CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 69/346 • 41401 CVEs.

Subscribe CVEs: RSS for “Remote Code Execution”  ·  RSS (High+Critical only)

About “Remote Code Execution”

A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41401 CVEs for this tag (all time). In the last 365 days, 4734 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-06-14
High

CVE-2024-36598

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.

CVSS: 8.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-24320

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-5671

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes…

CVSS: 9.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
Critical

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to in…

CVSS: 9.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
High

CVE-2024-27178

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabili…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-27177

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerab…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-27176

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabili…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-27174

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS scor…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vu…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-27172

Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

CVSS: 7.4 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-06-13
Medium

CVE-2024-33253

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and descrip…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2024-0095

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful…

CVSS: 9.0 CWE: CWE-117 - Improper Output Neutralization for Logs View on NVD
High

CVE-2024-0090

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of serv…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-0089

NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lea…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2024-32925

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges n…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-32913

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges neede…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2024-32905

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-29786

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-5950

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-5948

Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affec…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-5924

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox…

CVSS: 8.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2024-37029

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2024-37849

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-32860

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnera…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-32859

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnera…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-32858

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnera…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-34115

Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-34110

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution.…

CVSS: 7.2 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-34109

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the…

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2024-34108

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the…

CVSS: 9.1 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary c…

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Critical

CVE-2024-38295

ALCASAR before 3.6.1 allows still_connected.php remote code execution.

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2024-38294

ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2024-38293

ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.

CVSS: 9.6 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2024-06-12
Medium

CVE-2024-37878

Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes para…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-36840

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and lo…

CVSS: 9.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-28964

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, l…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the websit…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-06-11
High

CVE-2024-5836

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chro…

CVSS: 8.8 CWE: CWE-474 - Use of Function with Inconsistent Implementations View on NVD
High

CVE-2024-5834

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-28877

MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required t…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via s…

CVSS: 7.2 CWE: CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine View on NVD
High

CVE-2024-35249

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-30104

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-30103

Microsoft Outlook Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-184 - Incomplete List of Disallowed Inputs View on NVD
High

CVE-2024-30102

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30101

Microsoft Office Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30100

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
High

CVE-2024-30097

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2024-30095

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30094

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2024-30080

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30078

Windows Wi-Fi Driver Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-30077

Windows OLE Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30075

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30074

Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-30072

Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2024-30063

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVSS: 6.7 CWE: CWE-641 - Improper Restriction of Names for Files and Other Resources View on NVD
High

CVE-2024-30062

Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-30052

Visual Studio Remote Code Execution Vulnerability

CVSS: 4.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD
High

CVE-2024-2011

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outsi…

CVSS: 8.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-28023

A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive i…

CVSS: 5.7 CWE: CWE-259 - Use of Hard-coded Password View on NVD
2024-06-10
Medium

CVE-2022-37020

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitiga…

CVSS: 6.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2022-37019

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate…

CVSS: 6.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a rem…

CVSS: 8.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-27857

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able t…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2024-27851

The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously cra…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2024-27840

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS…

CVSS: 6.3 CWE: CWE-786 - Access of Memory Location Before Start of Buffer View on NVD
High

CVE-2024-27836

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-27833

An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing malic…

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-27831

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, mac…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-27828

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel…

CVSS: 7.8 CWE: CWE-786 - Access of Memory Location Before Start of Buffer View on NVD
High

CVE-2024-27820

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2024-27817

The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5,…

CVSS: 7.8 CWE: CWE-353 - Missing Support for Integrity Check View on NVD
High

CVE-2024-27815

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be abl…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-27808

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content m…

CVSS: 8.8 CWE: CWE-786 - Access of Memory Location Before Start of Buffer View on NVD
High

CVE-2024-27802

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Vent…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2024-36415

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote…

CVSS: 9.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
High

CVE-2022-32897

A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-5597

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
Medium

CVE-2024-36531

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component.

CVSS: 5.7 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-36528

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.ph…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2024-35307

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 t…

CVSS: 9.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2024-06-09
High

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. Th…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially…

CVSS: 6.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2024-06-08
Medium

CVE-2023-45707

HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch ad…

CVSS: 4.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-06-07
High

CVE-2024-0444

GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreame…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-31959

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution.

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handl…

CVSS: 7.2 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
Medium

CVE-2023-5424

The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files,…

CVSS: 4.7 CWE: CWE-1236 - Improper Neutralization of Formula Elements in a CSV File View on NVD
High

CVE-2024-4887

The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_b…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
2024-06-06
High

CVE-2024-36774

An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVSS: 7.2 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Low

CVE-2024-5307

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-5306

Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power P…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2024-5305

Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kof…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-5304

Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2024-5278

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_u…

CVSS: 6.1 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-5187

A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-4320

A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route ha…

CVSS: 9.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Critical

CVE-2024-3408

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in th…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Critical

CVE-2024-3166

A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability…

CVSS: 9.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-3095

A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever…

CVSS: 7.7 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2024-30373

Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2024-2624

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lo…

CVSS: 9.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Critical

CVE-2024-2360

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path…

CVSS: 9.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Critical

CVE-2024-2359

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-1880

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2024-5509

Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-5508

Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxio…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-5507

Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-5506

Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxio…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected insta…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-5452

A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attribut…

CVSS: 9.8 CWE: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes View on NVD
High

CVE-2024-5303

Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD