Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41544 | 1 Jeecg | 1 Jeecg Boot | 2024-01-05 | N/A | 9.8 CRITICAL |
| SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. | |||||
| CVE-2023-51420 | 1 Soft8soft | 1 Verge3d | 2024-01-05 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | |||||
| CVE-2023-46987 | 1 Seacms | 1 Seacms | 2024-01-05 | N/A | 8.8 HIGH |
| SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | |||||
| CVE-2023-49830 | 1 Brainstormforce | 1 Astra | 2024-01-05 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1. | |||||
| CVE-2023-45751 | 1 Posimyth | 1 Nexter Extension | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3. | |||||
| CVE-2023-46623 | 1 Wpvnteam | 1 Wp Extra | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. | |||||
| CVE-2023-47840 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. | |||||
| CVE-2023-22677 | 1 Binarystash | 1 Wp Booklet | 2024-01-04 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8. | |||||
| CVE-2023-25054 | 1 Carrcommunications | 1 Rsvpmaker | 2024-01-04 | N/A | 9.8 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6. | |||||
| CVE-2023-40606 | 1 Kanbanwp | 1 Kanban Boards For Wordpress | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | |||||
| CVE-2023-49000 | 1 Artistscope | 1 Artisbrowser | 2024-01-04 | N/A | 9.8 CRITICAL |
| An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an attacker to bypass intended access restrictions via interaction with the com.artis.browser.IntentReceiverActivity component. | |||||
| CVE-2023-49001 | 1 Indibrowser | 1 Indi Browser | 2024-01-04 | N/A | 9.8 CRITICAL |
| An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. | |||||
| CVE-2023-43481 | 1 Tcl | 1 Browser Tv Web - Browsehere | 2024-01-04 | N/A | 9.8 CRITICAL |
| An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browser) 6.65.022_dab24cc6_231221_gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component. | |||||
| CVE-2023-51387 | 1 Dromara | 1 Hertzbeat | 2024-01-03 | N/A | 8.8 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. | |||||
| CVE-2023-6051 | 1 Gitlab | 1 Gitlab | 2024-01-02 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. | |||||
| CVE-2023-49070 | 1 Apache | 1 Ofbiz | 2023-12-29 | N/A | 9.8 CRITICAL |
| Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | |||||
| CVE-2021-3583 | 1 Redhat | 3 Ansible Automation Platform, Ansible Engine, Ansible Tower | 2023-12-28 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2023-6691 | 1 Cambiumnetworks | 2 Epmp Force 300-25, Epmp Force 300-25 Firmware | 2023-12-28 | N/A | 7.8 HIGH |
| Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | |||||
| CVE-2021-43221 | 1 Microsoft | 1 Edge Chromium | 2023-12-28 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-43208 | 1 Microsoft | 1 3d Viewer | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||