Export limit exceeded: 17480 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10098 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10098 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4943 | 1 Impresspages | 1 Impresspages Cms | 2024-11-21 | 9.8 Critical |
| ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13) | ||||
| CVE-2011-1597 | 1 Openvas | 1 Openvas Manager | 2024-11-21 | 8.8 High |
| OpenVAS Manager v2.0.3 allows plugin remote code execution. | ||||
| CVE-2011-1517 | 1 Sap | 1 Netweaver | 2024-11-21 | 9.8 Critical |
| SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. | ||||
| CVE-2009-1120 | 1 Dell | 1 Emc Replistor | 2024-11-21 | 9.8 Critical |
| EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker. | ||||
| CVE-2024-52308 | 1 Github | 1 Cli | 2024-11-20 | 8 High |
| The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is used in [executing `ssh` commands]( https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L2... https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L263 ) for `gh codespace ssh` or `gh codespace logs` commands. This exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects `ssh` arguments within the SSH connection details. `gh codespace ssh` and `gh codespace logs` commands could execute arbitrary code on the user's workstation if the remote username contains something like `-oProxyCommand="echo hacked" #`. The `-oProxyCommand` flag causes `ssh` to execute the provided command while `#` shell comment causes any other `ssh` arguments to be ignored. In `2.62.0`, the remote username information is being validated before being used. | ||||
| CVE-2024-52291 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | 8.5 High |
| Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5. | ||||
| CVE-2024-52293 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | 7.2 High |
| Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. | ||||
| CVE-2021-3838 | 2 Dompdf, Dompdf Project | 2 Dompdf, Dompdf | 2024-11-19 | 9.8 Critical |
| DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code. | ||||
| CVE-2024-52306 | 2 Backpackforlaravel, Laravel-backpack | 2 Filemanager, File Manager | 2024-11-19 | 7.7 High |
| FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9. | ||||
| CVE-2024-50329 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 8.8 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2024-50324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-19 | 7.2 High |
| SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2015-20111 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 9.8 Critical |
| miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. | ||||
| CVE-2022-20649 | 1 Cisco | 1 Redundancy Configuration Manager | 2024-11-18 | 8.1 High |
| A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-21534 | 2 Jsonpath-plus, Redhat | 3 Jsonpath, Openshift Devspaces, Rhdh | 2024-11-18 | 9.8 Critical |
| All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226). | ||||
| CVE-2024-52302 | 2024-11-15 | N/A | ||
| common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE). | ||||
| CVE-2024-5982 | 1 Gaizhenbiao | 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt | 2024-11-14 | 9.1 Critical |
| A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join. | ||||
| CVE-2024-52004 | 1 Mediacms | 1 Mediacms | 2024-11-12 | N/A |
| MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability. | ||||