Search Results (14098 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31005 1 Axiosys 1 Bento4 2025-05-07 8.1 High
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment
CVE-2024-53268 2 Joplin Project, Laurent 22 2 Joplin, Joplin 2025-05-07 7.3 High
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-48581 2 Mayurik, Php 2 Best Courier Management System, Best Courier Management System 2025-05-06 9.8 Critical
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.
CVE-2024-51243 1 Eladmin 1 Eladmin 2025-05-06 7.2 High
The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all application deployment servers of this management system via DeployController.java.
CVE-2022-40296 1 Phppointofsale 1 Php Point Of Sale 2025-05-06 9.8 Critical
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
CVE-2022-32867 1 Apple 2 Iphone Os, Macos 2025-05-06 2.4 Low
This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. A user with physical access to an iOS device may be able to read past diagnostic logs.
CVE-2024-0220 1 Br-automation 2 Automation Studio, Technology Guarding 2025-05-06 8.3 High
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
CVE-2022-32924 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-06 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Big Sur 11.7, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-50379 1 Apache 1 Ambari 2025-05-05 8.8 High
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.
CVE-2022-3869 1 Froxlor 1 Froxlor 2025-05-05 6.1 Medium
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CVE-2020-20124 1 Wuzhicms 1 Wuzhicms 2025-05-05 8.8 High
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.
CVE-2024-28424 1 Zenml 1 Zenml 2025-05-05 8.8 High
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-30849 2 Donbermoy, Sourcecodester 2 Complete E-commerce Site, Complete Ecommerce Site 2025-05-05 9.8 Critical
Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php.
CVE-2022-32208 7 Apple, Debian, Fedoraproject and 4 more 21 Macos, Debian Linux, Fedora and 18 more 2025-05-05 5.9 Medium
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
CVE-2021-33061 1 Intel 6 82599eb, 82599eb Firmware, 82599en and 3 more 2025-05-05 5.5 Medium
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
CVE-2021-21480 1 Sap 1 Manufacturing Integration And Intelligence 2025-05-05 8.8 High
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application.
CVE-2023-36661 2 Debian, Shibboleth 2 Debian Linux, Xmltooling 2025-05-05 7.5 High
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
CVE-2022-36879 4 Debian, Linux, Netapp and 1 more 46 Debian Linux, Linux Kernel, A700s and 43 more 2025-05-05 5.5 Medium
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
CVE-2023-41503 2 Code-projects, Php 2 Student Enrollment, Student Enrollment 2025-05-05 9.8 Critical
Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function.
CVE-2021-38314 1 Redux 1 Gutenberg Template Library \& Redux Framework 2025-05-05 5.3 Medium
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.