Total
6191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9880 | 2025-03-26 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-24576 | 1 Dell | 1 Emc Networker | 2025-03-25 | 7.5 High |
| EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. | ||||
| CVE-2024-29202 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | 10 Critical |
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | ||||
| CVE-2024-29201 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | 10 Critical |
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | ||||
| CVE-2023-43651 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 8.6 High |
| JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2025-03-25 | 8.8 High |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2023-23477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-03-25 | 8.1 High |
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | ||||
| CVE-2024-33442 | 1 Flusity | 1 Flusity | 2025-03-25 | 4.3 Medium |
| An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. | ||||
| CVE-2023-24333 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-03-25 | 8.8 High |
| A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi. | ||||
| CVE-2023-41724 | 1 Ivanti | 2 Sentry, Standalone Sentry | 2025-03-25 | 8.8 High |
| A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network. | ||||
| CVE-2023-23912 | 1 Ui | 20 Er-10x, Er-10x Firmware, Er-12 and 17 more | 2025-03-24 | 8.8 High |
| A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. | ||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2025-03-24 | 7.2 High |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | ||||
| CVE-2024-7520 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-03-24 | 8.8 High |
| A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | ||||
| CVE-2023-0788 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 8.1 High |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0792 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 6.5 Medium |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-32680 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-20 | 8.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. | ||||
| CVE-2023-22855 | 1 Kardex | 1 Kardex Control Center | 2025-03-19 | 9.8 Critical |
| Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. | ||||
| CVE-2024-39864 | 2 Apache, Apache Software Foundation | 2 Cloudstack, Apache Cloudstack | 2025-03-19 | 9.8 Critical |
| The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue. | ||||
| CVE-2024-41623 | 2 D3dsecurity, Ezviz | 3 D8801, D8801 Firmware, Internet Pt Camera | 2025-03-18 | 9.8 Critical |
| An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload | ||||
| CVE-2021-33949 | 1 Wms Project | 1 Wms | 2025-03-18 | 9.8 Critical |
| An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | ||||