Total
4457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36120 | 2024-11-21 | N/A | 8.1 HIGH | ||
| javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature. | |||||
| CVE-2024-36075 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint. | |||||
| CVE-2024-36074 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. | |||||
| CVE-2024-35226 | 2024-11-21 | N/A | 7.3 HIGH | ||
| Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-34761 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. | |||||
| CVE-2024-34405 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. | |||||
| CVE-2024-33644 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. | |||||
| CVE-2024-33445 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. | |||||
| CVE-2024-33430 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | |||||
| CVE-2024-33394 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||||
| CVE-2024-33335 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. | |||||
| CVE-2024-33294 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | |||||
| CVE-2024-33228 | 2024-11-21 | N/A | 8.4 HIGH | ||
| An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | |||||
| CVE-2024-33225 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | |||||
| CVE-2024-32925 | 2024-11-21 | N/A | 8.8 HIGH | ||
| In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32599 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. | |||||
| CVE-2024-32492 | 2024-11-21 | N/A | 7.1 HIGH | ||
| An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. | |||||
| CVE-2024-32491 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. | |||||
| CVE-2024-32406 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. | |||||
| CVE-2024-32404 | 2024-11-21 | N/A | 6.0 MEDIUM | ||
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. | |||||