Total
218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45798 | 1 Yettiesoft | 1 Vestcert | 2024-11-21 | 8.4 High |
| In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution. | ||||
| CVE-2023-33559 | 1 Ocomon Project | 1 Ocomon | 2024-11-21 | 8.8 High |
| A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | ||||
| CVE-2023-31170 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2024-11-21 | 5.9 Medium |
| An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | ||||
| CVE-2023-31168 | 1 Selinc | 1 Sel-5030 Acselerator Quickset | 2024-11-21 | 5.5 Medium |
| An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0. | ||||
| CVE-2023-2453 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 8.8 High |
| There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload. | ||||
| CVE-2023-0625 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 8 High |
| Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | ||||
| CVE-2022-37191 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 6.5 Medium |
| The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. | ||||
| CVE-2022-34121 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. | ||||
| CVE-2022-33317 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2024-11-21 | 7.8 High |
| Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior allows an unauthenticated attacker to execute an arbitrary malicious code by leading a user to load a monitoring screen file including malicious script codes. | ||||
| CVE-2022-30244 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-11-21 | 8.0 High |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | ||||
| CVE-2022-30243 | 1 Honeywell | 2 Alterton Visual Logic, Alterton Visual Logic Firmware | 2024-11-21 | 8.8 High |
| Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function. | ||||
| CVE-2022-29845 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 6.5 Medium |
| In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | ||||
| CVE-2022-25486 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.8 High |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | ||||
| CVE-2022-25485 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.8 High |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | ||||
| CVE-2022-24329 | 2 Jetbrains, Oracle | 3 Kotlin, Communications Cloud Native Core Binding Support Function, Communications Pricing Design Center | 2024-11-21 | 5.3 Medium |
| In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | ||||
| CVE-2022-24232 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2024-11-21 | 7.8 High |
| A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-22308 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 7.8 High |
| IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891. | ||||
| CVE-2021-42133 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.1 High |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. | ||||
| CVE-2021-41841 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 8.2 High |
| An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. | ||||
| CVE-2021-41569 | 1 Sas | 1 Sas\/intrnet | 2024-11-21 | 7.5 High |
| SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS. | ||||