BaserCMS Code Injection Vulnerability

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A code injection vulnerability exists in baserCMS versions 4.6.0 through 4.7.6, which stems from the application's failure to properly filter special elements of constructed snippets. An attacker can exploit the...

CVE-2023-45679 Attempt to free an uninitialized memory pointer in vorbis_deinit in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in startdecoder. In that case the function returns early, but some of the pointers in f-commentlist are left initialized and later setupfree is called on these...

PT-2023-29071 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.2.0 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the get products function. This could...

CVE-2023-36578

Microsoft Message Queuing MSMQ Remote Code Execution Vulnerability...

PT-2023-26770 · Unknown · Zlmediakit

Name of the Vulnerable Software and Affected Versions: ZLMediaKiet versions 4.0 through 5.0 Description: The issue allows an attacker to execute arbitrary code via a crafted script to the URL, potentially leading to the execution of malicious scripts. This is a Cross Site Scripting vulnerability...

PT-2023-28225 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

PT-2023-25537 · Relic · Relic

Name of the Vulnerable Software and Affected Versions: RELIC versions before commit 421f2e91cf2ba42473d4d54daf24e295679e290e Description: The issue allows attackers to execute arbitrary code and cause a denial of service. This is due to an integer overflow vulnerability in the bn get prime...

PT-2023-28016 · Grupposcai · Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: The issue allows attackers to execute arbitrary code via uploading a crafted HTML file, exploiting an arbitrary file upload vulnerability in the Carica immagine function. Recommendations: For...

CVE-2023-39010

BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file...

Adobe ColdFusion Deserialization Vulnerability (CNVD-2024-25608)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...

PT-2023-26107 · Geeklog · Geeklog

Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

CVE-2023-25001

creationtimestamp| type| source ---|---|--- 2023-06-28 02:12:22+00:00| seen| https://t.me/cibsecurity/65592...

PT-2023-25385 · Npm · @Backstage/Plugin-Scaffolder-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 1.15.0 Description: The Backstage scaffolder-backend plugin uses a templating library that requires a sandbox, allowing for code injection. A malicious actor with write access to a...

CVE-2023-34944

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11. up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2023-27352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue...

CVE-2023-21098

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

PT-2023-8610 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0-rc-1 Description: The issue exists due to improper escaping of...

CVE-2023-27649

creationtimestamp| type| source ---|---|--- 2023-04-14 16:25:49+00:00| seen| https://t.me/cibsecurity/62126...

CVE-2023-29053

A vulnerability has been identified in JT Open All versions V11.3.2.0, JT Utilities All versions V13.3.0.0. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the...