Total
3856 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47840 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-08-02 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | ||||
| CVE-2023-47257 | 1 Connectwise | 2 Automate, Screenconnect | 2024-08-02 | 8.1 High |
| ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | ||||
| CVE-2024-41468 | 2 Tenda, Tendacn | 3 Fh1201, Fh1201, Fh1201 Firmware | 2024-08-02 | 9.8 Critical |
| Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand | ||||
| CVE-2023-46987 | 1 Seacms | 1 Seacms | 2024-08-02 | 8.8 High |
| SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | ||||
| CVE-2023-46865 | 1 Craterapp | 1 Crater | 2024-08-02 | 7.2 High |
| /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | ||||
| CVE-2023-46623 | 1 Wpvnteam | 1 Wp Extra | 2024-08-02 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. | ||||
| CVE-2023-46480 | 1 Owncast Project | 1 Owncast | 2024-08-02 | 9.8 Critical |
| An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. | ||||
| CVE-2024-25359 | 2024-08-02 | 6.6 Medium | ||
| An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. | ||||
| CVE-2023-45849 | 1 Perforce | 1 Helix Core | 2024-08-02 | 9 Critical |
| An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | ||||
| CVE-2023-45751 | 1 Posimyth | 1 Nexter Extension | 2024-08-02 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. | ||||
| CVE-2023-45673 | 1 Laurent 22 | 1 Joplin | 2024-08-02 | 8.9 High |
| Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45311 | 1 Fsevents Project | 1 Fsevents | 2024-08-02 | 9.8 Critical |
| fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary. | ||||
| CVE-2023-44857 | 1 Cobham | 1 Sailor Vsat Ku | 2024-08-02 | 8.1 High |
| An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | ||||
| CVE-2023-44853 | 1 Cobham | 1 Sailor 600 Vsat Ku | 2024-08-02 | 4.8 Medium |
| \An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_219C4 function in the acu_web file. | ||||
| CVE-2023-44382 | 1 Octobercms | 1 October | 2024-08-02 | 9.1 Critical |
| October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This issue has been patched in 3.4.15. | ||||
| CVE-2023-44381 | 1 Octobercms | 1 October | 2024-08-02 | 4.9 Medium |
| October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to `cms.safe_mode` being enabled can craft a special request to include PHP code in the CMS template. This issue has been patched in version 3.4.15. | ||||
| CVE-2023-43955 | 1 Fedirtsapana | 1 Tv Bro | 2024-08-02 | 9.8 Critical |
| The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. | ||||
| CVE-2023-43625 | 1 Siemens | 1 Simcenter Amesim | 2024-08-02 | 9.8 Critical |
| A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. | ||||
| CVE-2023-43449 | 1 Hummerrisk | 1 Hummerrisk | 2024-08-02 | 8.8 High |
| An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. | ||||
| CVE-2023-43115 | 3 Artifex, Fedoraproject, Redhat | 4 Ghostscript, Fedora, Enterprise Linux and 1 more | 2024-08-02 | 8.8 High |
| In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). | ||||