Total
3704 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-41369 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | ||||
CVE-2023-47397 | 1 Webidsupport | 1 Webid | 2024-09-03 | 9.8 Critical |
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | ||||
CVE-2024-42902 | 1 Limesurvey | 1 Limesurvey | 2024-09-03 | 8.8 High |
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function | ||||
CVE-2024-4264 | 2024-09-03 | N/A | ||
A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`. | ||||
CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-09-03 | 4.7 Medium |
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | ||||
CVE-2024-35226 | 2024-09-03 | 7.3 High | ||
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability. | ||||
CVE-2023-45560 | 1 Memberscard Project | 1 Memberscard | 2024-09-03 | 7.5 High |
An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | ||||
CVE-2024-45623 | 1 D-link | 1 Dap-2310 Firmware | 2024-09-03 | 9.8 Critical |
D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2023-6131 | 1 Salesagility | 1 Suitecrm | 2024-08-30 | 8.8 High |
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
CVE-2023-48217 | 1 Statamic | 1 Statamic | 2024-08-30 | 8.8 High |
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the "Forms" feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-25298 | 1 Redaxo | 1 Redaxo | 2024-08-29 | 7.2 High |
An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | ||||
CVE-2024-24525 | 2024-08-29 | 9.8 Critical | ||
An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. | ||||
CVE-2024-21674 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-08-29 | 7.5 High |
This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). | ||||
CVE-2024-37934 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-29 | 5.4 Medium |
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | ||||
CVE-2023-47444 | 1 Opencart | 1 Opencart | 2024-08-29 | 8.8 High |
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | ||||
CVE-2024-37382 | 1 Abinitio | 2 Authorization Gateway, Metadata Hub | 2024-08-29 | 6.3 Medium |
An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. | ||||
CVE-2024-45346 | 1 Xiaomi | 1 Getapps Application | 2024-08-29 | 8.8 High |
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. | ||||
CVE-2024-28396 | 2024-08-28 | 7.5 High | ||
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. | ||||
CVE-2024-25713 | 2024-08-28 | 8.6 High | ||
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.) | ||||
CVE-2024-25415 | 2024-08-28 | 7.2 High | ||
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. |