Total
5657 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6188 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735. | |||||
| CVE-2023-6131 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||||
| CVE-2023-6126 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.8 CRITICAL |
| Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||||
| CVE-2023-6125 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||||
| CVE-2023-6051 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.7 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag. | |||||
| CVE-2023-6016 | 1 H2o | 1 H2o | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | |||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-21 | N/A | 5.4 MEDIUM |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-5762 | 1 Filr Project | 1 Filr | 2024-11-21 | N/A | 8.8 HIGH |
| The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | |||||
| CVE-2023-5623 | 1 Tenable | 1 Nessus Network Monitor | 2024-11-21 | N/A | 7.0 HIGH |
| NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | |||||
| CVE-2023-5604 | 1 Asgaros | 1 Asgaros Forum | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution. | |||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | |||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
| A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | N/A | 4.7 MEDIUM |
| A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | |||||
| CVE-2023-5512 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI. | |||||
| CVE-2023-5500 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. | |||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | |||||
| CVE-2023-5221 | 1 Foru Cms Project | 1 Foru Cms | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-51420 | 1 Soft8soft | 1 Verge3d | 2024-11-21 | N/A | 9.1 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | |||||
| CVE-2023-51387 | 1 Apache | 1 Hertzbeat | 2024-11-21 | N/A | 7.2 HIGH |
| Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a crafted alert expression to execute any command on hertzbeat server. A malicious user who has access to alert define function can execute any command in hertzbeat instance. This issue is fixed in version 1.4.1. | |||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | |||||