Total
3676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46980 | 1 Mayurik | 1 Best Courier Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | |||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | |||||
| CVE-2023-46947 | 1 Intelliants | 1 Subrion | 2024-11-21 | N/A | 8.8 HIGH |
| Subrion 4.2.1 has a remote command execution vulnerability in the backend. | |||||
| CVE-2023-46865 | 1 Craterapp | 1 Crater | 2024-11-21 | N/A | 7.2 HIGH |
| /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | |||||
| CVE-2023-46845 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A | 7.2 HIGH |
| EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege. | |||||
| CVE-2023-46818 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | N/A | 7.2 HIGH |
| An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. | |||||
| CVE-2023-46816 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this. | |||||
| CVE-2023-46731 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 10.0 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins). | |||||
| CVE-2023-46623 | 1 Wpvnteam | 1 Wp Extra | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. | |||||
| CVE-2023-46509 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | |||||
| CVE-2023-46480 | 1 Owncast Project | 1 Owncast | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. | |||||
| CVE-2023-46404 | 1 Utoronto | 1 Pcrs | 2024-11-21 | N/A | 9.9 CRITICAL |
| PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | |||||
| CVE-2023-46055 | 1 Thingnario | 1 Photon | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. | |||||
| CVE-2023-46042 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). | |||||
| CVE-2023-46010 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | |||||
| CVE-2023-45849 | 1 Perforce | 1 Helix Core | 2024-11-21 | N/A | 9.0 CRITICAL |
| An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | |||||
| CVE-2023-45751 | 1 Posimyth | 1 Nexter Extension | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. | |||||
| CVE-2023-45735 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | |||||
| CVE-2023-45673 | 2024-11-21 | N/A | 8.9 HIGH | ||
| Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-45590 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website | |||||