2840 matches found
CVE-2022-2323
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions...
CVE-2022-40806
The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
CVE-2022-48116
AyaCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the component /admin/tpledit.inc.php...
CVE-2022-47053
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2022-46610
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-48093
Seacms v12.7 was discovered to contain a remote code execution RCE vulnerability via the ip parameter at admin ip.php...
CVE-2022-4060
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...
CVE-2022-44262
ff4j 1.8.1 is vulnerable to Remote Code Execution RCE...
CVE-2022-44089
ESPCMS P8.21120101 was discovered to contain a remote code execution RCE vulnerability in the component ISGETCACHE...
CVE-2022-43061
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-34873
CVE-2023-34873 affects MOBOTIX P3 cameras (before MX-V4.7.2.18) and Mx6 cameras (before MX-V5.2.0.61). The tcpdump feature fails to properly validate input, allowing an authenticated user to execute code due to improper Neutralization of Expression/Command Delimiters (CWE-146). Impact as describe...
CVE-2022-42470
A relative path traversal vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...
CVE-2022-43050
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component updateprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-42040
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...
CVE-2022-41539
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/usersadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-34279
A vulnerability has been identified in PADS Standard/Plus Viewer All versions. The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2022-34120
Barangay Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via the module editing function at /pages/activity/activity.php...
CVE-2022-34056
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...
CVE-2022-33881
Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...