CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 62/346 • 41401 CVEs.

Subscribe CVEs: RSS for “Remote Code Execution”  ·  RSS (High+Critical only)

About “Remote Code Execution”

A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41401 CVEs for this tag (all time). In the last 365 days, 4734 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-09-13
Critical

CVE-2024-44430

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/con…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2024-4550

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.

CVSS: 6.7 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-45105

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execu…

CVSS: 6.7 CWE: CWE-825 - Expired Pointer Dereference View on NVD
Medium

CVE-2024-3100

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

CVSS: 6.7 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-8242

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function i…

CVSS: 4.3 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-45109

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-45108

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-43760

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-43756

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Explo…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2024-41874

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-45112

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context…

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-43758

Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-41869

Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-41859

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-41857

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.…

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2024-39384

Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-39381

After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-39380

After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-34121

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-39377

Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-7129

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to rem…

CVSS: 7.2 CWE: N/A View on NVD
2024-09-12
Critical

CVE-2024-7961

A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execut…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-20430

A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Critical

CVE-2024-8696

A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.

CVSS: 9.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-8695

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.

CVSS: 9.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2020-24061

Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-45826

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user ca…

CVSS: 6.8 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
Critical

CVE-2024-45824

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Critical

CVE-2024-28991

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, r…

CVSS: 9.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45848

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPD…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45846

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-27321

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a use…

CVSS: 7.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-27320

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user cr…

CVSS: 7.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-34785

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-34783

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-34779

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32848

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32846

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32845

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32843

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32842

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32840

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

CVSS: 7.2 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-29847

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-09-11
High

CVE-2024-39378

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-27115

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publ…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2024-27114

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be avai…

CVSS: 9.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2024-7626

The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in t…

CVSS: 8.1 CWE: CWE-73 - External Control of File Name or Path View on NVD
High

CVE-2024-43690

Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Comm…

CVSS: 8.0 CWE: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere View on NVD
High

CVE-2024-31336

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel w…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-09-10
High

CVE-2024-8191

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

CVSS: 7.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-8190

An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must ha…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-44107

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code exe…

CVSS: 8.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2024-34831

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-44872

A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-44871

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS: 7.2 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-43495

Windows libarchive Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-43479

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

CVSS: 8.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-43469

Azure CycleCloud Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-43467

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2024-43464

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-43463

Microsoft Office Visio Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-43454

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVSS: 7.1 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2024-38263

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2024-38260

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2024-38259

Microsoft Management Console Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-38228

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-38227

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-38119

Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-38045

Windows TCP/IP Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-38018

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-37340

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-37339

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-37338

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-37335

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-26191

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-26186

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability

CVSS: 8.1 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-45595

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrad…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-44677

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.

CVSS: 9.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2024-44676

eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.

CVSS: 4.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2024-8443

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using…

CVSS: 2.9 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-7770

The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uplo…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2024-33698

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Up…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-8258

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuse…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-8268

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-09-09
Critical

CVE-2024-44902

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2024-24510

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-44849

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2024-37288

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secu…

CVSS: 9.9 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-09-07
High

CVE-2024-42024

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.

CVSS: 8.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
Critical

CVE-2024-40711

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and passwords…

CVSS: 8.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2024-39715

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on…

CVSS: 8.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2024-39714

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server.

CVSS: 9.9 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-38651

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.

CVSS: 8.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious comma…

CVSS: 8.1 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2024-7620

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. Th…

CVSS: 6.6 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2024-09-06
Medium

CVE-2024-45405

`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a…

CVSS: 6.0 CWE: CWE-41 - Improper Resolution of Path Equivalence View on NVD
High

CVE-2024-8480

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in al…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-09-05
Critical

CVE-2024-42885

SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.

CVSS: 9.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-8178

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploi…

CVSS: 8.8 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
High

CVE-2024-45063

The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi c…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-43110

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to ac…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2024-43102

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapp…

CVSS: 10.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-42416

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software runni…

CVSS: 8.8 CWE: CWE-790 - Improper Filtering of Special Elements View on NVD
High

CVE-2024-32668

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can e…

CVSS: 8.2 CWE: CWE-193 - Off-by-one Error View on NVD
High

CVE-2024-41928

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a…

CVSS: 8.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-7627

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessi…

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-09-04
Critical

CVE-2024-45053

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering e…

CVSS: 9.1 CWE: CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine View on NVD
Critical

CVE-2024-44808

An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-34660

Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

CVSS: 7.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-34657

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.

CVSS: 8.6 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-34656

Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

CVSS: 7.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-7950

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all vers…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-09-03
Critical

CVE-2024-44809

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GE…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-42902

An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php funct…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD