Total
6227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2583 | 1 Jsreport | 1 Jsreport | 2025-01-28 | 10.0 Critical |
| Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | ||||
| CVE-2022-47129 | 1 Phpok | 1 Phpok | 2025-01-27 | 9.8 Critical |
| PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2025-01-27 | 9.1 Critical |
| Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | ||||
| CVE-2023-29400 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2025-01-24 | 7.3 High |
| Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | ||||
| CVE-2023-24539 | 2 Golang, Redhat | 22 Go, Acm, Advanced Cluster Security and 19 more | 2025-01-24 | 7.3 High |
| Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | ||||
| CVE-2023-30130 | 1 Craftcms | 1 Craft Cms | 2025-01-24 | 8.8 High |
| An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | ||||
| CVE-2023-29862 | 1 Agasio Camera Project | 2 Agasio Camera, Agasio Camera Firmware | 2025-01-23 | 9.8 Critical |
| An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | ||||
| CVE-2024-10761 | 1 Umbraco | 1 Umbraco Cms | 2025-01-22 | 4.3 Medium |
| A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-31984 | 1 Xwiki | 1 Xwiki | 2025-01-21 | 10 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page. | ||||
| CVE-2023-25953 | 1 Worksmobile | 1 Drive Explorer | 2025-01-17 | 9 Critical |
| Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | ||||
| CVE-2023-45590 | 1 Fortinet | 1 Forticlient | 2025-01-17 | 9.4 Critical |
| An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | ||||
| CVE-2023-23551 | 1 Controlbyweb | 2 X-600m, X-600m Firmware | 2025-01-16 | 9.1 Critical |
| Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2025-01-16 | 7.8 High |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | ||||
| CVE-2024-4202 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 7.7 High |
| In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | ||||
| CVE-2023-30145 | 1 Tuzitio | 1 Camaleon Cms | 2025-01-16 | 9.8 Critical |
| Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | ||||
| CVE-2024-21541 | 2 Dom-iterator, Matthewmueller | 2 Dom-iterator, Dom-iterator | 2025-01-16 | 7.3 High |
| Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval. | ||||
| CVE-2023-33440 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | 7.2 High |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | ||||
| CVE-2023-2943 | 1 Open-emr | 1 Openemr | 2025-01-14 | 8.8 High |
| Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | ||||
| CVE-2024-56448 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | 6.7 Medium |
| Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-2928 | 1 Dedecms | 1 Dedecms | 2025-01-13 | 6.3 Medium |
| A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. | ||||