Total
3704 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36788 | 1 Microsoft | 11 .net, .net Framework, Windows 10 1809 and 8 more | 2024-09-09 | 7.8 High |
| .NET Framework Remote Code Execution Vulnerability | ||||
| CVE-2023-39333 | 1 Redhat | 1 Enterprise Linux | 2024-09-09 | 5.3 Medium |
| Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | ||||
| CVE-2023-32095 | 1 Milandinic | 1 Rename Media Files | 2024-09-09 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | ||||
| CVE-2024-39714 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. | ||||
| CVE-2024-38651 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. | ||||
| CVE-2024-39715 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | ||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-09-09 | 7 High |
| NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | ||||
| CVE-2023-46816 | 1 Sugarcrm | 1 Sugarcrm | 2024-09-09 | 8.8 High |
| An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this. | ||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2024-09-09 | 8.4 High |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | ||||
| CVE-2021-33635 | 1 Openeuler | 1 Isula | 2024-09-09 | 9.8 Critical |
| When malicious images are pulled by isula pull, attackers can execute arbitrary code. | ||||
| CVE-2024-8523 | 1 Lmxcms | 1 Lmxcms | 2024-09-09 | 4.7 Medium |
| A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6923 | 1 Redhat | 1 Enterprise Linux | 2024-09-07 | 5.5 Medium |
| There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. | ||||
| CVE-2024-4883 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | 9.8 Critical |
| In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | ||||
| CVE-2024-4884 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | 9.8 Critical |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | ||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | 9.8 Critical |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | ||||
| CVE-2024-37900 | 1 Xwiki | 1 Xwiki | 2024-09-06 | 6.4 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. | ||||
| CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | ||||
| CVE-2023-44141 | 1 Inkdrop | 1 Inkdrop | 2024-09-06 | 7.8 High |
| Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. | ||||
| CVE-2024-45053 | 1 Ethyca | 1 Fides | 2024-09-06 | 9.1 Critical |
| Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds. | ||||
| CVE-2023-46947 | 1 Intelliants | 1 Subrion | 2024-09-06 | 8.8 High |
| Subrion 4.2.1 has a remote command execution vulnerability in the backend. | ||||