Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35333 | 1 Microsoft | 1 Pandocupload | 2024-05-29 | N/A | 7.5 HIGH |
| MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | |||||
| CVE-2023-36789 | 1 Microsoft | 1 Skype For Business Server | 2024-05-29 | N/A | 7.2 HIGH |
| Skype for Business Remote Code Execution Vulnerability | |||||
| CVE-2023-36437 | 1 Microsoft | 1 Azure Pipelines Agent | 2024-05-29 | N/A | 8.8 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21569 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 5.5 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2023-21553 | 1 Microsoft | 1 Azure Devops Server | 2024-05-29 | N/A | 7.5 HIGH |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21378 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-5407 | 2024-05-28 | N/A | 10.0 CRITICAL | ||
| A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure. | |||||
| CVE-2024-0220 | 2024-05-27 | N/A | 8.3 HIGH | ||
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | |||||
| CVE-2024-4264 | 2024-05-20 | N/A | 9.8 CRITICAL | ||
| A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`. | |||||
| CVE-2023-23645 | 2024-05-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2. | |||||
| CVE-2024-32680 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. | |||||
| CVE-2024-33644 | 2024-05-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. | |||||
| CVE-2024-2497 | 2024-05-17 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1705 | 2024-05-17 | 5.1 MEDIUM | 5.6 MEDIUM | ||
| A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1117 | 1 Openbi | 1 Openbi | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. | |||||
| CVE-2024-0738 | 1 Garethhk | 1 Mldong | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability. | |||||
| CVE-2024-0196 | 1 Ssssssss | 1 Magic-api | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511. | |||||
| CVE-2024-0195 | 1 Ssssssss | 1 Spider-flow | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-7148 | 1 Shifuml | 1 Shifu | 2024-05-17 | 5.1 MEDIUM | 8.1 HIGH |
| A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151. | |||||
| CVE-2023-6899 | 1 Rmountjoy92 | 1 Dashmachine | 2024-05-17 | 4.7 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability. | |||||