Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | |||||
| CVE-2022-36756 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-29078 | 1 Ejs | 1 Ejs | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | |||||
| CVE-2022-37053 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-25498 | 1 Cuppacms | 1 Cuppacms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | |||||
| CVE-2022-38078 | 1 Sixapart | 1 Movable Type | 2023-08-08 | N/A | 9.8 CRITICAL |
| Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | |||||
| CVE-2022-40871 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-08-08 | N/A | 9.8 CRITICAL |
| Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. | |||||
| CVE-2022-24295 | 1 Okta | 1 Advanced Server Access Client For Windows | 2023-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | |||||
| CVE-2021-46362 | 1 Magnolia-cms | 1 Magnolia Cms | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | |||||
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2023-08-08 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | |||||
| CVE-2022-35847 | 1 Fortinet | 1 Fortisoar | 2023-08-08 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2021-37079 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | |||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2023-08-08 | N/A | 9.8 CRITICAL |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2023-08-08 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2023-3401 | 1 Gitlab | 1 Gitlab | 2023-08-04 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. | |||||
| CVE-2023-34842 | 1 Dedecms | 1 Dedecms | 2023-08-04 | N/A | 9.8 CRITICAL |
| Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | |||||
| CVE-2023-3519 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2023-08-04 | N/A | 9.8 CRITICAL |
| Unauthenticated remote code execution | |||||
| CVE-2023-36542 | 1 Apache | 1 Nifi | 2023-08-03 | N/A | 8.8 HIGH |
| Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. | |||||
| CVE-2023-39013 | 1 Larsga | 1 Duke | 2023-08-03 | N/A | 9.8 CRITICAL |
| Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | |||||
| CVE-2023-39015 | 1 Code4craft | 1 Webmagic | 2023-08-03 | N/A | 9.8 CRITICAL |
| webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | |||||