Lucene search
K

725 matches found

Github Security Blog
Github Security Blog
added 2023/12/05 11:30 p.m.29 views

tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection

Summary The tj-actions/branch-names GitHub Actions references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name...

9.8CVSS9.5AI score0.01448EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2023/12/04 11:21 p.m.20 views

CVE-2023-49291 Improper Sanitization of Branch Name Leads to Arbitrary Code Injection

tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The tj-actions/branch-names GitHub Actions improperly references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variab...

9.3CVSS9.8AI score0.01448EPSS
Exploits1References5
Veracode
Veracode
added 2023/11/08 7:30 a.m.37 views

Arbitrary Code Injection

quartz-jobs is vulnerable to Arbitrary code injection. The vulnerability is due to lack of message validation in the SendQueueMessageJob.execute method, which can lead to remote code execution...

9.8CVSS8AI score0.01017EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/11/01 8:15 a.m.16 views

Input validation

Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...

6.5CVSS8.7AI score0.32845EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/12 12:0 a.m.32 views

CVE-2023-29453

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS7.3AI score0.0075EPSS
Exploits0References2
Veracode
Veracode
added 2023/10/03 9:23 a.m.23 views

Arbitrary Code Injection

pretix is vulnerable to Arbitrary Code Injection. The vulnerability is caused by allowing parsing of EPS Encapsulated PostScript files in various features of the application. An attacker can exploit this to execute arbitrary code by sending a specially crafted EPS file...

7.8CVSS7.8AI score0.003EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.6 views

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in its improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerability of the Docker Desktop platform for developing and delivering container applications is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to inject arbitrary code into the system...

10CVSS8.1AI score0.00739EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/15 1:15 a.m.24 views

CVE-2023-40985

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file ...

5.4CVSS6AI score0.00415EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.3 views

Webmin Cross-Site Scripting Vulnerability

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.100. An attacker can exploit this vulnerability to inject arbitrary code...

5.4CVSS6.9AI score0.00415EPSS
Exploits1References4
Veracode
Veracode
added 2023/08/22 5:34 a.m.16 views

Arbitrary Code Injection

sketchsvg is vulnerable to Remote Code Execution RCE. The vulnerability exists due to a lack of user input sanitization in when calling the shell.exec method, allowing an attacker to inject and execute malicious code into the system...

7.8CVSS7.6AI score0.00405EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/08/02 6:30 a.m.22 views

Arbitrary Code Injection

org.apache.nifi: is vulnerable to Arbitrary Code Injection. The vulnerability exists in several functions which allows an authenticated attacker to submit a malicious request to configure a location that enables custom code execution...

8.8CVSS7AI score0.0163EPSS
Exploits0References6Affected Software9
Veracode
Veracode
added 2023/07/21 10:22 a.m.28 views

Arbitrary Code Injection

org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...

9.8CVSS7.4AI score0.96604EPSS
Exploits11References5Affected Software1
Veracode
Veracode
added 2023/07/17 10:27 a.m.21 views

Arbitrary Code Injection

Apache Ambari is vulnerable to Arbitrary Code Injection. The vulnerability exists in the metrics source which allows an attacker to execute arbitrary code by submitting a malicious SpEL expression...

8.8CVSS7.8AI score0.01052EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/13 7:15 p.m.38 views

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

6.7CVSS0.00555EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/13 7:15 p.m.3 views

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

6.7CVSS5.9AI score0.00555EPSS
Exploits1References2
OSV
OSV
added 2023/07/13 7:15 p.m.6 views

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

6.7CVSS5.9AI score0.00555EPSS
Exploits1References1
CVE
CVE
added 2023/07/13 12:0 a.m.57 views

CVE-2022-42045

CVE-2022-42045 affects Zemana Watchdog AntiMalware 4.1.422 and Zemana AntiMalware 3.2.28, due to an arbitrary code injection in the amsdk.sys kernel driver. Root cause: an input-driven stub in the driver can be filled with user-controlled code, enabling kernel-mode code execution and potential dr...

6.7CVSS6.8AI score0.00555EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.5 views

Zemana Anti Malware 安全漏洞

Zemana Anti Malware is an anti-malware program from Zemana. A security vulnerability exists in Zemana Anti Malware version 4.1.422, Zemana AntiMalware version 3.2.28, which stems from vulnerability to arbitrary code injection...

6.7CVSS6.9AI score0.00555EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/13 12:0 a.m.13 views

CVE-2022-42045

Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28...

7.4AI score0.00555EPSS
Exploits1References1
0day.today
0day.today
added 2023/07/10 12:0 a.m.330 views

Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit

RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...

9.8CVSS9.7AI score0.96604EPSS
Exploits11
Rows per page
Query Builder