Total
3487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29014 | 1 Sonicwall | 1 Netextender | 2024-09-10 | N/A | 8.8 HIGH |
| Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | |||||
| CVE-2024-29178 | 1 Apache | 1 Streampark | 2024-09-10 | N/A | 8.8 HIGH |
| On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 | |||||
| CVE-2024-6596 | 2024-09-10 | N/A | 9.8 CRITICAL | ||
| An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | |||||
| CVE-2024-8258 | 2024-09-10 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. | |||||
| CVE-2024-8268 | 2024-09-10 | N/A | 8.8 HIGH | ||
| The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords. | |||||
| CVE-2024-44724 | 2024-09-10 | N/A | 7.2 HIGH | ||
| AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value. | |||||
| CVE-2024-8478 | 2024-09-10 | N/A | 7.3 HIGH | ||
| The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2023-49001 | 1 Indibrowser | 1 Indi Browser | 2024-09-09 | N/A | 9.8 CRITICAL |
| An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | |||||
| CVE-2020-36767 | 2 Linux, Vareille | 2 Linux Kernel, Tinyfiledialogs | 2024-09-09 | N/A | 7.5 HIGH |
| tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. | |||||
| CVE-2023-39333 | 2024-09-09 | N/A | 5.3 MEDIUM | ||
| Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. | |||||
| CVE-2024-39714 | 2024-09-09 | N/A | 9.9 CRITICAL | ||
| A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. | |||||
| CVE-2024-38651 | 2024-09-09 | N/A | 8.5 HIGH | ||
| A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. | |||||
| CVE-2024-39715 | 2024-09-09 | N/A | 8.5 HIGH | ||
| A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | |||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-09-09 | N/A | 7.8 HIGH |
| NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | |||||
| CVE-2021-33636 | 1 Openeuler | 1 Isula | 2024-09-09 | N/A | 7.8 HIGH |
| When the isula load command is used to load malicious images, attackers can execute arbitrary code. | |||||
| CVE-2021-33635 | 1 Openeuler | 1 Isula | 2024-09-09 | N/A | 7.8 HIGH |
| When malicious images are pulled by isula pull, attackers can execute arbitrary code. | |||||
| CVE-2024-8523 | 2024-09-09 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4883 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | |||||
| CVE-2024-4884 | 1 Progress | 1 Whatsup Gold | 2024-09-06 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | |||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | N/A | 9.8 CRITICAL |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | |||||