Total
4468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30349 | 1 Jflyfox | 1 Jfinal Cms | 2025-01-31 | N/A | 9.8 CRITICAL |
| JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | |||||
| CVE-2024-53561 | 2025-01-31 | N/A | 8.7 HIGH | ||
| A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2023-26782 | 1 Chshcms | 1 Mccms | 2025-01-31 | N/A | 6.5 MEDIUM |
| An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | |||||
| CVE-2023-29861 | 1 Flir | 2 Dvtel Camera, Dvtel Camera Firmware | 2025-01-31 | N/A | 9.8 CRITICAL |
| An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | |||||
| CVE-2023-26546 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | N/A | 8.8 HIGH |
| European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | |||||
| CVE-2023-6743 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-01-30 | N/A | 8.8 HIGH |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. | |||||
| CVE-2025-0871 | 2025-01-30 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument data_info[content] leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-39469 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | N/A | 7.2 HIGH |
| PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013. | |||||
| CVE-2023-29963 | 1 S-cms | 1 S-cms | 2025-01-29 | N/A | 7.2 HIGH |
| S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | |||||
| CVE-2024-10261 | 1 Cozmoslabs | 1 Membership \& Content Restriction - Paid Member Subscriptions | 2025-01-29 | N/A | 7.3 HIGH |
| The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-10001 | 2025-01-29 | N/A | N/A | ||
| A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-31414 | 1 Elastic | 1 Kibana | 2025-01-29 | N/A | 8.8 HIGH |
| Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | |||||
| CVE-2023-31415 | 1 Elastic | 1 Kibana | 2025-01-29 | N/A | 8.8 HIGH |
| Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | |||||
| CVE-2023-25717 | 1 Ruckuswireless | 61 E510, H320, H350 and 58 more | 2025-01-29 | N/A | 9.8 CRITICAL |
| Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | |||||
| CVE-2025-0790 | 2025-01-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic was found in ESAFENET CDG V5. This vulnerability affects unknown code of the file /doneDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0787 | 2025-01-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /appDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0785 | 2025-01-28 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24482 | 2025-01-28 | N/A | N/A | ||
| A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions. | |||||
| CVE-2024-3892 | 1 Telerik | 1 Ui For Winforms | 2025-01-28 | N/A | 7.2 HIGH |
| A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. | |||||
| CVE-2023-41783 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | N/A | 4.3 MEDIUM |
| There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges. | |||||