CVE-2024-39236

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/componentmeta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself...

CVE-2024-32358

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...

CVE-2023-27869

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could...

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

CVE-2023-41033

A vulnerability has been identified in Parasolid V35.0 All versions V35.0.260, Parasolid V35.1 All versions V35.1.246, Parasolid V36.0 All versions V36.0.156, Simcenter Femap V2301 All versions V2301.0003, Simcenter Femap V2306 All versions V2306.0001. The affected application contains an out of...

CVE-2023-43661

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch...

CVE-2023-48784

A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...

CVE-2023-42566

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2023-42558

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution...

CVE-2023-41032

A vulnerability has been identified in Parasolid V34.1 All versions V34.1.258, Parasolid V35.0 All versions V35.0.253, Parasolid V35.1 All versions V35.1.184, Parasolid V36.0 All versions V36.0.142, Simcenter Femap V2301 All versions V2301.0003, Simcenter Femap V2306 All versions V2306.0001. The...

CVE-2023-39013

Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init...

CVE-2023-37473

zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing callable strings ie system caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit...

CVE-2023-36550

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters...

CVE-2023-35839

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload...

CVE-2023-32637

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server...

CVE-2023-29742

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database...

CVE-2023-27574

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...

CVE-2023-24561

A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2023 All versions V223.0Update2. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execut...

CVE-2023-32273

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201...

CVE-2023-24990

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...