CVE-2023-31505

An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file...

CVE-2024-22894

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file...

CVE-2024-23738

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...

CVE-2024-22860

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxlanimreadpacket component in the JPEG XL Animation decoder...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

USN-6601-1: Linux kernel vulnerability

It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

CVE-2023-51887

Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL...

CVE-2023-51885

Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component...

CVE-2023-51210

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the idproduct parameters in the UpdateProductQuantity function...

CVE-2023-48118

SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page...

CVE-2023-51924

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-51924

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-51924

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-6044

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges...

Privilege escalation

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges...

Privilege escalation

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges...

CVE-2023-6044

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges...

The vulnerability of the C-language streaming video game Moonlight-common-c library, related to buffer overflow in the stack, allows for a service failure or the execution of arbitrary code.

The vulnerability of the C-language streaming video game Moonlight-common-c library is related to buffer overflow in the stack. Exploiting this vulnerability can allow a remote attacker to cause service failures or execute arbitrary code...