Total
3854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28397 | 2024-08-02 | 5.3 Medium | ||
| An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. | ||||
| CVE-2024-28424 | 2024-08-02 | 8.8 High | ||
| zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-28386 | 2024-08-02 | 9.8 Critical | ||
| An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. | ||||
| CVE-2024-28116 | 1 Getgrav | 1 Grav | 2024-08-02 | 8.8 High |
| Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. | ||||
| CVE-2024-28118 | 2024-08-02 | 8.8 High | ||
| Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue. | ||||
| CVE-2024-27857 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 7.8 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-27476 | 1 Leantime | 1 Leantime | 2024-08-02 | 4.7 Medium |
| Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. | ||||
| CVE-2024-26483 | 2024-08-02 | 8.8 High | ||
| An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2024-26362 | 1 Enpass | 1 Desktop Application | 2024-08-02 | 8.8 High |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | ||||
| CVE-2024-25600 | 2024-08-01 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | ||||
| CVE-2024-25376 | 2024-08-01 | 7.8 High | ||
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | ||||
| CVE-2024-25350 | 2024-08-01 | 9.8 Critical | ||
| SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. | ||||
| CVE-2024-25301 | 1 Redaxo | 1 Redaxo | 2024-08-01 | 7.2 High |
| Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | ||||
| CVE-2024-25291 | 2024-08-01 | 9.8 Critical | ||
| Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. | ||||
| CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-08-01 | 7.8 High |
| Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2024-25096 | 2024-08-01 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | ||||
| CVE-2024-24707 | 2024-08-01 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | ||||
| CVE-2024-24520 | 2024-08-01 | 7.8 High | ||
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | ||||
| CVE-2024-24294 | 2024-08-01 | 9.8 Critical | ||
| A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. | ||||
| CVE-2024-23750 | 1 Deepwisdom | 1 Metagpt | 2024-08-01 | 8.8 High |
| MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | ||||