CVE-2023-24556

A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2023 All versions V223.0Update2. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to...

CVE-2023-24686

An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file...

PT-2023-12267 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.25 Description: An issue in phpwcms allows remote attackers to run arbitrary code via the DB user field during installation. Recommendations: For phpwcms version 1.9.25, at the moment, there is no information about a newer...

CVE-2022-42399

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

PT-2023-1493 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability in Dell BIOS. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain...

Arbitrary Code Execution

spip is vulnerable to arbitrary code execution. An attacker can inject and execute malicious code through the GET parameter...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-46435

An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image...

CVE-2022-46428

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...

CVE-2022-46912

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image...

PT-2022-25854 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs allows attackers to execute arbitrary code via uploading a crafted PNG file. Recommendations: For BlogEngine.NET...

Design/Logic Flaw

vSphereselfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2022-44303

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...

CVE-2022-43509

Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file...

CVE-2022-45313

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message...

CVE-2022-41660

A vulnerability has been identified in JT2Go All versions V14.1.0.4, Teamcenter Visualization V13.2 All versions V13.2.0.12, Teamcenter Visualization V13.3 All versions V13.3.0.7, Teamcenter Visualization V14.0 All versions V14.0.0.3, Teamcenter Visualization V14.1 All versions V14.1.0.4. The...

PYSEC-2022-43177

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

CVE-2022-41539

Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/usersadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-25042 · Unknown · Libagifencoder.Quram.So

Name of the Vulnerable Software and Affected Versions: libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 Description: A heap-based overflow vulnerability in the makeContactAGIF function of the libagifencoder.quram.so library allows an attacker to perform code execution...

PT-2022-25193 · Unknown · Simple College Website

Name of the Vulnerable Software and Affected Versions: Simple College Website version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, leveraging an arbitrary file write vulnerability. This is achieved through the file put contents function...