Total
5645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1602 | 1 Suse | 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | |||||
| CVE-2017-7570 | 1 Pivotx | 1 Pivotx | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | |||||
| CVE-2017-7691 | 1 Sap | 1 Trex | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | |||||
| CVE-2017-7324 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | |||||
| CVE-2017-16664 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. | |||||
| CVE-2017-9774 | 1 Horde | 1 Horde Image Api | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |||||
| CVE-2017-11675 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | |||||
| CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | |||||
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | |||||
| CVE-2024-12238 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-18 | N/A | 6.3 MEDIUM |
| The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2024-40673 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.5 MEDIUM |
| In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-48236 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file | |||||
| CVE-2024-48235 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2024-53303 | 2025-04-17 | N/A | 8.8 HIGH | ||
| A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2025-32596 | 2025-04-17 | N/A | 7.3 HIGH | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3. | |||||
| CVE-2025-32583 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. This issue affects PDF 2 Post: from n/a through 2.4.0. | |||||
| CVE-2021-22646 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 8.8 HIGH |
| The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | |||||
| CVE-2022-43486 | 1 Buffalo | 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more | 2025-04-17 | N/A | 6.8 MEDIUM |
| Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. | |||||
| CVE-2024-54804 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. | |||||