SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

EUVD-2023-49891

Malicious code in bioql PyPI...

EUVD-2024-37324

Malicious code in bioql PyPI...

CVE-2024-38432 Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File...

CVE-2024-38432

Matrix Tafnit v8 is identified as the affected product for CVE-2024-38432, with the root cause described as CWE-646: Reliance on the file name or extension of externally-supplied files. The NVD entry assigns a high overall impact (CVSSv3.1: 9.8 CRITICAL) with network attack vector, no user intera...

CVE-2024-38432 Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File...

CVE-2023-45599

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45599

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45599

Summary: CVE-2023-45599 affects AiLux imx6 bundle prior to version imx6_1.0.7-2. The issue is a CWE-646 flaw in the web application’s “iec61850” functionality that allows a remote authenticated attacker to upload arbitrary file types. Affected product/versions: AiLux imx6 bundle before imx6_1.0.7...

Transposh WordPress Translation 1.0.8.1 Remote Code Execution

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...

WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...