CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminweixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-3856

A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox 125...

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...

CVE-2024-27743

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the addinvoices.php component...

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

CVE-2024-24807

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones...

CVE-2024-22544

An issue was discovered in Linksys Router E1700 version 1.0.04 build 3, allows authenticated attackers to execute arbitrary code via the setDateTime function...

CVE-2024-22891

Nteract v.0.28.0 was discovered to contain a remote code execution RCE vulnerability via the Markdown link...

CVE-2024-32163

CMSeasy 7.7.7.9 is vulnerable to code execution...

CVE-2024-25290

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function...

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

CVE-2024-42599

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although adminfiles.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute...

CVE-2024-55633

Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and...

CVE-2024-40400

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2024-42636

DedeCMS V5.7.115 has a command execution vulnerability via filemanageview.php?fmdo=newfile...

CVE-2024-48662

Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 4778 and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component...

CVE-2024-50563

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker ...

CVE-2024-48890

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook...