweb | 2 X-600m, X-600m Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
| Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-36618 | 2024-02-04 | N/A | 9.8 CRITICAL | ||
| A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252. | |||||
| CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2024-02-04 | N/A | 3.8 LOW |
| Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-26107 | 1 Ebay | 1 Sketchsvg | 2024-02-04 | N/A | 7.8 HIGH |
| All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | |||||
| CVE-2022-46333 | 1 Proofpoint | 1 Enterprise Protection | 2024-02-04 | N/A | 7.2 HIGH |
| The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. | |||||
| CVE-2023-1287 | 1 3ds | 1 Enovia Live Collaboration | 2024-02-04 | N/A | 9.8 CRITICAL |
| An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | |||||
| CVE-2023-25717 | 1 Ruckuswireless | 61 E510, H320, H350 and 58 more | 2024-02-04 | N/A | 9.8 CRITICAL |
| Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | |||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2024-02-04 | N/A | 9.8 CRITICAL |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | |||||
| CVE-2022-25894 | 1 Uflo Project | 1 Uflo | 2024-02-04 | N/A | 9.8 CRITICAL |
| All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation. | |||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-02-04 | N/A | 9.8 CRITICAL |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | |||||
| CVE-2023-23477 | 2024-02-04 | N/A | 9.8 CRITICAL | ||
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | |||||
| CVE-2023-0788 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-04 | N/A | 9.8 CRITICAL |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2022-41223 | 1 Mitel | 1 Mivoice Connect | 2024-02-04 | N/A | 6.8 MEDIUM |
| The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | |||||
| CVE-2022-45132 | 1 Linaro | 1 Lava | 2024-02-04 | N/A | 9.8 CRITICAL |
| In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. | |||||
| CVE-2023-22889 | 1 Smartbear | 1 Zephyr Enterprise | 2024-02-04 | N/A | 9.8 CRITICAL |
| SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. | |||||
| CVE-2023-22855 | 1 Kardex | 1 Kardex Control Center | 2024-02-04 | N/A | 9.8 CRITICAL |
| Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. | |||||