Total
5269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11600 | 1 Visualmodo | 1 Borderless | 2025-01-31 | 7.2 High |
| The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'write_config' function. This is due to a lack of sanitization on an imported JSON file. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | ||||
| CVE-2023-30349 | 1 Jflyfox | 1 Jfinal Cms | 2025-01-31 | 9.8 Critical |
| JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | ||||
| CVE-2022-24664 | 1 Php Everywhere Project | 1 Php Everywhere | 2025-01-31 | 9.9 Critical |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | ||||
| CVE-2022-24663 | 1 Php Everywhere Project | 1 Php Everywhere | 2025-01-31 | 9.9 Critical |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | ||||
| CVE-2022-24665 | 1 Php Everywhere Project | 1 Php Everywhere | 2025-01-31 | 9.9 Critical |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | ||||
| CVE-2024-53561 | 2025-01-31 | 8.7 High | ||
| A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2023-26782 | 1 Chshcms | 1 Mccms | 2025-01-31 | 6.5 Medium |
| An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | ||||
| CVE-2023-29861 | 1 Flir | 2 Dvtel Camera, Dvtel Camera Firmware | 2025-01-31 | 9.8 Critical |
| An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | ||||
| CVE-2023-26546 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | 8.8 High |
| European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | ||||
| CVE-2023-6743 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-01-30 | 8.8 High |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. | ||||
| CVE-2023-39469 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | 7.2 High |
| PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013. | ||||
| CVE-2023-29963 | 1 S-cms | 1 S-cms | 2025-01-29 | 7.2 High |
| S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | ||||
| CVE-2024-10261 | 1 Cozmoslabs | 2 Membership \& Content Restriction - Paid Member Subscriptions, Paid Member Subscriptions | 2025-01-29 | 7.3 High |
| The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2023-31414 | 1 Elastic | 1 Kibana | 2025-01-29 | 8.8 High |
| Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | ||||
| CVE-2023-31415 | 1 Elastic | 1 Kibana | 2025-01-29 | 9.9 Critical |
| Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | ||||
| CVE-2025-24482 | 2025-01-28 | N/A | ||
| A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions. | ||||
| CVE-2023-2583 | 1 Jsreport | 1 Jsreport | 2025-01-28 | 10.0 Critical |
| Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | ||||
| CVE-2020-10370 | 2025-01-27 | 8.8 High | ||
| Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack. | ||||
| CVE-2022-47129 | 1 Phpok | 1 Phpok | 2025-01-27 | 9.8 Critical |
| PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2025-01-27 | 9.1 Critical |
| Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | ||||