Total
3853 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31822 | 2024-08-02 | 9.8 Critical | ||
| An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component. | ||||
| CVE-2024-31864 | 1 Apache | 1 Zeppelin | 2024-08-02 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | ||||
| CVE-2024-31621 | 2024-08-02 | 7.6 High | ||
| An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | ||||
| CVE-2024-31396 | 1 Appleple | 1 A-blog Cms | 2024-08-02 | 6.6 Medium |
| Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server. | ||||
| CVE-2024-31390 | 2024-08-02 | 9.9 Critical | ||
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | ||||
| CVE-2024-31266 | 1 Algolplus | 1 Advanced Order Export | 2024-08-02 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | ||||
| CVE-2024-31022 | 2024-08-02 | 9.8 Critical | ||
| An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | ||||
| CVE-2024-31013 | 2024-08-02 | 6.1 Medium | ||
| Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. | ||||
| CVE-2024-31003 | 2024-08-02 | N/A | ||
| Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | ||||
| CVE-2024-30858 | 2024-08-02 | 9.8 Critical | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | ||||
| CVE-2024-30878 | 2024-08-02 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | ||||
| CVE-2024-30868 | 2024-08-02 | 9.8 Critical | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | ||||
| CVE-2024-30567 | 2024-08-02 | 6.3 Medium | ||
| An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. | ||||
| CVE-2024-29513 | 2024-08-02 | 7.8 High | ||
| An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. | ||||
| CVE-2024-29500 | 2024-08-02 | 9.8 Critical | ||
| An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | ||||
| CVE-2024-29202 | 2024-08-02 | 10 Critical | ||
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | ||||
| CVE-2024-29201 | 2024-08-02 | 10 Critical | ||
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | ||||
| CVE-2024-28886 | 2024-08-02 | 8.4 High | ||
| OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed. | ||||
| CVE-2024-28699 | 2024-08-02 | 7.8 High | ||
| A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. | ||||
| CVE-2024-28397 | 2024-08-02 | 5.3 Medium | ||
| An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. | ||||