Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31648 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. | |||||
| CVE-2024-31621 | 2024-11-21 | N/A | 7.6 HIGH | ||
| An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component. | |||||
| CVE-2024-31396 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server. | |||||
| CVE-2024-31390 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | |||||
| CVE-2024-31380 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. | |||||
| CVE-2024-31266 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | |||||
| CVE-2024-31032 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. | |||||
| CVE-2024-31011 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | |||||
| CVE-2024-30973 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. | |||||
| CVE-2024-30845 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | |||||
| CVE-2024-30567 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. | |||||
| CVE-2024-30202 | 2024-11-21 | N/A | 7.8 HIGH | ||
| In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | |||||
| CVE-2024-2209 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. | |||||
| CVE-2024-2195 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise. | |||||
| CVE-2024-2097 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. | |||||
| CVE-2024-2016 | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-29513 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. | |||||
| CVE-2024-29399 | 2024-11-21 | N/A | 7.6 HIGH | ||
| An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | |||||
| CVE-2024-29309 | 2024-11-21 | N/A | 7.7 HIGH | ||
| An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. | |||||
| CVE-2024-29276 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component. | |||||