Total
3704 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-43481 | 1 Tcl | 1 Browser Tv Web - Browsehere | 2024-08-27 | 9.8 Critical |
An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | ||||
CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-08-27 | 5.3 Medium |
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | ||||
CVE-2024-29944 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2024-08-27 | 8.4 High |
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. | ||||
CVE-2018-8938 | 1 Progress | 1 Whatsup Gold | 2024-08-27 | N/A |
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. | ||||
CVE-2024-36268 | 1 Apache | 1 Inlong | 2024-08-27 | 9.8 Critical |
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251 | ||||
CVE-2024-42756 | 1 Netgear | 1 Dgn1000 Firmware | 2024-08-27 | 8.8 High |
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page | ||||
CVE-2024-27756 | 2024-08-27 | 8.8 High | ||
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. | ||||
CVE-2024-5466 | 2 Zoho, Zohocorp | 5 Manageengine Remote Monitoring And Management, Manageengine Opmanager, Manageengine Opmanager Msp and 2 more | 2024-08-27 | 8.8 High |
Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. | ||||
CVE-2024-22116 | 1 Zabbix | 1 Zabbix | 2024-08-27 | 9.9 Critical |
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. | ||||
CVE-2024-25180 | 2024-08-26 | 9.8 Critical | ||
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | ||||
CVE-2024-33225 | 2024-08-26 | 7.8 High | ||
An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
CVE-2024-25089 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-08-26 | 9.8 Critical |
Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | ||||
CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-08-26 | 8.8 High |
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | ||||
CVE-2024-24396 | 1 Stimulsoft | 1 Dashboard.js | 2024-08-26 | 6.1 Medium |
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. | ||||
CVE-2024-25202 | 2024-08-26 | 6.1 Medium | ||
Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. | ||||
CVE-2024-22514 | 1 Ispyconnect | 1 Agent Dvr | 2024-08-26 | 8.8 High |
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | ||||
CVE-2023-49109 | 2024-08-26 | 9.8 Critical | ||
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | ||||
CVE-2024-43404 | 1 Megacord | 1 Megabot | 2024-08-26 | 9.8 Critical |
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0. | ||||
CVE-2024-42599 | 1 Seacms | 1 Seacms | 2024-08-26 | 8.8 High |
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
CVE-2022-45177 | 1 Liveboxcloud | 1 Vdesk | 2024-08-26 | 7.5 High |
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search={NAME]+{SURNAME] endpoint, and the /login endpoint. The web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |