CVE-2024-22545

An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub420AE0 function. The attack can be launched remotely...

CVE-2024-0738

A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has...

CVE-2024-26548

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the uploadfile.cgi component...

CVE-2024-12908

Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...

CVE-2024-36418

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

CVE-2024-44849

Qualitor up to 8.24 is vulnerable to Remote Code Execution RCE via Arbitrary File Upload in checkAcesso.php...

CVE-2024-33430

An issue in phiola/src/afilter/pcmconvert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file...

CVE-2024-46084

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution RCE via the nmunzip function...

CVE-2024-28859

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...

CVE-2024-37845

MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution RCE vulnerability via the Active Process Command feature...

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter sent by an authenticated...

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...

CVE-2024-31822

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component...

CVE-2024-40492

Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function...

CVE-2024-49749

In DGifSlurp of dgiflib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

CVE-2024-46080

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution RCE via the nmzip function...

CVE-2024-48061

langflow =1.0.18 is vulnerable to Remote Code Execution RCE as any component provided the code functionality and the components run on the local machine rather than in a sandbox...

CVE-2023-38704

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-36812

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...