CVE-2024-43525

CVE-2024-43525 refers to a Windows Mobile Broadband Driver Remote Code Execution vulnerability. The CVE entry lists a CVSS v3.1 base score of 6.8 (Medium) with an attack vector of Physical, requiring no privileges and no user interaction, and impacting confidentiality, integrity, and availability...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.2

Red Hat OpenShift Service Mesh Containers for 2.6.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40812)

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code on the system...

Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40811)

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code on the system...

Foxit PDF Reader Code Execution Vulnerability (CNVD-2024-40813)

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

U.S. Dept Of Defense: CVE-2020-7961 RCE Liferay Portal Unauthenticated via https://████████/

CVE-2020-7961 was a remote code execution vulnerability in Liferay Portal. The vulnerability was exploited through the "/api/jsonws/invoke" endpoint, which allowed unauthenticated users to execute arbitrary commands on the server...

CVE-2024-8316 Progress UI for WPF format provider unsafe deserialization vulnerability

In Progress Telerik UI for WPF versions prior to 2024 Q3 2024.3.924, a code execution attack is possible through an insecure deserialization vulnerability...

CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

Google Chrome Code Execution Vulnerability (CNVD-2024-39741)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 123.0.6312.58, which can be exploited by remote attackers to execute arbitrary code on a system...

Command Execution Vulnerability in the Management Server of itC Center of Guangdong Paulan Electronics Company Limited (CNVD-2024-41827)

Ltd. is a high-tech enterprise integrating R&D, design, production, sales and service of audio-visual system overall solution products. There is a command execution vulnerability in the itC center management server of Guangdong Paulan Electronics Co., Ltd. that can be exploited by an attacker to...

Command Execution Vulnerability in FW Next Generation Firewall of Shanghai Bingfeng Computer Network Technology Co.

Shanghai Bingfeng Computer Network Technology Co., Ltd. specializes in the research and development and sales of VPN, firewall, Internet behavior management and other network security products, and is committed to providing China's network communication operators and enterprises and institutions...

Command Execution Vulnerability in anysec 2nd Generation Firewall System of Shenzhen Zhongke Netway Technology Co. Ltd (CNVD-2024-41199)

Ltd. is a high-tech enterprise focusing on the research, development and production of network security products. Shenzhen Zhongke Networthy Technology Co., Ltd. anysec second-generation firewall system has a command execution vulnerability that can be exploited by an attacker to gain control of...

Command Execution Vulnerability in anysec 2nd Generation Firewall System of Shenzhen Zhongke Netway Technology Co. Ltd (CNVD-2024-41198)

Ltd. is a high-tech enterprise focusing on the research, development and production of network security products. Shenzhen Zhongke Networthy Technology Co., Ltd. anysec second-generation firewall system has a command execution vulnerability that can be exploited by an attacker to gain control of...

Code execution vulnerability in multiple Mozilla products (CNVD-2024-40514)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

CVE-2024-38119 Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

...

EUVD-2024-37058

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability...

AZL-49088 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-4

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...