Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34448 | 1 Getgrav | 1 Grav | 2023-06-22 | N/A | 7.2 HIGH |
| Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`. | |||||
| CVE-2023-1049 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2023-06-22 | N/A | 7.8 HIGH |
| A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI. | |||||
| CVE-2023-3224 | 1 Nuxt | 1 Nuxt | 2023-06-20 | N/A | 9.8 CRITICAL |
| Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | |||||
| CVE-2023-0297 | 1 Pyload | 1 Pyload | 2023-06-15 | N/A | 9.8 CRITICAL |
| Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | |||||
| CVE-2023-32540 | 1 Advantech | 1 Webaccess\/scada | 2023-06-12 | N/A | 9.8 CRITICAL |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | |||||
| CVE-2023-27986 | 1 Gnu | 1 Emacs | 2023-06-09 | N/A | 7.8 HIGH |
| emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. | |||||
| CVE-2022-35743 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2023-06-07 | N/A | 7.8 HIGH |
| Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | |||||
| CVE-2023-25539 | 2 Dell, Linux | 2 Networker, Linux Kernel | 2023-06-07 | N/A | 9.8 CRITICAL |
| Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2023-32692 | 1 Codeigniter | 1 Codeigniter | 2023-06-06 | N/A | 9.8 CRITICAL |
| CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5. | |||||
| CVE-2023-2943 | 1 Open-emr | 1 Openemr | 2023-06-01 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository openemr/openemr prior to 7.0.1. | |||||
| CVE-2023-30145 | 1 Tuzitio | 1 Camaleon Cms | 2023-06-01 | N/A | 9.8 CRITICAL |
| Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. | |||||
| CVE-2023-32697 | 1 Sqlite Jdbc Project | 1 Sqlite Jdbc | 2023-05-31 | N/A | 9.8 CRITICAL |
| SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. | |||||
| CVE-2023-25953 | 1 Worksmobile | 1 Drive Explorer | 2023-05-30 | N/A | 9.8 CRITICAL |
| Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | |||||
| CVE-2023-2859 | 1 Teampass | 1 Teampass | 2023-05-30 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | |||||
| CVE-2023-30130 | 1 Craftcms | 1 Craft Cms | 2023-05-22 | N/A | 8.8 HIGH |
| An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | |||||
| CVE-2019-19089 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. | |||||
| CVE-2023-2583 | 1 Jsreport | 1 Jsreport | 2023-05-12 | N/A | 10.0 CRITICAL |
| Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | |||||
| CVE-2022-43769 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2023-05-11 | N/A | 7.2 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | |||||
| CVE-2023-31414 | 1 Elastic | 1 Kibana | 2023-05-11 | N/A | 8.8 HIGH |
| Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | |||||
| CVE-2023-31415 | 1 Elastic | 1 Kibana | 2023-05-11 | N/A | 8.8 HIGH |
| Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | |||||