682 matches found
CVE-2024-31621
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component...
CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...
CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...
CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...
CVE-2024-32358
CVE-2024-32358 affects JPress v5.1.0. The issue allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, indicating a code execution risk originating from the plug‑in handling path. No remediation patch/version details are provided in the supp...
CVE-2024-31666
CVE-2024-31666 affects flusity-CMS v2.33. The vulnerability allows a remote attacker to execute arbitrary code via a crafted script targeting the edit_addon_post.php component. Multiple connected sources (NVD, Red Hat, OSV, CVE listing, CNNVD, and vuln enrichment) describe the same issue, confirm...
CVE-2024-31666
An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the editaddonpost.php component...
CVE-2024-32409
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script...
CVE-2024-32409
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script...
CVE-2024-32409
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script...
CVE-2024-22905
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function...
GHSA-JJFF-Q3Q4-5HH8 @andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
CVE-2024-30564
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
CVE-2024-30564
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
CVE-2024-30564
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
CVE-2024-30564
The CVE-2024-30564 issue affects andrei-tatar/nora-firebase-common in versions 1.0.41 through 1.12.2, where a crafted script submitted to the updateState parameter of updateStateInternal can enable remote code execution. Multiple sources corroborate the vulnerability’s presence across Red Hat, Ve...
CVE-2024-30564
An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method...
CVE-2024-25545
An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component...