4202 matches found
CVE-2022-48093
Seacms v12.7 was discovered to contain a remote code execution RCE vulnerability via the ip parameter at admin ip.php...
CVE-2022-4060
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...
CVE-2022-44262
ff4j 1.8.1 is vulnerable to Remote Code Execution RCE...
CVE-2022-44089
ESPCMS P8.21120101 was discovered to contain a remote code execution RCE vulnerability in the component ISGETCACHE...
CVE-2022-43061
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-34873
CVE-2023-34873 affects MOBOTIX P3 cameras (before MX-V4.7.2.18) and Mx6 cameras (before MX-V5.2.0.61). The tcpdump feature fails to properly validate input, allowing an authenticated user to execute code due to improper Neutralization of Expression/Command Delimiters (CWE-146). Impact as describe...
CVE-2022-42470
A relative path traversal vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe...
CVE-2022-43050
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component updateprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-42040
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0...
CVE-2022-41539
Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/usersadd.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-34279
A vulnerability has been identified in PADS Standard/Plus Viewer All versions. The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current...
CVE-2022-34120
Barangay Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via the module editing function at /pages/activity/activity.php...
CVE-2022-34056
The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...
CVE-2022-33881
Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...
CVE-2022-34531
DedeCMS v5.7.95 was discovered to contain a remote code execution RCE vulnerability via the component mytag main.php...
CVE-2022-32997
The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...
CVE-2022-32417
PbootCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the function parserIfLabel at function.php...
CVE-2022-31849
MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution RCE vulnerability which is exploitable via a crafted POST request...
CVE-2022-31311
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request...