Total
5645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4964 | 1 Cloudfoundry | 1 Bosh Azure Cpi | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | |||||
| CVE-2014-9463 | 2 Vbseo, Vbulletin | 2 Vbseo, Vbulletin | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||||
| CVE-2011-0469 | 1 Suse | 1 Opensuse | 2025-04-20 | 9.0 HIGH | 9.8 CRITICAL |
| Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | |||||
| CVE-2017-11421 | 1 Gnome-exe-thumbnailer Project | 1 Gnome-exe-thumbnailer | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. | |||||
| CVE-2017-10835 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2017-6455 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | |||||
| CVE-2014-4000 | 1 Cacti | 1 Cacti | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | |||||
| CVE-2017-11760 | 1 Projeqtor | 1 Projeqtor | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | |||||
| CVE-2014-8872 | 1 Avm | 4 Fritz\!box 6810 Lte, Fritz\!box 6810 Lte Firmware, Fritz\!box 6840 Lte and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | |||||
| CVE-2017-14353 | 1 Hp | 1 Ucmdb Foundation Software | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | |||||
| CVE-2016-5727 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | |||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2025-04-20 | 5.1 MEDIUM | 7.0 HIGH |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | |||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | |||||
| CVE-2017-14077 | 1 Phpcaptcha | 1 Securimage | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | |||||
| CVE-2015-6576 | 1 Atlassian | 1 Bamboo | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | |||||
| CVE-2017-7911 | 1 Cybervision | 1 Kaa Iot Platform | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2017-0899 | 3 Debian, Redhat, Rubygems | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | |||||
| CVE-2017-1469 | 1 Ibm | 1 Infosphere Information Server | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | |||||
| CVE-2017-8912 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug. | |||||
| CVE-2017-10844 | 1 Basercms | 1 Basercms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | |||||