Total
6322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2026-06-17 | N/A | 9.8 CRITICAL |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | |||||
| CVE-2024-23601 | 1 Automationdirect | 12 P1-540, P1-540 Firmware, P1-550 and 9 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-23278 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 8.6 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, watchOS 10.4. An app may be able to break out of its sandbox. | |||||
| CVE-2024-23208 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2024-22988 | 1 Zkteco | 1 Zkbio Wdms | 2026-06-17 | N/A | 9.8 CRITICAL |
| ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp. | |||||
| CVE-2024-22899 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2026-06-17 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | |||||
| CVE-2024-22724 | 1 Oscommerce | 1 Oscommerce | 2026-06-17 | N/A | 6.6 MEDIUM |
| An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. | |||||
| CVE-2024-22722 | 1 Formtools | 1 Form Tools | 2026-06-17 | N/A | 7.2 HIGH |
| Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. | |||||
| CVE-2024-22633 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2024-22632 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2024-22533 | 1 Xiandafu | 1 Beetl | 2026-06-17 | N/A | 9.8 CRITICAL |
| Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | |||||
| CVE-2024-22514 | 1 Ispyconnect | 1 Agent Dvr | 2026-06-17 | N/A | 8.8 HIGH |
| An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. | |||||
| CVE-2024-22274 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2026-06-17 | N/A | 7.2 HIGH |
| The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. | |||||
| CVE-2024-22188 | 1 Typo3 | 1 Typo3 | 2026-06-17 | N/A | 7.2 HIGH |
| TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1. | |||||
| CVE-2024-22144 | 2026-06-17 | N/A | 9.0 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. | |||||
| CVE-2024-22131 | 1 Sap | 1 Abap Platform | 2026-06-17 | N/A | 9.1 CRITICAL |
| In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable. | |||||
| CVE-2024-21892 | 2 Linux, Nodejs | 2 Linux Kernel, Node.js | 2026-06-17 | N/A | 7.8 HIGH |
| On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | |||||
| CVE-2024-21737 | 1 Sap | 1 Application Interface Framework | 2026-06-17 | N/A | 8.4 HIGH |
| In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability. | |||||
| CVE-2024-21683 | 1 Atlassian | 7 Confluence Data Center, Confluence Server, Crucible and 4 more | 2026-06-17 | N/A | 8.8 HIGH |
| This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally. | |||||
| CVE-2024-21682 | 1 Atlassian | 1 Assets Discovery Data Center | 2026-06-17 | N/A | 7.2 HIGH |
| This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program. | |||||