Total
4440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32728 | 1 Zabbix | 1 Zabbix-agent2 | 2024-11-21 | N/A | 4.6 MEDIUM |
| The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | |||||
| CVE-2023-32697 | 1 Sqlite Jdbc Project | 1 Sqlite Jdbc | 2024-11-21 | N/A | 8.8 HIGH |
| SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. | |||||
| CVE-2023-32692 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A | 9.8 CRITICAL |
| CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. | |||||
| CVE-2023-32626 | 1 Elecom | 4 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | |||||
| CVE-2023-32540 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A | 7.2 HIGH |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | |||||
| CVE-2023-32418 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-32095 | 1 Milandinic | 1 Rename Media Files | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinic Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | |||||
| CVE-2023-31447 | 1 Draytek | 4 Vigor2620, Vigor2620 Firmware, Vigor2625 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. | |||||
| CVE-2023-31315 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. | |||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 5.3 MEDIUM |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
| CVE-2023-30990 | 1 Ibm | 1 I | 2024-11-21 | N/A | 8.6 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. | |||||
| CVE-2023-30912 | 1 Hpe | 1 Oneview | 2024-11-21 | N/A | 7.2 HIGH |
| A remote code execution issue exists in HPE OneView. | |||||
| CVE-2023-30537 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10. | |||||
| CVE-2023-30131 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | |||||
| CVE-2023-2943 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-2928 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. | |||||
| CVE-2023-2859 | 1 Teampass | 1 Teampass | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | |||||
| CVE-2023-2583 | 1 Jsreport | 1 Jsreport | 2024-11-21 | N/A | 10.0 CRITICAL |
| Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | |||||
| CVE-2023-2259 | 1 Alf | 1 Alf | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | |||||
| CVE-2023-2056 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability. | |||||