Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29566 | 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project | 2 Dawnsparks-node-tesseract, Huedawn-tesseract | 2025-02-04 | N/A | 9.8 CRITICAL |
| huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | |||||
| CVE-2023-26060 | 1 Nokia | 1 Netact | 2025-02-04 | N/A | 6.8 MEDIUM |
| An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | |||||
| CVE-2024-55504 | 2025-02-04 | N/A | 5.5 MEDIUM | ||
| An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS. | |||||
| CVE-2024-11036 | 1 Gamipress | 1 Gamipress | 2025-02-04 | N/A | 7.3 HIGH |
| The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2025-24677 | 2025-02-04 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3. | |||||
| CVE-2025-24959 | 2025-02-03 | N/A | N/A | ||
| zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to `dotenv.stringify`. Specifically, avoid using `"`, `'`, and backticks in values, or enforce strict validation of environment variables before usage. | |||||
| CVE-2023-30404 | 1 Aigital | 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware | 2025-02-03 | N/A | 9.8 CRITICAL |
| Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. | |||||
| CVE-2024-42911 | 2025-02-03 | N/A | 7.4 HIGH | ||
| ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. | |||||
| CVE-2024-37061 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | N/A | 8.8 HIGH |
| Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run. | |||||
| CVE-2025-0972 | 2025-02-03 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-0971 | 2025-02-03 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-6923 | 2025-01-31 | N/A | 5.5 MEDIUM | ||
| There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. | |||||
| CVE-2024-11600 | 1 Visualmodo | 1 Borderless | 2025-01-31 | N/A | 7.2 HIGH |
| The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'write_config' function. This is due to a lack of sanitization on an imported JSON file. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | |||||
| CVE-2023-30349 | 1 Jflyfox | 1 Jfinal Cms | 2025-01-31 | N/A | 9.8 CRITICAL |
| JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | |||||
| CVE-2024-53561 | 2025-01-31 | N/A | 8.7 HIGH | ||
| A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2023-26782 | 1 Chshcms | 1 Mccms | 2025-01-31 | N/A | 6.5 MEDIUM |
| An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | |||||
| CVE-2023-29861 | 1 Flir | 2 Dvtel Camera, Dvtel Camera Firmware | 2025-01-31 | N/A | 9.8 CRITICAL |
| An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | |||||
| CVE-2023-26546 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | N/A | 8.8 HIGH |
| European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | |||||
| CVE-2023-6743 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2025-01-30 | N/A | 8.8 HIGH |
| The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. | |||||
| CVE-2025-0871 | 2025-01-30 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the argument data_info[content] leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||