CVE-2023-32305

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...

CVE-2022-47129

PHPOK v6.3 was discovered to contain a remote code execution RCE vulnerability...

Siemens Siveillance Video Code Execution Vulnerability (CNVD-2023-35775)

Siveillance Video formerly known as Siveillance VMS is an IP video management software designed for deployments ranging from small and simple to large and highly secure. A code execution vulnerability exists in Siemens Siveillance Video due to the event server component of the affected applicatio...

Siemens Siveillance Video Code Execution Vulnerability

Siveillance Video formerly known as Siveillance VMS is an IP video management software designed for deployments ranging from small and simple to large and highly secure. A code execution vulnerability exists in Siemens Siveillance Video due to the event server component of the affected applicatio...

CVE-2023-29460 Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of...

CVE-2023-30899

A vulnerability has been identified in Siveillance Video 2020 R2 All versions V20.2 HotfixRev14, Siveillance Video 2020 R3 All versions V20.3 HotfixRev12, Siveillance Video 2021 R1 All versions V21.1 HotfixRev12, Siveillance Video 2021 R2 All versions V21.2 HotfixRev8, Siveillance Video 2022 R1 A...

CVE-2023-30790

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and firstname and lastname parameter...

PT-2023-2483 · Inea · Inea Me Rtu

Name of the Vulnerable Software and Affected Versions: INEA ME RTU versions prior to 3.36 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This could allow a remote attacker to execute arbitrary code. The estimated numb...

CVE-2023-29625

Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server...

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability (CNVD-2023-35221)

Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft.Microsoft PCL6 Class Printer Driver is a printer driver from Microsoft. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft. A remote code execution...

CVE-2023-21727 Remote Procedure Call Runtime Remote Code Execution Vulnerability

...

PT-2023-6475 · Adobe · Acrobat Document Cloud +3

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 23.001.20093 and earlier Adobe Acrobat Reader versions 20.005.30441 and earlier Adobe Acrobat 2020 Adobe Acrobat Reader 2020 Adobe Acrobat Document Cloud Adobe Acrobat Reader Document Cloud Description: The issue...

PT-2023-2949 · Schneider Electric · Easergy Builder Installer

Name of the Vulnerable Software and Affected Versions: Easergy Builder Installer versions 1.7.23 and prior Description: The issue is related to an uncontrolled search path element in the installer, which could allow an attacker with a local privileged account to execute arbitrary code during the...

CVE-2023-27178

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file...

CVE-2023-26817

codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution RCE vulnerability via the component /controllers/api/user.php...

CVE-2023-26857

An arbitrary file upload vulnerability in /admin/ajax.php?action=saveuploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

PT-2023-2233 · Hitachi Vantara · Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in input data processing during code syntax analysis. Exploitation of this issue may allow a...

PT-2023-2236 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in permission assignment for files, which can allow a remote attacker to execute arbitrary...

CVE-2022-43646

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP...

CVE-2022-37357

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...