Total
3848 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0792 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-08-02 | 6.5 Medium |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2024-08-02 | 8.8 High |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2024-08-02 | 7.8 High |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | ||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-08-02 | 7.2 High |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | ||||
| CVE-2024-39236 | 1 Gradio Project | 1 Gradio | 2024-08-02 | 9.8 Critical |
| Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself. | ||||
| CVE-2023-0297 | 1 Pyload | 1 Pyload | 2024-08-02 | 9.8 Critical |
| Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | ||||
| CVE-2023-0089 | 1 Proofpoint | 1 Enterprise Protection | 2024-08-02 | 8.8 High |
| The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | ||||
| CVE-2023-0090 | 1 Proofpoint | 1 Enterprise Protection | 2024-08-02 | 9.8 Critical |
| The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. | ||||
| CVE-2023-0048 | 1 Daloradius | 1 Daloradius | 2024-08-02 | 8.8 High |
| Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2023-0022 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-02 | 9.9 Critical |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2024-40735 | 1 Netbox | 1 Netbox | 2024-08-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. | ||||
| CVE-2024-40726 | 1 Netbox | 1 Netbox | 2024-08-02 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. | ||||
| CVE-2024-39932 | 2024-08-02 | 9.9 Critical | ||
| Gogs through 0.13.0 allows argument injection during the previewing of changes. | ||||
| CVE-2024-40546 | 1 Publiccms | 1 Publiccms | 2024-08-02 | 8.8 High |
| An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-40420 | 1 Opencart | 1 Opencart | 2024-08-02 | 8 High |
| A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload. | ||||
| CVE-2024-40522 | 1 Seacms | 1 Seacms | 2024-08-02 | 8.8 High |
| There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. | ||||
| CVE-2024-39962 | 1 Dlink | 1 Dir 823x Ax3000 Dual Band Gigabit Wirless Router | 2024-08-02 | 9.8 Critical |
| D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. | ||||
| CVE-2024-39915 | 2024-08-02 | 10 Critical | ||
| Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when generating a PDF report. An authorized attacker with access to the reporting functionality could inject arbitrary commands that would be executed when the script /script/html2pdf.sh is called. The vulnerability can be exploited by an authorized user with network access. This issue has been addressed in version 3.16. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39864 | 1 Apache | 1 Cloudstack | 2024-08-02 | 9.8 Critical |
| The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue. | ||||
| CVE-2024-39844 | 2024-08-02 | 9.8 Critical | ||
| In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. | ||||