Total
3602 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43944 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-10-07 | 6.5 MEDIUM | 7.2 HIGH |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | |||||
| CVE-2021-39114 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-10-07 | 6.5 MEDIUM | 8.8 HIGH |
| Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |||||
| CVE-2024-44744 | 2024-10-04 | N/A | 5.7 MEDIUM | ||
| An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. | |||||
| CVE-2024-46080 | 2024-10-04 | N/A | 8.0 HIGH | ||
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | |||||
| CVE-2024-45186 | 2024-10-04 | N/A | 9.8 CRITICAL | ||
| FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. | |||||
| CVE-2022-36799 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-10-03 | N/A | 7.2 HIGH |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. | |||||
| CVE-2023-37424 | 2024-10-03 | N/A | 8.1 HIGH | ||
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-37427 | 2024-10-03 | N/A | 7.2 HIGH | ||
| A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-36542 | 1 Apache | 1 Nifi | 2024-10-03 | N/A | 8.8 HIGH |
| Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. | |||||
| CVE-2024-8481 | 1 Blogcoding | 1 Special Text Boxes | 2024-10-02 | N/A | 7.3 HIGH |
| The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2023-39059 | 1 Ansible-semaphore | 1 Ansible Semaphore | 2024-10-02 | N/A | 8.8 HIGH |
| An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. | |||||
| CVE-2024-46489 | 1 Ferrislucas | 1 Promptr | 2024-10-02 | N/A | 8.8 HIGH |
| A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | |||||
| CVE-2023-41005 | 1 Pagekit | 1 Pagekit | 2024-10-02 | N/A | 7.8 HIGH |
| An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php | |||||
| CVE-2024-6936 | 1 Formtools | 1 Form Tools | 2024-10-01 | 3.3 LOW | 4.9 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271991. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-22506 | 1 Atlassian | 2 Bamboo Data Center, Bamboo Server | 2024-10-01 | N/A | 8.8 HIGH |
| This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center. This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 9.2.3 and 9.3.1. See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html|https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Bamboo Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives|https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Penetration Testing program. | |||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-10-01 | N/A | 9.8 CRITICAL |
| Installer RCE on settings file write in MyBB before 1.8.22. | |||||
| CVE-2024-6596 | 1 Endress | 10 Echo Curve Viewer, Field Xpert Smt50, Field Xpert Smt50 Firmware and 7 more | 2024-10-01 | N/A | 9.8 CRITICAL |
| An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | |||||
| CVE-2024-45200 | 2024-09-30 | N/A | 6.3 MEDIUM | ||
| In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, | |||||
| CVE-2024-6983 | 2024-09-30 | N/A | 8.8 HIGH | ||
| mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system. | |||||
| CVE-2024-8258 | 2 Apple, Logitech | 2 Macos, Logi Options\+ | 2024-09-27 | N/A | 7.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. | |||||