Total
4109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31493 | 1 Zoneminder | 1 Zoneminder | 2024-10-16 | 6.6 Medium |
| RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system. | ||||
| CVE-2024-48744 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-10-16 | 6.1 Medium |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. | ||||
| CVE-2024-48279 | 1 Phpgurukul | 1 User Registration And Login And User Management System | 2024-10-16 | 7.6 High |
| A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. | ||||
| CVE-2024-49254 | 1 Sunjianle | 1 Ajax Extend | 2024-10-16 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. | ||||
| CVE-2024-48168 | 1 D-link | 1 Dcs 960l | 2024-10-15 | 9.8 Critical |
| A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. | ||||
| CVE-2024-8760 | 2024-10-15 | 5.3 Medium | ||
| The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. | ||||
| CVE-2024-9581 | 1 Happyplugins | 1 Shortcodes Anywhere | 2024-10-15 | 7.3 High |
| The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-9837 | 1 Numanrki | 1 Aadmy Add Auto Date Month Year Into Posts | 2024-10-15 | 7.3 High |
| The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-44414 | 1 Wayos | 1 Fbm 292w Firmware | 2024-10-15 | 8.8 High |
| A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. | ||||
| CVE-2024-45873 | 1 Vegabird | 1 Yaazhini | 2024-10-10 | 9.8 Critical |
| A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. | ||||
| CVE-2024-45874 | 1 Vegabird | 1 Vooki | 2024-10-10 | 9.8 Critical |
| A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. | ||||
| CVE-2024-46076 | 1 Ruoyi | 1 Ruoyi | 2024-10-10 | 9.8 Critical |
| RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. | ||||
| CVE-2024-41651 | 1 Prestashop | 1 Prestashop | 2024-10-09 | 9.8 Critical |
| An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server). | ||||
| CVE-2024-45933 | 1 Online News Portal Project | 1 Online News Portal | 2024-10-08 | 6.6 Medium |
| OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. | ||||
| CVE-2024-8254 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-10-08 | 5.4 Medium |
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | ||||
| CVE-2024-44744 | 1 Malwarebytes | 1 Premium Security | 2024-10-04 | 5.7 Medium |
| An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. | ||||
| CVE-2024-46080 | 1 Scriptcase | 1 Scriptcase | 2024-10-04 | 8 High |
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | ||||
| CVE-2024-45186 | 1 Filesender | 1 Filesender | 2024-10-04 | 9.8 Critical |
| FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. | ||||
| CVE-2024-46489 | 1 Ferrislucas | 1 Promptr | 2024-10-02 | 8.8 High |
| A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | ||||
| CVE-2024-6596 | 2 Endress, Endress\+hauser | 17 Echo Curve Viewer, Field Xpert Smt50, Field Xpert Smt50 Firmware and 14 more | 2024-10-01 | 9.8 Critical |
| An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | ||||