CVE-2024-9348

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...

CVE-2024-9348 Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view...

CVE-2024-9348

Docker Desktop is affected by CVE-2024-9348 on versions prior to 4.34.3. The issue is a remote code execution (RCE) vulnerability caused by unsanitized GitHub source links in the Build view, allowing an attacker to execute arbitrary code. Public sources across Nessus plug‑ins, CVELIST, CNNVD, and...

CVE-2024-47649 WordPress Iconize plugin <= 1.2.4 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects Iconize: from n/a through = 1.2.4...

CVE-2024-48027 WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through = 1.0.2...

CVE-2024-48042 WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28...

CVE-2024-48042 WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through = 1.7.28...

Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus

ADSelfService-Plus-RCE-CVE-2021-40539 ADSelfService Plus RCE...

CVE-2023-32188

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Connectwise Screenconnect

Mass-CVE-2024-1709 Original: https://github.com/W01fh4cker/S...

Fedora 39 : valkey (2024-83e96146cf)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-83e96146cf advisory. update to 8.0.1 fixes CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service d...

Fedora: Security Advisory (FEDORA-2024-8a9a692906)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-46213

REDAXO CMS v2.11.0 was discovered to contain a remote code execution RCE vulnerability...

Exploit for CVE-2023-25581

This Python script demonstrates the exploitation of the CVE-2023...

BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)

This module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI: 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. 2. CVE-2024-45257: Authenticated command injection in the payload generation page...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Exploit Overview This...

CVE-2023-31493

RCE Remote Code Execution exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote system...

CVE-2023-50780

A flaw was found in Apache ActiveMQ Artemis. Affected versions of this package allow access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. This also included the Log4J2 MBean. This MBean is not meant for exposure to...

Remote Desktop Client RCE Vulnerability (Oct 2024) - Windows

Remote Desktop Client is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-443J-GRXV-2PGV Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...