Total
2084 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27972 | 1 Verygoodplugins | 1 Wp Fusion | 2024-08-02 | 9.9 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24. | ||||
| CVE-2024-26298 | 2024-08-02 | 7.2 High | ||
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26295 | 2024-08-02 | 7.2 High | ||
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26297 | 2024-08-02 | 7.2 High | ||
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26296 | 2024-08-02 | 7.2 High | ||
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26294 | 2024-08-02 | 7.2 High | ||
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2024-08-01 | 7.5 High |
| Outlook for Android Information Disclosure Vulnerability | ||||
| CVE-2024-25613 | 2024-08-01 | 7.2 High | ||
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2024-25611 | 2024-08-01 | 7.2 High | ||
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2024-25612 | 2024-08-01 | 7.2 High | ||
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2024-24551 | 2024-08-01 | N/A | ||
| A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | ||||
| CVE-2024-24550 | 1 Bludit | 1 Bludit | 2024-08-01 | N/A |
| A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | ||||
| CVE-2024-24321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-01 | 9.8 Critical |
| An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | ||||
| CVE-2024-23749 | 1 9bis | 1 Kitty | 2024-08-01 | 7.8 High |
| KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. | ||||
| CVE-2024-23624 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-08-01 | 9.6 Critical |
| A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | ||||
| CVE-2024-23625 | 1 Dlink | 2 Dap-1650, Dap-1650 Firmware | 2024-08-01 | 9.6 Critical |
| A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. | ||||
| CVE-2024-23627 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-08-01 | 9 Critical |
| A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. | ||||
| CVE-2024-23049 | 1 B3log | 1 Symphony | 2024-08-01 | 9.8 Critical |
| An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | ||||
| CVE-2024-22900 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2024-08-01 | 8.8 High |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | ||||
| CVE-2024-22545 | 1 Trendnet | 2 Tew-824dru, Tew-824dru Firmware | 2024-08-01 | 7.8 High |
| An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. | ||||