CVE-2023-38843

An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2023-33787

A stored cross-site scripting XSS vulnerability in the Create Tenant Groups /tenancy/tenant-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-32621

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege...

CVE-2023-3078

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client UDC that could allow an attacker with local access to execute code with elevated privileges...

CVE-2023-30015

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in reviewsearch.php...

CVE-2023-41005

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

CVE-2023-27757

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file...

CVE-2023-30554

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the sqlapi/apiworkflow.py endpoint ExecuteCheck which passes unfiltered...

CVE-2023-23596

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...

CVE-2023-33114

Memory corruption while running NPU, when NETWORKUNLOAD and NETWORKUNLOAD or NETWORKEXECUTEV2 commands are submitted at the same time...

CVE-2023-43576

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-33472

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function...

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

CVE-2023-20205

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

CVE-2022-36564

Incorrect access control in the install directory C:\Strawberry of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

CVE-2022-46361

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70AAHH.3 and the GS1900-8HP firmware version V2.70AAHI.3 could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH...

CVE-2022-20962

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2022-20926

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...