Lucene search
K

139 matches found

Veracode
Veracode
added 2024/09/13 5:52 a.m.11 views

Code Injection

MindsDB is vulnerable to Code Injection. The vulnerability is due to the unsafe use of the eval function, which directly executes input Python code without proper validation. It allows an attackers to inject and execute arbitrary code via the 'SELECT WHERE' clause...

8.8CVSS7.7AI score0.02148EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/09/11 5:15 p.m.14 views

CVE-2024-44570

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php...

8.8CVSS0.00474EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 3:15 p.m.36 views

CVE-2024-43922

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

9.8CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 2024/07/01 1:15 p.m.18 views

CVE-2024-38992

airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

8.8CVSS0.00822EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/19 7:36 p.m.16 views

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

7AI score0.00202EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/03/15 6:30 p.m.10 views

RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php`

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

7.2CVSS7.7AI score0.00907EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/15 5:0 p.m.18 views

CVE-2024-2497 RaspAP raspap-webgui HTTP POST Request provider.php code injection

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...

5.8CVSS5.4AI score0.00907EPSS
Exploits1References3
OSV
OSV
added 2024/02/20 2:15 a.m.6 views

CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

7.8CVSS7.7AI score
Exploits0References3
CNVD
CNVD
added 2024/02/02 12:0 a.m.8 views

openBI Code Injection Vulnerability

openBI is a big data visualization solution from openBI. A code injection vulnerability exists in openBI 1.0.8 and earlier versions, which stems from a problem with the index function in the /application/index/controller/Screen.php file, which could lead to code injection. Currently there are no...

9.8CVSS7.5AI score0.00743EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.5 views

PT-2023-8206 · Openssh +11 · Openssh +11

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified OpenSSH versions prior to 9.6p1 libssh versions prior to 0.10.6 and 0.9.8 Description: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname...

9.3CVSS7.3AI score0.93305EPSS
Exploits7References112
CNVD
CNVD
added 2023/11/01 12:0 a.m.5 views

BaserCMS Code Injection Vulnerability

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A code injection vulnerability exists in baserCMS versions 4.6.0 through 4.7.6, which stems from the application's failure to properly filter special elements of constructed snippets. An attacker can exploit the...

9.8CVSS7AI score0.00573EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/28 12:0 a.m.11 views

CVE-2023-39010

BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file...

7.7AI score0.00747EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.4 views

PT-2023-25385 · Npm · @Backstage/Plugin-Scaffolder-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 1.15.0 Description: The Backstage scaffolder-backend plugin uses a templating library that requires a sandbox, allowing for code injection. A malicious actor with write access to a...

9.9CVSS9.8AI score0.01888EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/04/07 12:0 a.m.6 views

CVE-2023-27033

Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent...

9.7AI score0.00902EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.6 views

CVE-2022-44303

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...

6.5AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2022/10/25 5:15 p.m.9 views

PYSEC-2022-43177

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS9.8AI score0.03207EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2022/08/10 11:18 a.m.5 views

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...

6.8CVSS6.7AI score0.00794EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 2:37 a.m.13 views

phpMyAdmin Code Injection vulnerability

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.6AI score0.81373EPSS
Exploits8References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:31 a.m.6 views

MantisBT XSS via my_view_page.php and view_user_page.php

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

6.1CVSS5.9AI score0.01754EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/19 12:0 a.m.8 views

PT-2021-23581 · Unknown · 4Mosan Gcb Doctor

Name of the Vulnerable Software and Affected Versions: 4MOSAn GCB Doctor affected versions not specified Description: The issue is related to improper validation of Cookie on the login page, allowing an unauthenticated remote attacker to bypass authentication by code injection in the cookie. This...

10CVSS9.7AI score0.05628EPSS
Exploits0References5
Rows per page
Query Builder