Total
5662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1001004 | 1 Typed Function Project | 1 Typed Function | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | |||||
| CVE-2017-7411 | 1 Enalean | 1 Tuleap | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). | |||||
| CVE-2017-6186 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. | |||||
| CVE-2024-12238 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-18 | N/A | 6.3 MEDIUM |
| The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2024-40673 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.5 MEDIUM |
| In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-48236 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file | |||||
| CVE-2024-48235 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2024-53303 | 2025-04-17 | N/A | 8.8 HIGH | ||
| A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2025-32583 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. This issue affects PDF 2 Post: from n/a through 2.4.0. | |||||
| CVE-2025-32596 | 2025-04-17 | N/A | 7.3 HIGH | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3. | |||||
| CVE-2021-22646 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 8.8 HIGH |
| The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | |||||
| CVE-2022-43486 | 1 Buffalo | 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more | 2025-04-17 | N/A | 6.8 MEDIUM |
| Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. | |||||
| CVE-2024-54804 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-54805 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. | |||||
| CVE-2024-54806 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. | |||||
| CVE-2024-54807 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. | |||||
| CVE-2024-11613 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-17 | N/A | 9.8 CRITICAL |
| The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. | |||||
| CVE-2024-55085 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 9.8 CRITICAL |
| GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | |||||
| CVE-2024-55505 | 1 Codeastro | 1 Complaint Management System | 2025-04-17 | N/A | 8.8 HIGH |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | |||||