Total
3833 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37855 | 1 Nepstech | 1 Ntpl-xpon1gfevn Firmware | 2024-08-02 | 8.4 High |
| An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. | ||||
| CVE-2024-37770 | 1 B1ackc4t | 1 14finger | 2024-08-02 | 9.1 Critical |
| 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | ||||
| CVE-2024-37405 | 1 Rocket.chat | 1 Rocket.chat | 2024-08-02 | N/A |
| Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory. | ||||
| CVE-2024-37228 | 1 Instawp | 1 Instawp Connect | 2024-08-02 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. | ||||
| CVE-2024-37124 | 2024-08-02 | 9.8 Critical | ||
| Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed. | ||||
| CVE-2024-37061 | 2024-08-02 | 8.8 High | ||
| Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. | ||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-08-02 | 9.8 Critical |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | ||||
| CVE-2024-36679 | 2024-08-02 | 10.0 Critical | ||
| In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file. | ||||
| CVE-2024-36456 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-08-02 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-36598 | 1 Projectworlds | 1 Life Insurance Management System | 2024-08-02 | 8.1 High |
| An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. | ||||
| CVE-2024-36575 | 1 Notabotai | 1 Getsetprop | 2024-08-02 | 9.8 Critical |
| A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. | ||||
| CVE-2024-36568 | 1 Sourcecodester | 1 Gas Agency Management System | 2024-08-02 | 9.8 Critical |
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | ||||
| CVE-2024-36581 | 1 Prototype Solution | 1 Abw Badger Database | 2024-08-02 | 7.6 High |
| A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. | ||||
| CVE-2024-36531 | 1 Nukeviet | 1 Nukeviet | 2024-08-02 | 5.7 Medium |
| nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. | ||||
| CVE-2024-36075 | 2024-08-02 | 6.5 Medium | ||
| The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint. | ||||
| CVE-2024-36120 | 1 Ben-sb | 1 Javascript Deobfuscator | 2024-08-02 | 8.2 High |
| javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature. | ||||
| CVE-2024-36074 | 2024-08-02 | 7.2 High | ||
| Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. | ||||
| CVE-2024-36078 | 2024-08-02 | 6.7 Medium | ||
| In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user). | ||||
| CVE-2024-35581 | 2024-08-02 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | ||||
| CVE-2024-34405 | 2024-08-02 | 9.1 Critical | ||
| Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. | ||||