Total
3676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39681 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. | |||||
| CVE-2023-39660 | 1 Gabrieleventuri | 1 Pandasai | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. | |||||
| CVE-2023-39631 | 1 Langchain | 1 Langchain | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | |||||
| CVE-2023-39469 | 2024-11-21 | N/A | 7.2 HIGH | ||
| PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013. | |||||
| CVE-2023-39445 | 1 Elecom | 14 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | |||||
| CVE-2023-39333 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | |||||
| CVE-2023-39320 | 1 Golang | 1 Go | 2024-11-21 | N/A | 9.8 CRITICAL |
| The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. | |||||
| CVE-2023-39157 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | N/A | 9.0 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | |||||
| CVE-2023-39059 | 1 Ansible-semaphore | 1 Ansible Semaphore | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. | |||||
| CVE-2023-39023 | 1 University Compass Project | 1 University Compass | 2024-11-21 | N/A | 9.8 CRITICAL |
| university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39022 | 1 Oscore | 1 Oscore | 2024-11-21 | N/A | 9.8 CRITICAL |
| oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39021 | 1 Wix | 1 Wix Embedded Mysql | 2024-11-21 | N/A | 9.8 CRITICAL |
| wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39020 | 1 Stanford | 1 Stanford Parser | 2024-11-21 | N/A | 9.8 CRITICAL |
| stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39018 | 1 Bramp | 1 Ffmpeg-cli-wrapper | 2024-11-21 | N/A | 9.8 CRITICAL |
| FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file. | |||||
| CVE-2023-39017 | 1 Softwareag | 1 Quartz | 2024-11-21 | N/A | 9.8 CRITICAL |
| quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. | |||||
| CVE-2023-39016 | 1 Bbossgroups | 1 Bboss | 2024-11-21 | N/A | 9.8 CRITICAL |
| bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39015 | 1 Code4craft | 1 Webmagic | 2024-11-21 | N/A | 9.8 CRITICAL |
| webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | |||||
| CVE-2023-39013 | 1 Larsga | 1 Duke | 2024-11-21 | N/A | 9.8 CRITICAL |
| Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | |||||
| CVE-2023-39010 | 1 Boofcv | 1 Boofcv | 2024-11-21 | N/A | 9.8 CRITICAL |
| BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | |||||
| CVE-2023-38943 | 1 Shuize 0x727 Project | 1 Shuize 0x727 | 2024-11-21 | N/A | 8.8 HIGH |
| ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | |||||