CVE-2024-12700

CVE-2024-12700 relates to Tibbo AggreGate Network Manager. The provided documents identify an unrestricted file upload vulnerability in the UploaderTempFileController (Tibbo Aggregate Network Manager) that allows an authenticated, low-privileged user to upload a JSP shell and execute arbitrary co...

CVE-2024-12175

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary...

CVE-2024-11364

CVE-2024-11364 concerns Rockwell Automation Arena Simulation. The issue is a vulnerability in the parsing of DOE files where an uninitialized variable/memory can be accessed, enabling arbitrary code execution. Exploitation requires some form of user interaction (e.g., opening a malicious DOE file...

RockyLinux 8 : perl-App-cpanminus:1.7044 (RLSA-2024:10219)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10219 advisory. perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 Tenable has extracted the preceding description block...

Progress Telerik UI for WPF 2024.4.1213 (CVE-2024-10095)

The version of Progress Telerik UI for WPF installed on the remote host is prior to 2024.4.1213. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10095 advisory. - In Progress Telerik UI for WPF versions prior to 2024 Q4 2024.4.1213, a code execution attack is possible...

CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...

CVE-2024-21546

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...

CVE-2024-49775

A vulnerability has been identified in Opcenter Execution Foundation All versions V2501.0001, Opcenter Intelligence All versions V2501.0001, Opcenter Quality All versions V2512, Opcenter RDnL All versions V2410, SIMATIC PCS neo V4.0 All versions, SIMATIC PCS neo V4.1 All versions V4.1 Update 3,...

PT-2024-16023 · Telerik · Telerik Ui For Wpf

Name of the Vulnerable Software and Affected Versions: Telerik UI for WPF versions prior to 2024 Q4 2024.4.1213 Description: A code execution attack is possible through an insecure deserialization vulnerability. This issue affects Telerik UI for WPF and can be exploited, allowing for code...

Remote Code Execution (RCE)

org.apache.hive, hive-exec is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe deserialization of arbitrary data using the SerializationUtilitiesdeserializeObjectWithTypeInformation method, which allows attackers to execute arbitrary code if they are authenticated a...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-02451)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Siemens Solid Edge SSA-730188 Integer Underflow Vulnerability

The version of Siemens Solid Edge installed on the remote Windows host is prior to 224.00.10.04. It is, therefore, affected by integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the curre...

Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2025-16240)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...

Siemens Parasolid Out-of-Bounds Write Vulnerability (CNVD-2024-47906)

Siemens Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing and free-form surface/drawing modeling. An out-of-bounds write vulnerability exists in Siemens Parasolid, which can be exploited by an attacker to execute code in the...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVFileSvrArcMngr service. The issue results from the lack of proper...

CVE-2024-52831 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitatio...

CVE-2024-53001 Substance3D - Modeler | Out-of-bounds Write (CWE-787)

Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-52984 Animate | Integer Underflow (Wrap or Wraparound) (CWE-191)

Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-49551

CVE-2024-49551 affects Adobe Media Encoder versions 25.0 and 24.6.3 and earlier, with an out-of-bounds write that could allow arbitrary code execution in the user’s context. Exploitation requires the victim to open a malicious file (user interaction). Connected sources also reference related CVEs...

CVE-2024-49142 Microsoft Access Remote Code Execution Vulnerability

...