CVE-2024-27743

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the addinvoices.php component...

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

CVE-2024-22544

An issue was discovered in Linksys Router E1700 version 1.0.04 build 3, allows authenticated attackers to execute arbitrary code via the setDateTime function...

CVE-2024-22891

Nteract v.0.28.0 was discovered to contain a remote code execution RCE vulnerability via the Markdown link...

CVE-2024-32163

CMSeasy 7.7.7.9 is vulnerable to code execution...

CVE-2024-25290

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function...

CVE-2024-42599

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although adminfiles.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute...

CVE-2024-40400

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2024-48662

Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 4778 and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component...

CVE-2024-50563

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker ...

CVE-2024-48890

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook...

CVE-2024-33442

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the addpost.php component...

CVE-2024-51364

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file...

CVE-2024-43202

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue...

CVE-2024-51181

A Reflected Cross Site Scripting XSS vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via " searchifsccode" parameter...

CVE-2023-39542

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerabilit...

CVE-2023-51928

An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction method of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-41842

A use of externally-controlled format string vulnerability CWE-134 vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments...

CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modulesinstall.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file...

CVE-2023-44087

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0009, Tecnomatix Plant Simulation V2302 All versions V2302.0003. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. Th...