Total
3853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6899 | 1 Rmountjoy92 | 1 Dashmachine | 2024-08-02 | 4.3 Medium |
| A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability. | ||||
| CVE-2023-6886 | 1 Wang.market | 1 Wangmarket | 2024-08-02 | 4.7 Medium |
| A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6851 | 1 Kodcloud | 1 Kodexplorer | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. | ||||
| CVE-2023-6691 | 1 Cambiumnetworks | 2 Epmp Force 300-25, Epmp Force 300-25 Firmware | 2024-08-02 | 7.8 High |
| Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | ||||
| CVE-2023-6548 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-08-02 | 5.5 Medium |
| Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | ||||
| CVE-2023-6540 | 1 Lenovo | 2 Browser Hd, Browser Mobile | 2024-08-02 | 6.5 Medium |
| A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. | ||||
| CVE-2023-6494 | 2024-08-02 | 4.4 Medium | ||
| The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2023-6288 | 2 Apple, Devolutions | 2 Macos, Remote Desktop Manager | 2024-08-02 | 7.8 High |
| Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. | ||||
| CVE-2023-6126 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 9.8 Critical |
| Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-6125 | 1 Salesagility | 1 Suitecrm | 2024-08-02 | 8.8 High |
| Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2023-6016 | 1 H2o | 1 H2o | 2024-08-02 | 9.8 Critical |
| An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | ||||
| CVE-2023-5762 | 1 Filr Project | 1 Filr | 2024-08-02 | 8.8 High |
| The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | ||||
| CVE-2023-5604 | 1 Asgaros | 1 Asgaros Forum | 2024-08-02 | 9.8 Critical |
| The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | ||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 4.7 Medium |
| A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | ||||
| CVE-2023-5500 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-08-02 | 8.8 High |
| This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. | ||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
| CVE-2023-3656 | 1 Cashit | 1 Cashit\! | 2024-08-02 | 9.8 Critical |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | ||||
| CVE-2023-3519 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-08-02 | 9.8 Critical |
| Unauthenticated remote code execution | ||||
| CVE-2023-3224 | 1 Nuxt | 1 Nuxt | 2024-08-02 | 9.8 Critical |
| Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | ||||
| CVE-2023-2928 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. | ||||