Total
6194 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16283 | 2 Hp, Microsoft | 2 Softpaq Installer, Windows | 2025-01-06 | 7.8 High |
| A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | ||||
| CVE-2024-13034 | 1 Code-projects | 1 Chat System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13075 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13076 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13077 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/add-property.php. The manipulation of the argument Land Subtype leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13081 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13082 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/search-property.php. The manipulation of the argument Search By leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13083 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument Admin Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-32546 | 1 Chatwork | 1 Chatwork | 2025-01-03 | 4.4 Medium |
| Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent. | ||||
| CVE-2023-30179 | 1 Craftcms | 1 Craft Cms | 2025-01-03 | 7.2 High |
| CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default. | ||||
| CVE-2023-3224 | 1 Nuxt | 1 Nuxt | 2025-01-03 | 9.8 Critical |
| Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | ||||
| CVE-2024-28119 | 1 Getgrav | 1 Grav | 2025-01-02 | 8.8 High |
| Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue. | ||||
| CVE-2024-28118 | 1 Getgrav | 1 Grav | 2025-01-02 | 8.8 High |
| Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue. | ||||
| CVE-2024-28117 | 1 Getgrav | 1 Grav | 2025-01-02 | 8.8 High |
| Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue. | ||||
| CVE-2024-28116 | 1 Getgrav | 1 Grav | 2025-01-02 | 8.8 High |
| Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. | ||||
| CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-01-02 | 7.8 High |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | ||||
| CVE-2022-35743 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-01-02 | 7.8 High |
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | ||||
| CVE-2023-35333 | 1 Microsoft | 2 Media Wiki Extensions Pandoc Upload, Pandocupload | 2025-01-01 | 8.8 High |
| MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | ||||
| CVE-2023-21569 | 1 Microsoft | 1 Azure Devops Server | 2025-01-01 | 5.5 Medium |
| Azure DevOps Server Spoofing Vulnerability | ||||
| CVE-2023-21553 | 1 Microsoft | 1 Azure Devops Server | 2025-01-01 | 7.5 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||