Total
3192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-1885 | 2024-02-29 | N/A | 6.3 MEDIUM | ||
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. | |||||
CVE-2023-52251 | 1 Provectus | 1 Ui | 2024-02-29 | N/A | 8.8 HIGH |
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | |||||
CVE-2023-32095 | 1 Milandinic | 1 Rename Media Files | 2024-02-29 | N/A | 8.8 HIGH |
Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | |||||
CVE-2020-8218 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | |||||
CVE-2020-8243 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. | |||||
CVE-2023-50379 | 2024-02-27 | N/A | N/A | ||
Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. | |||||
CVE-2024-0220 | 2024-02-22 | N/A | 8.3 HIGH | ||
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0. | |||||
CVE-2023-49109 | 2024-02-20 | N/A | N/A | ||
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | |||||
CVE-2024-1297 | 2024-02-20 | N/A | 10.0 CRITICAL | ||
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. | |||||
CVE-2023-51770 | 2024-02-20 | N/A | N/A | ||
Arbitrary File Read Vulnerability in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | |||||
CVE-2023-52381 | 2024-02-20 | N/A | N/A | ||
Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
CVE-2023-49314 | 2 Apple, Asana | 2 Macos, Desktop | 2024-02-16 | N/A | 7.8 HIGH |
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. | |||||
CVE-2023-47257 | 1 Connectwise | 2 Automate, Screenconnect | 2024-02-15 | N/A | 8.1 HIGH |
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages. | |||||
CVE-2005-1527 | 3 Awstats, Canonical, Debian | 3 Awstats, Ubuntu Linux, Debian Linux | 2024-02-14 | 5.0 MEDIUM | N/A |
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. | |||||
CVE-2002-1750 | 1 Cgiscript | 1 Csguestbook | 2024-02-14 | 7.5 HIGH | N/A |
csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
CVE-2002-1752 | 1 Cgiscript | 1 Cschat-r-box | 2024-02-14 | 7.5 HIGH | N/A |
csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
CVE-2002-1753 | 1 Cgiscript | 1 Csnews Professional | 2024-02-14 | 7.5 HIGH | N/A |
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
CVE-2005-2837 | 1 Plainblack | 1 Webgui | 2024-02-14 | 7.5 HIGH | N/A |
Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm. | |||||
CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-02-14 | 7.5 HIGH | N/A |
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. | |||||
CVE-2005-2498 | 2 Debian, Gggeek | 2 Debian Linux, Phpxmlrpc | 2024-02-14 | 7.5 HIGH | N/A |
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. |