11235 matches found
Default credentials
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...
CVE-2022-4395
The CVE-2022-4395 entry describes a vulnerability in the WordPress plugin “Membership For WooCommerce” prior to version 2.1.7 where uploaded files are not validated, allowing unauthenticated users to upload arbitrary files (e.g., PHP), enabling remote code execution. Affected software: Membership...
CVE-2022-4395 Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE...
Exploit for Use After Free in Adobe Acrobat_Dc
CVE-2023-21608 !Twitter Followhttps://img.shields.io/twit...
CVE-2022-25967
The CVE-2022-25967 issue affects the ETA npm package prior to 2.0.0. An RCE vulnerability arises by overwriting template engine configuration variables with view options received from the Express render API, exploitable only when rendering templates with user-supplied data. Remediation: upgrade E...
CVE-2022-48175
CVE-2022-48175 affects Rukovoditel v3.2.1. The vulnerability is described as a remote code execution (RCE) in the web path /rukovoditel/index.php?module=dashboard/ajax_request. The initial description provides the existence of an RCE but does not detail the root cause, affected subcomponents beyo...
CVE-2022-48116
AyaCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the component /admin/tpledit.inc.php...
Rocky Linux 9 : php (RLSA-2022:8197)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8197 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the...
CVE-2022-48116
AyaCMS v3.1.2 is affected by a remote code execution (RCE) vulnerability in the /admin/tpl_edit.inc.php component. The issue is confirmed across multiple sources (NVD, Red Hat, CNNVD, CVE list, etc.). The CVE-entry describes an RCE with high impact (C/H/I/A) and network attack vector, without use...
Remote Code Execution in com.bstek.uflo:uflo-core
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...
GHSA-9W5J-4MWV-2WJ8 Remote code execution in simple-git
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
Input validation
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security update
An update is now available for Migration Toolkit for Runtimes v1.0.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2022-25894
CVE-2022-25894 affects com.bstek.uflo:uflo-core. The vulnerability is an RCE in ExpressionContextImpl via jexl.createExpression(expression).evaluate(context) caused by improper user input validation. Affected versions are not clearly bounded in the provided documents; remediation/version fix info...
Update vRealize now! VMware patches critical RCE vulnerabilities
VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities reported privately by the Zero Day Initiative ZDI. Two of these vulnerabilities are rated as critical. The issues have been fixed on vRealize Log Insight 8.10.2, so users should upgrade to the latest...
Remote Code Execution(RCE)
firefox is vulnerable to Remote Code ExecutionRCE. Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser which allows an attacker to...
CVE-2022-25860
The CVE-2022-25860 entry concerns the simple-git package. Versions before 3.16.0 are vulnerable to Remote Code Execution via clone(), pull(), push(), and listRemote() due to improper input sanitization, tied to an incomplete fix of CVE-2022-25912. CERT/OSV/NVD/IBM/Red Hat references confirm the i...
CVE-2022-25860
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...
Exploit for Improper Input Validation in Zohocorp Manageengine_Access_Manager_Plus
CVE-2022-47966 ManageEngine RCE 2022 This repo is part of t...
CVE-2023-21775 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
...