CVE-2023-33829

A stored cross-site scripting XSS vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

CVE-2020-25695 - Multiple features escape "security restricted operation" sandbox

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...

CVE-2023-31208

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...

Input validation

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command execution for authorized users...

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

CVE-2023-29839

hotel druid 3.0.4 contains a Stored XSS in the Document function, affecting the fields Surname, Name, and Nickname. This is evidenced across multiple CVE records (NVD/Red Hat/OSV/etc.). The vulnerability is described as allowing arbitrary command execution. Practically, the issue is tied to input...

CVE-2023-29839

A Stored Cross Site Scripting XSS vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function...

CVE-2023-22665 Apache Jena: Exposure of arbitrary execution in script engine expressions.

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

Important: golang

Issue Overview: Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. CVE-2022-30580 Infinite loop in...

Fedora 37 : php-Smarty (2023-4b03f6cd8a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4b03f6cd8a advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...

CVE-2023-26847

A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...

Cross site scripting

A cross-site scripting XSS vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP...

Command injection

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...

CVE-2023-27635

CVE-2023-27635 affects debmany in Debian Goodies 0.88.1. The root cause is an eval call that allows an attacker to execute arbitrary shell commands via a crafted .deb file, with the file path shown to the user before execution. This yields a local attack vector with user interaction required (per...