Total
4974 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39715 | 1 Veeam | 1 Service Provider Console | 2024-09-09 | N/A |
| A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | ||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | 9.8 Critical |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | ||||
| CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | ||||
| CVE-2024-45053 | 1 Ethyca | 1 Fides | 2024-09-06 | 9.1 Critical |
| Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. The vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no workarounds. | ||||
| CVE-2024-7345 | 1 Progress | 1 Openedge | 2024-09-05 | 8.3 High |
| Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | ||||
| CVE-2024-41364 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php | ||||
| CVE-2024-41366 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php | ||||
| CVE-2024-41367 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php | ||||
| CVE-2024-41368 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php | ||||
| CVE-2024-41361 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php | ||||
| CVE-2024-41369 | 1 Sourcefabric | 2 Phoniebox, Rpi-jukebox-rfid | 2024-09-04 | 9.8 Critical |
| RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | ||||
| CVE-2024-45623 | 1 D-link | 1 Dap-2310 Firmware | 2024-09-03 | 9.8 Critical |
| D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-37382 | 1 Abinitio | 2 Authorization Gateway, Metadata Hub | 2024-08-29 | 6.3 Medium |
| An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. | ||||
| CVE-2024-42845 | 1 Invesalius | 1 Invesalius | 2024-08-28 | 8 High |
| An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. | ||||
| CVE-2024-42756 | 1 Netgear | 1 Dgn1000 Firmware | 2024-08-27 | 8.8 High |
| An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page | ||||
| CVE-2024-43404 | 1 Megacord | 1 Megabot | 2024-08-26 | 9.8 Critical |
| MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval()`. The vulnerability allows an attacker to inject Python code into the `expression` parameter when using `/math` in any Discord channel. This vulnerability impacts any discord guild utilizing MEGABOT. This vulnerability was fixed in release version 1.5.0. | ||||
| CVE-2024-7656 | 1 Le Van Toan | 1 Image Hotspot By Devvn | 2024-08-26 | 8.8 High |
| The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-40453 | 1 Squirrelly | 1 Squirrelly | 2024-08-23 | 9.8 Critical |
| squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. | ||||
| CVE-2024-7559 | 1 Filemanagerpro | 1 File Manager Pro | 2024-08-23 | 8.8 High |
| The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2023-50810 | 1 Sonos | 1 Sonos Firmware | 2024-08-23 | 6 Medium |
| In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp. | ||||