CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 11/11 • 1287 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-04-01
High

CVE-2024-23117

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Au…

CVSS: 7.2 CWE: CWE-89
Read more
High

CVE-2024-23116

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authenticatio…

CVSS: 7.2 CWE: CWE-89
Read more
High

CVE-2024-23115

Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is…

CVSS: 7.2 CWE: CWE-89
Read more
Critical

CVE-2024-1863

Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server…

CVSS: 9.8 CWE: CWE-89
Read more
High

CVE-2024-1179

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected i…

CVSS: 8.8 CWE: CWE-121
Read more
High

CVE-2024-0637

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication…

CVSS: 8.8 CWE: CWE-89
Read more
2024-03-30
High

CVE-2024-1522

A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execu…

CVSS: 8.8 CWE: CWE-352
Read more
2024-03-19
High

CVE-2024-2612

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Fi…

CVSS: 8.1 CWE: CWE-416
Read more
2024-03-18
High

CVE-2024-23138

A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitiv…

CVSS: 7.8 CWE: CWE-121
Read more
2024-03-06
High

CVE-2024-20338

A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerabilit…

CVSS: 7.3 CWE: CWE-427
Read more
Medium

CVE-2024-20336

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against…

CVSS: 6.5 CWE: CWE-121
Read more
Medium

CVE-2024-20335

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks…

CVSS: 6.5 CWE: CWE-78
Read more
2024-02-28
High

CVE-2024-21886

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwar…

CVSS: 7.8 CWE: CWE-122
Read more
High

CVE-2024-21885

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct.…

CVSS: 7.8 CWE: CWE-122
Read more
2024-02-26
Critical

CVE-2024-27444

langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __buil…

CVSS: 9.8 CWE: CWE-749
Read more
2024-02-20
Critical

CVE-2024-23809

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to…

CVSS: 9.8 CWE: CWE-415
Read more
Critical

CVE-2024-23606

An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbit…

CVSS: 9.8 CWE: CWE-131
Read more
Critical

CVE-2024-23313

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-…

CVSS: 9.8 CWE: CWE-191
Read more
Critical

CVE-2024-23310

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary c…

CVSS: 9.8 CWE: CWE-825
Read more
Critical

CVE-2024-23305

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead…

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2024-22097

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbit…

CVSS: 9.8 CWE: CWE-415
Read more
Critical

CVE-2024-21812

An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-o…

CVSS: 9.8 CWE: CWE-190
Read more
Critical

CVE-2024-21795

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbit…

CVSS: 9.8 CWE: CWE-122
Read more
2024-02-09
High

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to a…

CVSS: 7.8 CWE: CWE-787
Read more
2024-02-02
Medium

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible f…

CVSS: 4.7 CWE: CWE-22
Read more
2024-01-27
Critical

CVE-2024-22862

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.

CVSS: 9.8 CWE: CWE-190
Read more
Critical

CVE-2024-22860

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.

CVSS: 9.8 CWE: CWE-190
Read more
2023-12-29
High

CVE-2020-17163

Visual Studio Code Python Extension Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A
Read more
2023-12-13
High

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege…

CVSS: 7.8 CWE: CWE-125
Read more
2023-12-07
High

CVE-2023-5058

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execu…

CVSS: 7.8 CWE: CWE-20
Read more
2023-11-16
High

CVE-2023-47470

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a de…

CVSS: 7.8 CWE: CWE-787
Read more
2023-10-26
High

CVE-2023-39427

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead…

CVSS: 7.8 CWE: CWE-787
Read more
2023-10-17
High

CVE-2023-45811

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution.…

CVSS: 8.1 CWE: CWE-1321
Read more
2023-06-20
High

CVE-2023-2533

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute a…

CVSS: 8.4 CWE: CWE-352
Read more
2023-05-15
High

CVE-2022-47390

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack w…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47389

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack w…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47388

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack w…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47387

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack wh…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47386

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack w…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack w…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47384

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack wh…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47383

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack w…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47382

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack wh…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47381

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-s…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47380

An authenticated remote attacker may use a stack based  out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-…

CVSS: 8.8 CWE: CWE-787
Read more
High

CVE-2022-47379

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service conditi…

CVSS: 8.8 CWE: CWE-787
Read more
2023-04-04
Critical

CVE-2020-19695

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

CVSS: 9.8 CWE: CWE-120
Read more
Critical

CVE-2020-19692

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

CVSS: 9.8 CWE: CWE-120
Read more
2023-02-22
Critical

CVE-2022-39983

File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code.

