Total
4107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44410 | 2 D-link, Dlink | 3 Di-8300, Di-8300, Di-8300 Firmware | 2024-09-10 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | ||||
| CVE-2024-44411 | 1 D-link | 1 Di-8300 | 2024-09-10 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | ||||
| CVE-2024-44724 | 1 Autocms | 1 Autocms | 2024-09-10 | 7.2 High |
| AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value. | ||||
| CVE-2024-39714 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. | ||||
| CVE-2024-38651 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. | ||||
| CVE-2024-39715 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | ||||
| CVE-2024-8523 | 1 Lmxcms | 1 Lmxcms | 2024-09-09 | 4.7 Medium |
| A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | 9.8 Critical |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | ||||
| CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | ||||
| CVE-2024-45053 | 1 Ethyca | 1 Fides | 2024-09-06 | 9.1 Critical |
| Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds. | ||||
| CVE-2024-7345 | 1 Progress | 1 Openedge | 2024-09-05 | 8.3 High |
| Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | ||||
| CVE-2024-41364 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php | ||||
| CVE-2024-41366 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php | ||||
| CVE-2024-41367 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php | ||||
| CVE-2024-41368 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php | ||||
| CVE-2024-41361 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php | ||||
| CVE-2024-41369 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | ||||
| CVE-2024-42902 | 1 Limesurvey | 1 Limesurvey | 2024-09-03 | 8.8 High |
| An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function | ||||
| CVE-2024-45623 | 1 D-link | 1 Dap-2310 Firmware | 2024-09-03 | 9.8 Critical |
| D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-37382 | 1 Abinitio | 2 Authorization Gateway, Metadata Hub | 2024-08-29 | 6.3 Medium |
| An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. | ||||