Vulnerabilities (CVE)

Filtered by CWE-94
Total 3151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21737 1 Sap 1 Application Interface Framework 2024-01-16 N/A 9.1 CRITICAL
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
CVE-2024-21646 1 Microsoft 1 Azure Uamqp 2024-01-12 N/A 9.8 CRITICAL
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.
CVE-2024-21650 1 Xwiki 1 Xwiki 2024-01-11 N/A 9.8 CRITICAL
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.
CVE-2023-7224 1 Openvpn 1 Connect 2024-01-11 N/A 7.8 HIGH
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable
CVE-2023-6540 1 Lenovo 2 Browser Hd, Browser Mobile 2024-01-10 N/A 7.5 HIGH
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
CVE-2023-7101 3 Debian, Fedoraproject, Jmcnamara 3 Debian Linux, Fedora, Spreadsheet\ 2024-01-09 N/A 7.8 HIGH
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
CVE-2023-43955 1 Fedirtsapana 1 Tv Bro 2024-01-09 N/A 9.8 CRITICAL
The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData.
CVE-2023-47883 1 Vladymix 1 Tv Browser 2024-01-09 N/A 9.8 CRITICAL
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity.
CVE-2023-41783 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-01-09 N/A 7.8 HIGH
There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the  program  failed to adequately validate the user's input, an attacker could exploit this vulnerability  to escalate local privileges.
CVE-2023-51784 1 Apache 1 Inlong 2024-01-09 N/A 9.8 CRITICAL
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329
CVE-2022-23631 1 Blitzjs 2 Blitz, Superjson 2024-01-09 7.5 HIGH 9.8 CRITICAL
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue.
CVE-2023-39157 1 Crocoblock 1 Jetelements 2024-01-05 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10.
CVE-2023-41544 1 Jeecg 1 Jeecg Boot 2024-01-05 N/A 9.8 CRITICAL
SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.
CVE-2023-51420 1 Soft8soft 1 Verge3d 2024-01-05 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.
CVE-2023-46987 1 Seacms 1 Seacms 2024-01-05 N/A 8.8 HIGH
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
CVE-2023-49830 1 Brainstormforce 1 Astra 2024-01-05 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.
CVE-2023-7148 1 Shifuml 1 Shifu 2024-01-05 5.1 MEDIUM 8.1 HIGH
A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151.
CVE-2023-45751 1 Posimyth 1 Nexter Extension 2024-01-04 N/A 7.2 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.
CVE-2023-46623 1 Wpvnteam 1 Wp Extra 2024-01-04 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.
CVE-2023-47840 1 Qodeinteractive 1 Qode Essential Addons 2024-01-04 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.