PYSEC-2022-43071

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package...

CVE-2022-30808

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manageuploads.php...

GHSA-X38J-4RR5-HQRJ git-big-picture Code Execution

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

CVE-2021-42643

cmseasy V7.7.520211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability...

phpMyAdmin Code Injection vulnerability

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

MantisBT XSS via my_view_page.php and view_user_page.php

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

CVE-2022-28828 Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Code Execution Vulnerability

Adobe Framemaker versions 2029u8 and earlier and 2020u4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi...

Code injection

ftcms =2.1 was discovered to be vulnerable to code execution attacks...

CVE-2022-29423

creationtimestamp| type| source ---|---|--- 2022-05-06 22:23:08+00:00| seen| https://t.me/cibsecurity/42144...

CVE-2022-21214 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution...

CVE-2022-20001 Injection in fish

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

CVE-2021-23180

A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in fileextension,in file.c may lead to execute arbitrary code and denial of service...

PT-2021-23581 · Unknown · 4Mosan Gcb Doctor

Name of the Vulnerable Software and Affected Versions: 4MOSAn GCB Doctor affected versions not specified Description: The issue is related to improper validation of Cookie on the login page, allowing an unauthenticated remote attacker to bypass authentication by code injection in the cookie. This...

Debian DLA-2727-1 : pyxdg - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2727 advisory. It was discovered that there was a code injection issue in PyXDG, a library used to locate freedesktop.org configuration/cache/etc. directories. CVE-2019-12761 A code...

PT-2021-10336 · Vaethink · Vaethink

Name of the Vulnerable Software and Affected Versions: vaeThink version 1.0.1 Description: A vulnerability in the vae admin rule database table allows attackers to execute arbitrary code via a crafted payload in the condition parameter. Recommendations: For vaeThink version 1.0.1, consider...

CVE-2021-23414

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

Updated lib3mf packages fix security vulnerability

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability CVE-2021-21772. A new package 'act' is...

Samsung Tizen Code Injection Vulnerability (CNVD-2021-51434)

Samsung Tizen is an open-source Linux-based mobile operating system from Samsung, South Korea, for smartphones, tablets, smartwatches, netbooks, in-vehicle messaging and entertainment devices, and smart TVs. A code injection vulnerability exists in Samsung Tizen, which stems from a faulty input...

record-like-deep-assign code issue vulnerability

record-like-deep-assign is a package. A code issue vulnerability exists in record-like-deep-assign that stems from a prototype contamination affecting key functionality within the plugin. No details of the vulnerability are provided at this time...