ReportizFlow
Filtered by vendor
Subscriptions
Total
4018 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30990 | 1 Ibm | 1 I | 2024-11-25 | 8.6 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036. | ||||
| CVE-2024-6507 | 1 Deeplake | 1 Deeplake | 2024-11-25 | 8.1 High |
| Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API | ||||
| CVE-2024-5565 | 1 Vanna-ai | 1 Vanna | 2024-11-25 | 8.1 High |
| The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with "visualize" set to True (default behavior) leads to remote code execution. | ||||
| CVE-2024-5651 | 1 Redhat | 1 Workload Availability Fence Agents Remediation | 2024-11-24 | 8.8 High |
| A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges. | ||||
| CVE-2024-11050 | 1 Amttgroup | 2 Hotel Broadband Operating System, Hotel Broadband Operation System | 2024-11-23 | 3.5 Low |
| A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11070 | 2 Publiccms, Sanluan | 2 Publiccms, Publiccms | 2024-11-23 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11078 | 2 Anisha, Code-projects | 2 Job Recruitment, Job Recruitment | 2024-11-23 | 3.5 Low |
| A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1004 | 2 Marktext, Microsoft | 2 Marktext, Windows | 2024-11-23 | 5.3 Medium |
| A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability. | ||||
| CVE-2024-11587 | 1 Idccms | 1 Idccms | 2024-11-23 | 3.5 Low |
| A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11489 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11493 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11492 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11490 | 1 115cms | 1 115cms | 2024-11-22 | 3.5 Low |
| A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-36258 | 1 Langchain | 1 Langchain | 2024-11-22 | 9.8 Critical |
| An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. | ||||
| CVE-2024-25110 | 1 Microsoft | 1 Azure Uamqp | 2024-11-22 | 9.8 Critical |
| The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-5082 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. | ||||
| CVE-2024-48694 | 1 Xian Daxi Information Technology | 1 Officeweb 365 | 2024-11-21 | 9.8 Critical |
| File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. | ||||
| CVE-2024-48070 | 1 Weaver | 1 E-cology | 2024-11-21 | 9.8 Critical |
| An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges | ||||
| CVE-2024-44757 | 1 Erp | 1 Management Software | 2024-11-21 | 7.5 High |
| An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. | ||||
| CVE-2024-3788 | 2024-11-21 | 6.6 Medium | ||
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. | ||||