CVE-2023-41638

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file...

Google Chrome MediaStream Memory Misreference Vulnerability (CNVD-2023-69036)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome MediaStream. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to crash...

CVE-2023-40827

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...

FreeImage FreeImage_Load function buffer overflow vulnerability

FreeImage is a cross-platform open source library for supporting popular graphic image formats. A buffer overflow vulnerability exists in the FreeImage FreeImageLoad function. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service...

CVE-2023-39984

UNSUPPORTED WHEN ASSIGNED Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW KeypadDesigner allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to...

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

Security Bulletin: Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Linux kernel, libssh, and Java. Vulnerabilities include denial of service, elevated privileges, crashes, execute arbitrary code on the system, obtaining sensitive kernel information, network attacks, bypassing authentication,...

CVE-2023-39094

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function...

Sql injection

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticketid parameter at ticketdetail.php...

Security Bulletin: Vulnerability in IBM JDK (CVE-2022-40609 ) affects Power HMC

Summary IBM SDK, Java Technology is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the...

CVE-2023-31946

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php...

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...

CVE-2023-38863

CVE-2023-38863 affects COMFAST CF-XR11 firmware v2.7.2. The vulnerability is a code execution path in bin/webmgnt, exploitable via ifname and mac parameters in the sub_410074 function. Connected documents confirm the affected product and vulnerability details; cited remediation guidance is limite...

Ubuntu: Security Advisory (USN-6283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-JP5R-4X9Q-4VCF xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

CVE-2020-24922

Cross Site Request Forgery CSRF vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file...

Buffer overflow

Buffer Overflow vulnerability in jfifdecode function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN...

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...