Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21569 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 5.5 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2023-21553 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 7.5 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21378 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-5407 | 2024-05-28 | N/A | 10.0 CRITICAL | ||
| A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure. | |||||
| CVE-2024-0220 | 2024-05-27 | N/A | 8.3 HIGH | ||
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | |||||
| CVE-2024-4264 | 2024-05-20 | N/A | 9.8 CRITICAL | ||
| A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`. | |||||
| CVE-2024-32680 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. | |||||
| CVE-2024-33644 | 2024-05-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. | |||||
| CVE-2023-23645 | 2024-05-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. | |||||
| CVE-2024-2497 | 2024-05-17 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1705 | 2024-05-17 | 5.1 MEDIUM | 5.6 MEDIUM | ||
| A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1117 | 1 Openbi | 1 Openbi | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. | |||||
| CVE-2024-0738 | 1 Garethhk | 1 Mldong | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability. | |||||
| CVE-2024-0196 | 1 Ssssssss | 1 Magic-api | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511. | |||||
| CVE-2024-0195 | 1 Ssssssss | 1 Spider-flow | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7148 | 1 Shifuml | 1 Shifu | 2024-05-17 | 5.1 MEDIUM | 8.1 HIGH |
| A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. | |||||
| CVE-2023-6899 | 1 Rmountjoy92 | 1 Dashmachine | 2024-05-17 | 4.7 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability. | |||||
| CVE-2023-6886 | 1 Wang.market | 1 Wangmarket | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6851 | 1 Kodcloud | 1 Kodexplorer | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219. | |||||
| CVE-2023-6188 | 1 Get-simple | 1 Getsimplecms | 2024-05-17 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735. | |||||