CVSS: 9.8 CWE: CWE-434
Read more
2022-11-21
High

CVE-2022-3388

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespec…

CVSS: 8.8 CWE: CWE-20
Read more
2022-05-23
High

CVE-2022-29376

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the direc…

CVSS: 8.8 CWE: CWE-276
Read more
2021-12-10
Critical

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker contro…

CVSS: 10.0 CWE: CWE-20
Read more
2021-09-08
High

CVE-2021-30663

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing malicious…

CVSS: 8.8 CWE: CWE-190
Read more
2021-09-07
Critical

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

CVSS: 9.8 CWE: CWE-706
Read more
2021-08-16
Critical

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface ex…

CVSS: 9.8 CWE: N/A
Read more
Critical

CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor…

CVSS: 9.8 CWE: CWE-787
Read more
2021-03-11
High

CVE-2021-27084

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A
Read more
2021-02-25
High

CVE-2021-26700

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A
Read more
2020-12-10
High

CVE-2020-17159

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVSS: 7.8 CWE: N/A
Read more
2020-09-16
Critical

CVE-2020-25412

com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.

CVSS: 9.8 CWE: CWE-787
Read more
High

CVE-2020-25559

gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.

CVSS: 7.8 CWE: CWE-415
Read more
2020-07-30
High

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

CVSS: 7.2 CWE: CWE-94
Read more
2020-02-19
High

CVE-2015-7747

Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly exec…

CVSS: 8.8 CWE: CWE-120
Read more
2019-01-16
Critical

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by…

CVSS: 9.8 CWE: CWE-502
Read more
2018-07-11
Critical

CVE-2018-8327

A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.

CVSS: 9.8 CWE: N/A
Read more
2018-05-22
High

CVE-2017-2617

hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where…

CVSS: 7.6 CWE: CWE-20
Read more
2018-04-11
Critical

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An…

CVSS: 9.8 CWE: CWE-94
Read more
2018-03-19
Critical

CVE-2018-7445

A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain…

CVSS: 9.8 CWE: CWE-119
Read more
2017-12-11
Critical

CVE-2017-15944

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interf…

CVSS: 9.8 CWE: CWE-20
Read more
2017-09-21
Medium

CVE-2017-12254

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. T…

CVSS: 6.1 CWE: CWE-79
Read more
2017-07-17
High

CVE-2017-6744

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6743

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6742

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulner…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6741

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulner…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6740

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6739

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulner…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6738

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6737

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulner…

CVSS: 8.8 CWE: CWE-119
Read more
High

CVE-2017-6736

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code…

CVSS: 8.8 CWE: CWE-119
Read more
2016-10-28
Critical

CVE-2016-8598

Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.

CVSS: 9.8 CWE: CWE-119
Read more
Critical

CVE-2016-8597

Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code…

CVSS: 9.8 CWE: CWE-119
Read more
Critical

CVE-2016-8596

Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.

CVSS: 9.8 CWE: CWE-119
Read more
2015-01-10
Critical

CVE-2014-9190

Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not…

CVSS: 10.0 CWE: CWE-121
Read more
2014-12-27
Critical

CVE-2014-9188

Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t…

CVSS: 10.0 CWE: CWE-77
Read more
2013-09-18
High

CVE-2013-3893

Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript s…

CVSS: 8.8 CWE: CWE-399
Read more
2010-03-05
Critical

CVE-2010-0425

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request proces…

CVSS: 10.0 CWE: N/A
Read more
2007-02-03
High

CVE-2007-0671

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack v…

CVSS: 8.8 CWE: N/A
Read more