Export limit exceeded: 10225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10225 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22198 | 1 Nginxui | 1 Nginx Ui | 2024-11-21 | 7.1 High |
| Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9. | ||||
| CVE-2024-21852 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | 8.8 High |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution. | ||||
| CVE-2024-21674 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 7.5 High |
| This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). | ||||
| CVE-2024-21663 | 1 Demon1a | 1 Discord-recon | 2024-11-21 | 10 Critical |
| Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8. | ||||
| CVE-2024-21625 | 1 Sidequestvr | 1 Sidequest | 2024-11-21 | 8.8 High |
| SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. | ||||
| CVE-2024-1577 | 1 Megabip | 1 Megabip | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. | ||||
| CVE-2024-0916 | 2024-11-21 | 10 Critical | ||
| Unauthenticated file upload allows remote code execution. This issue affects UvDesk Community: from 1.0.0 through 1.1.3. | ||||
| CVE-2024-0794 | 2024-11-21 | 9.8 Critical | ||
| Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file. | ||||
| CVE-2024-0200 | 1 Github | 1 Enterprise Server | 2024-11-21 | 7.2 High |
| An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-6974 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | ||||
| CVE-2023-6691 | 1 Cambiumnetworks | 2 Epmp Force 300-25, Epmp Force 300-25 Firmware | 2024-11-21 | 7.8 High |
| Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | ||||
| CVE-2023-6140 | 1 G5plus | 1 Essential Real Estate | 2024-11-21 | 8.8 High |
| The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. | ||||
| CVE-2023-6116 | 1 Hanwhavision | 1 Xrn-420s | 2024-11-21 | 8.9 High |
| Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2023-6095 | 2024-11-21 | 8.9 High | ||
| Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2023-6016 | 1 H2o | 1 H2o | 2024-11-21 | 9.8 Critical |
| An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | ||||
| CVE-2023-6012 | 1 Lanaccess | 1 Onsafe Monitorhm | 2024-11-21 | 8.3 High |
| An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. | ||||
| CVE-2023-5939 | 1 Rtcamp | 1 Rtmedia | 2024-11-21 | 7.2 High |
| The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. | ||||
| CVE-2023-5886 | 1 Soflyy | 2 Export Any Wordpress Data To Xml\/csv, Wp All Export | 2024-11-21 | 8.8 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. | ||||
| CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | ||||
| CVE-2023-5762 | 1 Filr Project | 1 Filr | 2024-11-21 | 8.8 High |
| The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | ||||