Total
4408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2558 | 1 Skyphe | 1 File-gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
| The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function. | |||||
| CVE-2014-6321 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 10.0 HIGH | N/A |
| Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." | |||||
| CVE-2014-6389 | 1 Phpcompta | 1 Phpcompta\/noalyss | 2025-04-12 | 7.5 HIGH | N/A |
| backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter. | |||||
| CVE-2014-3188 | 2 Google, Redhat | 6 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 10.0 HIGH | N/A |
| Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | |||||
| CVE-2014-6333 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability." | |||||
| CVE-2013-4581 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2025-04-12 | 6.8 MEDIUM | N/A |
| GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. | |||||
| CVE-2015-0935 | 1 Bomgar | 1 Remote Support | 2025-04-12 | 7.5 HIGH | N/A |
| Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. | |||||
| CVE-2014-4043 | 2 Gnu, Opensuse | 2 Glibc, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. | |||||
| CVE-2014-8791 | 1 Enalean | 1 Tuleap | 2025-04-12 | 6.0 MEDIUM | N/A |
| project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | |||||
| CVE-2016-3153 | 2 Debian, Spip | 2 Debian Linux, Spip | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | |||||
| CVE-2014-0479 | 2 Canonical, Debian | 2 Reportbug, Reportbug | 2025-04-12 | 6.8 MEDIUM | N/A |
| reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py. | |||||
| CVE-2014-3593 | 1 Scientificlinux | 1 Luci | 2025-04-12 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||||
| CVE-2015-5721 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | |||||
| CVE-2014-3176 | 1 Google | 1 Chrome | 2025-04-12 | 10.0 HIGH | N/A |
| Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. | |||||
| CVE-2013-6399 | 1 Qemu | 1 Qemu | 2025-04-12 | 7.5 HIGH | N/A |
| Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||||
| CVE-2013-1348 | 1 Sensiolabs | 1 Symfony | 2025-04-12 | 7.5 HIGH | N/A |
| The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. | |||||
| CVE-2013-4151 | 1 Qemu | 1 Qemu | 2025-04-12 | 7.5 HIGH | N/A |
| The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | |||||
| CVE-2014-6446 | 1 Infusionsoft Gravity Forms Project | 1 Infusionsoft Gravity Forms | 2025-04-12 | 7.5 HIGH | N/A |
| The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | |||||
| CVE-2014-9001 | 1 Incrediblepbx | 1 Incredible Pbx 11 | 2025-04-12 | 6.5 MEDIUM | N/A |
| reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. | |||||
| CVE-2014-0602 | 1 Microfocus | 1 Security Manager | 2025-04-12 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460. | |||||