Total
3487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37900 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 4.6 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. | |||||
| CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | N/A | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | |||||
| CVE-2024-45053 | 1 Ethyca | 1 Fides | 2024-09-06 | N/A | 7.2 HIGH |
| Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds. | |||||
| CVE-2023-46947 | 1 Intelliants | 1 Subrion | 2024-09-06 | N/A | 8.8 HIGH |
| Subrion 4.2.1 has a remote command execution vulnerability in the backend. | |||||
| CVE-2023-46980 | 1 Mayurik | 1 Best Courier Management System | 2024-09-06 | N/A | 9.8 CRITICAL |
| An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | |||||
| CVE-2023-46958 | 1 Lmxcms | 1 Lmxcms | 2024-09-06 | N/A | 9.8 CRITICAL |
| An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | |||||
| CVE-2023-46404 | 1 Utoronto | 1 Pcrs | 2024-09-06 | N/A | 9.9 CRITICAL |
| PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | |||||
| CVE-2024-45507 | 1 Apache | 1 Ofbiz | 2024-09-05 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | |||||
| CVE-2024-6946 | 1 Flute-cms | 1 Flute | 2024-09-05 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272068. | |||||
| CVE-2024-6947 | 1 Flute-cms | 1 Flute | 2024-09-05 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability. | |||||
| CVE-2024-7345 | 1 Progress | 1 Openedge | 2024-09-05 | N/A | 9.6 CRITICAL |
| Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | |||||
| CVE-2024-24091 | 1 Yealink | 1 Yealink Meeting Server | 2024-09-05 | N/A | 9.8 CRITICAL |
| Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | |||||
| CVE-2024-6923 | 2024-09-04 | N/A | 5.5 MEDIUM | ||
| There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. | |||||
| CVE-2023-7224 | 1 Openvpn | 1 Connect | 2024-09-04 | N/A | 7.8 HIGH |
| OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable | |||||
| CVE-2023-36177 | 1 Badaix | 1 Snapcast | 2024-09-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. | |||||
| CVE-2024-41364 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php | |||||
| CVE-2024-41366 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php | |||||
| CVE-2024-41367 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php | |||||
| CVE-2024-41368 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php | |||||
| CVE-2024-41361 | 1 Sourcefabric | 1 Phoniebox | 2024-09-04 | N/A | 9.8 CRITICAL |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php | |||||