CVE-2023-50564

An arbitrary file upload vulnerability in the component /inc/modulesinstall.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file...

Arbitrary file deletion

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file...

Cross site scripting

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL...

CVE-2023-48861

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll...

CVE-2023-48860

TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...

Design/Logic Flaw

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packetcapture.php file...

CVE-2023-42557

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code...

Foxit Reader Memory Misreference Vulnerability (CNVD-2023-96091)

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...

LSN-0099-1: Kernel Live Patch Security Notice

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service host NIC availability.CVE-2022-3643 It was discovered that the virtual terminal driver in th...

CVE-2023-49046

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule...

CVE-2023-49028

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file...

CVE-2023-49029

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file...

Buffer overflow

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mzpathresolve function in the mzos.c file...

Ubuntu: Security Advisory (USN-6497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-38823

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd...

CVE-2023-38823

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd...

Adobe Media Encoder Out-of-Bounds Write Vulnerability (CNVD-2023-88662)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A security vulnerability exists in Adobe Media Encoder version 24.0.2 and earlier and version 23.6 and earlier, which can be exploited by an attacker to execute arbitrary code in the context of...

Rockwell Automation Stratix DTLS Invalid Fragment (CVE-2014-0195)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. This plugin only works with...

Ubuntu: Security Advisory (USN-6474-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-43578

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...