Total
3853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2943 | 1 Open-emr | 1 Openemr | 2024-08-02 | 8.8 High |
| Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | ||||
| CVE-2023-2859 | 1 Teampass | 1 Teampass | 2024-08-02 | 8.8 High |
| Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-2583 | 1 Jsreport | 1 Jsreport | 2024-08-02 | 10.0 Critical |
| Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | ||||
| CVE-2023-2359 | 1 Themepunch | 1 Slider Revolution | 2024-08-02 | 8.8 High |
| The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. | ||||
| CVE-2023-2259 | 1 Alf | 1 Alf | 2024-08-02 | 7.2 High |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | ||||
| CVE-2023-2056 | 1 Dedecms | 1 Dedecms | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability. | ||||
| CVE-2023-2017 | 1 Shopware | 1 Shopware | 2024-08-02 | 8.8 High |
| Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731. | ||||
| CVE-2023-1947 | 1 Taogogo | 1 Taocms | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1773 | 1 Rockoa | 1 Rockoa | 2024-08-02 | 6.3 Medium |
| A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1482 | 1 Hkcms Project | 1 Hkcms | 2024-08-02 | 4.7 Medium |
| A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability. | ||||
| CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2024-08-02 | 3.8 Low |
| Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-1304 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2024-08-02 | 8.8 High |
| An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | ||||
| CVE-2023-1283 | 1 Builder | 1 Qwik | 2024-08-02 | 10 Critical |
| Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | ||||
| CVE-2023-1306 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2024-08-02 | 8.8 High |
| An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | ||||
| CVE-2023-1287 | 1 3ds | 1 Enovia Live Collaboration | 2024-08-02 | 9 Critical |
| An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | ||||
| CVE-2023-1250 | 1 Otrs | 1 Otrs | 2024-08-02 | 7.4 High |
| Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-1178 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 5.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. | ||||
| CVE-2023-1097 | 1 Baicells | 2 Eg7035-m11, Eg7035-m11 Firmware | 2024-08-02 | 9.3 Critical |
| Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | ||||
| CVE-2023-1005 | 1 Markdown-electron Project | 1 Markdown-electron | 2024-08-02 | 5.3 Medium |
| A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-08-02 | 7.8 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | ||||