Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2056 | 1 Dedecms | 1 Dedecms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability. | |||||
| CVE-2023-1773 | 1 Rockoa | 1 Rockoa | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1482 | 1 Hkcms Project | 1 Hkcms | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability. | |||||
| CVE-2023-1947 | 1 Taogogo | 1 Taocms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1004 | 2 Marktext, Microsoft | 2 Marktext, Windows | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | |||||
| CVE-2023-1005 | 1 Markdown-electron Project | 1 Markdown-electron | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1003 | 2 Microsoft, Typora | 2 Windows, Typora | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. | |||||
| CVE-2021-4315 | 1 Psiturk | 1 Psiturk | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676. | |||||
| CVE-2015-10009 | 1 Nonfiction | 1 Nterchange | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The patch is named fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187. | |||||
| CVE-2024-4181 | 2024-05-16 | N/A | N/A | ||
| A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines. | |||||
| CVE-2023-25910 | 1 Siemens | 3 Simatic Pcs 7, Simatic S7-pm, Simatic Step 7 | 2024-05-14 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 (All versions < V9.1 SP2 UC04), SIMATIC S7-PM (All versions < V5.7 SP1 HF1), SIMATIC S7-PM (All versions < V5.7 SP2 HF1), SIMATIC STEP 7 V5 (All versions < V5.7). The affected product contains a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system's server. | |||||
| CVE-2023-34644 | 1 Ruijie | 130 Re-eg1000m, Re-eg1000m Firmware, Rg-eg1000c and 127 more | 2024-05-14 | N/A | 9.8 CRITICAL |
| Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. | |||||
| CVE-2024-31390 | 2024-05-08 | N/A | N/A | ||
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | |||||
| CVE-2024-31266 | 2024-04-25 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | |||||
| CVE-2024-22144 | 2024-04-25 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. | |||||
| CVE-2024-32599 | 2024-04-18 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. | |||||
| CVE-2024-3098 | 2024-04-10 | N/A | N/A | ||
| A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw. | |||||
| CVE-2024-24707 | 2024-04-03 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | |||||
| CVE-2024-27191 | 2024-04-03 | N/A | N/A | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2. | |||||
| CVE-2023-32095 | 1 Milandinic | 1 Rename Media Files | 2024-02-29 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinic Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | |||||