CVE Daily
← All tags

Tag: Remote Code Execution

All CVEs associated with "Remote Code Execution". Page 78/346 • 41421 CVEs.

Subscribe CVEs: RSS for “Remote Code Execution”  ·  RSS (High+Critical only)

About “Remote Code Execution”

A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41421 CVEs for this tag (all time). In the last 365 days, 4753 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-05-03
Medium

CVE-2023-32135

Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-32134

Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DIC…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-32133

Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sant…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-32132

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sant…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-32131

Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sant…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-27369

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-27368

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-27367

NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX…

CVSS: 8.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2023-27366

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. Use…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-27365

Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit…

CVSS: 7.8 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
High

CVE-2023-27364

Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit…

CVSS: 7.8 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
High

CVE-2023-27363

Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PD…

CVSS: 7.8 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
High

CVE-2023-27362

3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-27361

NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installa…

CVSS: 8.0 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-27360

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30.…

CVSS: 8.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2023-27359

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 rou…

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-27358

NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2023-27356

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30…

CVSS: 8.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2023-27349

BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affec…

CVSS: 8.0 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2023-27348

PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange E…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-27347

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-27346

TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatio…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-27345

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XCha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-27344

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XCha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-27343

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XCha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-27342

PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations o…

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-27341

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XCha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-27340

PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XCha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-27339

PDF-XChange Editor PNG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XCha…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-27338

PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-27337

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChan…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2023-27335

Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeA…

CVSS: 9.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-27333

TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected…

CVSS: 6.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-27332

TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected insta…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2023-27331

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. Use…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-27330

Foxit PDF Reader XFA Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader.…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-27329

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. Use…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An…

CVSS: 7.8 CWE: CWE-91 - XML Injection (aka Blind XPath Injection) View on NVD
High

CVE-2023-27327

Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels…

CVSS: 7.5 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-27326

Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-27325

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Des…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2023-27324

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Des…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2023-27323

Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels D…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-27322

Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Des…

CVSS: 7.8 CWE: CWE-665 - Improper Initialization View on NVD
2024-05-02
High

CVE-2024-30305

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30304

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30303

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-30301

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-34394

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-chil…

CVSS: 8.1 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-34393

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability…

CVSS: 8.1 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-34392

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a…

CVSS: 8.1 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-34391

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability m…

CVSS: 8.1 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-33396

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

CVSS: 8.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-33394

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

CVSS: 5.9 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-4033

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all ve…

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-3849

The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contribu…

CVSS: 8.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
High

CVE-2024-3500

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it poss…

CVSS: 8.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
High

CVE-2024-3499

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage Scro…

CVSS: 8.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD
High

CVE-2024-25290

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function.

CVSS: 8.0 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-1567

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and incl…

CVSS: 8.2 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Medium

CVE-2024-32359

An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over t…

CVSS: 6.9 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2024-29309

An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.

CVSS: 7.7 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2024-4406

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…

CVSS: 9.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-4405

Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaom…

CVSS: 9.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-34145

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers wi…

CVSS: 8.8 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Critical

CVE-2024-34144

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scri…

CVSS: 9.8 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Medium

CVE-2023-28798

An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2024-3955

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controll…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-51631

D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected…

CVSS: 6.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2024-05-01
Critical

CVE-2023-46295

An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP…

CVSS: 9.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2024-33430

An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-33429

Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file.

CVSS: 7.1 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-33428

Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-33393

An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

CVSS: 6.2 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-33300

Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files.

CVSS: 7.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-26504

An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter.

CVSS: 8.8 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
Medium

CVE-2023-23022

Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 employee's payroll management system 1.0, allows attackers to execute arbitrary code via the code, title, from_date and to_date in…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-23021

Cross Site Scripting (XSS) vulnerability in sourcecodester oretnom23 pos point sale system 1.0, allows attackers to execute arbitrary code via the code, name, and description inputs in file Main.php.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-33442

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component.

CVSS: 4.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2024-33078

Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.

CVSS: 9.8 CWE: CWE-680 - Integer Overflow to Buffer Overflow View on NVD
High

CVE-2024-32212

SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and frmSe…

CVSS: 8.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-23480

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.

CVSS: 7.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
High

CVE-2024-28893

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software…

CVSS: 7.7 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2023-49606

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, wh…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2024-33512

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets des…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2024-33511

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PA…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2024-26305

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's a…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2024-26304

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-31413

Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto…

CVSS: 5.9 CWE: CWE-761 - Free of Pointer not at Start of Buffer View on NVD
High

CVE-2024-32018

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compil…

CVSS: 8.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2024-32017

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-31225

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The `_on_rd_init()` function does not implement a s…

CVSS: 8.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2024-32966

Static Web Server (SWS) is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an unt…

CVSS: 5.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-04-30
High

CVE-2024-29466

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component.

CVSS: 8.8 CWE: CWE-26 - Path Traversal: '/dir/../filename' View on NVD
Medium

CVE-2024-33371

Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml_list_action.php component.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-28269

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remot…

CVSS: 7.2 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2020-27478

Cross Site Scripting vulnerability found in Simplcommerce v.40734964b0811f3cbaf64b6dac261683d256f961 thru 3103357200c70b4767986544e01b19dbf11505a7 allows a remote attacker to execute arbitrary code v…

CVSS: 7.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-33103

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 is…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-28716

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2024-25938

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previ…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a prev…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-25575

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this…

CVSS: 8.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2024-04-29
Critical

CVE-2024-33350

Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2024-33435

Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute…

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2024-0840

The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary…

CVSS: 8.8 CWE: CWE-141 - Improper Neutralization of Parameter/Argument Delimiters View on NVD
High

CVE-2024-33443

An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component.

CVSS: 7.1 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-33438

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

CVSS: 8.0 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-31823

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.ph…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2024-31822

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php…

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-31821

SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcure…

CVSS: 8.0 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-31820

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Critical

CVE-2024-31705

An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input.

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Medium

CVE-2023-51254

Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-33449

An SSRF issue in the PDFMyURL service allows a remote attacker to obtain sensitive information and execute arbitrary code via a POST request in the url parameter

CVSS: 9.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Critical

CVE-2024-33445

An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component.

CVSS: 9.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

CVSS: 7.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2024-23995

Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-04-27
High

CVE-2022-48684

An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to ac…

CVSS: 8.4 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2024-25048

IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code…

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-04-26
Medium

CVE-2024-31828

Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD