Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27438 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2022-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2021-24537 | 1 Shareaholic | 1 Similar Posts | 2022-07-28 | 6.0 MEDIUM | 7.2 HIGH |
| The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin. | |||||
| CVE-2022-25759 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2022-07-25 | N/A | 9.8 CRITICAL |
| The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. | |||||
| CVE-2022-32417 | 1 Pbootcms | 1 Pbootcms | 2022-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | |||||
| CVE-2015-3173 | 1 Custom Content Type Manager Project | 1 Custom Content Type Manager | 2022-07-14 | 6.5 MEDIUM | 7.2 HIGH |
| custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. | |||||
| CVE-2021-46063 | 1 Mingsoft | 1 Mcms | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | |||||
| CVE-2021-43097 | 1 Diyhi | 1 Bbs | 2022-07-12 | 6.5 MEDIUM | 7.2 HIGH |
| A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code. | |||||
| CVE-2021-39383 | 1 Diaowen | 1 Dwsurvey | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | |||||
| CVE-2021-39114 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |||||
| CVE-2021-45806 | 1 Jpress | 1 Jpress | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code. | |||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 7.5 HIGH | 10.0 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | |||||
| CVE-2021-43269 | 1 Code42 | 1 Code42 | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. (Incydr Professional and Enterprise are unaffected.) | |||||
| CVE-2020-28905 | 1 Nagios | 1 Fusion | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. | |||||
| CVE-2021-40084 | 1 Artixlinux | 1 Opensysusers | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that. | |||||
| CVE-2021-27230 | 1 Expressionengine | 1 Expressionengine | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save() to write to an _lang.php file under the system/user/language directory. | |||||
| CVE-2020-8644 | 1 Playsms | 1 Playsms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | |||||
| CVE-2020-20601 | 1 Thinkcmf | 1 Thinkcmf | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2022-2073 | 1 Getgrav | 1 Grav | 2022-07-08 | 6.5 MEDIUM | 7.2 HIGH |
| Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | |||||
| CVE-2017-20099 | 1 Analytics Stats Counter Statistics Project | 1 Analytics Stats Counter Statistics | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. | |||||
| CVE-2021-32756 | 1 Manageiq | 1 Manageiq | 2022-07-02 | 9.0 HIGH | 8.8 HIGH |
| ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to execute arbitrary code with root privileges on the host system. There are patches for this issue in releases named jansa-4, kasparov-2, and lasker-1. If possible, restrict users, via RBAC, to only the part of the application that they need access to. While MiqExpression is widely used throughout the product, restricting users can limit the surface of the attack. | |||||