206198 matches found
CVE-2023-43453
An issue in TOTOLINK X6000R V9.4.0cu.652B20230116 and V9.4.0cu.852B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component...
CVE-2023-43884
A Cross-site scripting XSS vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter...
CVE-2023-29551
Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2023-29074
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2023-29160
Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed...
CVE-2023-29861
An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device...
CVE-2023-29689
PyroCMS 3.9 contains a remote code execution RCE vulnerability that can be exploited through a server-side template injection SSTI flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system...
CVE-2023-29596
Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function...
CVE-2023-29075
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2023-29862
An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters...
CVE-2023-29808
Cross Site Scripting XSS vulnerability in vogtmh cmaps companymaps 8.0 allows attackers to execute arbitrary code...
CVE-2023-50702
Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users and low-privileged users have write access to %PROGRAMDATA%\SSCService. Consequently, low-privileged users can execute arbitrary code as LocalSystem...
CVE-2023-50922
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000...
CVE-2023-50975
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
CVE-2023-50895
In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...
CVE-2023-49046
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule...
CVE-2023-49442
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request...
CVE-2023-49114
A DLL hijacking vulnerability was identified in the Qognify VMS Client Viewer version 7.1 or higher, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL, if some specific pre-conditions are met...
CVE-2023-45885
Cross Site Scripting XSS vulnerability in NASA Open MCT aka openmct through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin...