CVE-2024-11635 WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfuABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server...

BIT-KEYDB-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-56278

CVE-2024-56278: Improper generation of code (Code Injection) in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion. Affected: WP Ultimate Exporter versions from n/a to 2.9.1. CVSSv3.1 base score 9.1 (CRITICAL); vectors: Network, Privileges Required HIGH, User Interaction NONE, Scop...

CVE-2024-20154

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Pat...

CVE-2024-12751

Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

The Apache Software Foundation ASF has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution RCE under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigati...

libarchive RAR File Parsing Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RAR file...

Internet Bug Bounty: [SECURITY] CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet

A vulnerability was discovered in Apache Tomcat where a race condition could be triggered on a Windows machine with a write-enabled default servlet, leading to remote code execution. The issue was caused by the case-insensitive nature of the file system, which allowed an uploaded file to be treat...

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

Remote Code Execution (RCE)

D-Tale is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability for users to update the enablecustomfilters flag through the update-settings endpoint, allowing attackers to run malicious code on the server...

CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...

CVE-2024-49132

Windows Remote Desktop Services Remote Code Execution Vulnerability...

CVE-2024-49070

Microsoft SharePoint Remote Code Execution Vulnerability...

CVE-2024-49070 Microsoft SharePoint Remote Code Execution Vulnerability

...

CVE-2024-47946

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code execut...

Microsoft Office Remote Code Execution Vulnerability

...

Windows Domain Name Service Remote Code Execution Vulnerability

...

CVE-2023-43962

Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab...

PT-2024-9969 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 4.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not...

CVE-2024-48871 Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow

The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution...