Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38078 | 1 Sixapart | 1 Movable Type | 2023-08-08 | N/A | 9.8 CRITICAL |
| Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | |||||
| CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | |||||
| CVE-2022-36756 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-25498 | 1 Cuppacms | 1 Cuppacms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | |||||
| CVE-2022-29078 | 1 Ejs | 1 Ejs | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | |||||
| CVE-2021-37079 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | |||||
| CVE-2022-35847 | 1 Fortinet | 1 Fortisoar | 2023-08-08 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2021-46362 | 1 Magnolia-cms | 1 Magnolia Cms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | |||||
| CVE-2022-24295 | 1 Okta | 1 Advanced Server Access Client For Windows | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | |||||
| CVE-2023-36255 | 1 Eramba | 1 Eramba | 2023-08-05 | N/A | 8.8 HIGH |
| An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. | |||||
| CVE-2023-3401 | 1 Gitlab | 1 Gitlab | 2023-08-04 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. | |||||
| CVE-2023-34842 | 1 Dedecms | 1 Dedecms | 2023-08-04 | N/A | 9.8 CRITICAL |
| Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | |||||
| CVE-2023-39013 | 1 Larsga | 1 Duke | 2023-08-03 | N/A | 9.8 CRITICAL |
| Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | |||||
| CVE-2023-39010 | 1 Lessthanoptimal | 1 Boofcv | 2023-08-03 | N/A | 9.8 CRITICAL |
| BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | |||||
| CVE-2023-39015 | 1 Code4craft | 1 Webmagic | 2023-08-03 | N/A | 9.8 CRITICAL |
| webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | |||||
| CVE-2023-39021 | 1 Wix | 1 Wix Embedded Mysql | 2023-08-03 | N/A | 9.8 CRITICAL |
| wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39022 | 1 Oscore | 1 Oscore | 2023-08-03 | N/A | 9.8 CRITICAL |
| oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2023-39023 | 1 University Compass Project | 1 University Compass | 2023-08-03 | N/A | 9.8 CRITICAL |
| university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. | |||||
| CVE-2022-36963 | 1 Solarwinds | 1 Orion Platform | 2023-08-03 | N/A | 7.2 HIGH |
| The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | |||||
| CVE-2023-27868 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2023-08-03 | N/A | 8.8 HIGH |
| IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516. | |||||