ReportizFlow
Filtered by vendor
Subscriptions
Total
5371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36992 | 1 Travianz Project | 1 Travianz | 2024-11-21 | 7.2 High |
| PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. | ||||
| CVE-2023-36923 | 1 Sap | 1 Powerdesigner | 2024-11-21 | 7.8 High |
| SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2023-36859 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | 8.8 High |
| PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user input, which could allow an attacker to inject arbitrary commands. | ||||
| CVE-2023-36467 | 1 Amazon | 1 Aws-dataall | 2024-11-21 | 8 High |
| AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around. | ||||
| CVE-2023-36281 | 1 Langchain | 1 Langchain | 2024-11-21 | 9.8 Critical |
| An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. | ||||
| CVE-2023-36255 | 1 Eramba | 1 Eramba | 2024-11-21 | 8.8 High |
| An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL. | ||||
| CVE-2023-36177 | 1 Badaix | 1 Snapcast | 2024-11-21 | 9.8 Critical |
| An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. | ||||
| CVE-2023-36095 | 1 Langchain | 1 Langchain | 2024-11-21 | 9.8 Critical |
| An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt. | ||||
| CVE-2023-35897 | 1 Ibm | 2 Storage Protect, Storage Protect Client | 2024-11-21 | 8.4 High |
| IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | ||||
| CVE-2023-34999 | 1 Bosch | 1 Rts Vlink Virtual Matrix | 2024-11-21 | 8.4 High |
| A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface. | ||||
| CVE-2023-34842 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. | ||||
| CVE-2023-34644 | 2 Ruijie, Ruijienetworks | 136 Re-eg1000m, Re-eg1000m Firmware, Rg-eg1000c and 133 more | 2024-11-21 | 9.8 Critical |
| Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. | ||||
| CVE-2023-34195 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 7.8 High |
| An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. | ||||
| CVE-2023-33469 | 1 Kramerav | 4 Via Connect2, Via Connect2 Firmware, Via Go2 and 1 more | 2024-11-21 | 7.8 High |
| In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. | ||||
| CVE-2023-33229 | 1 Solarwinds | 1 Solarwinds Platform | 2024-11-21 | 3.5 Low |
| The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | ||||
| CVE-2023-32626 | 2 Elecom, Logitec | 6 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 3 more | 2024-11-21 | 9.8 Critical |
| Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | ||||
| CVE-2023-32418 | 1 Apple | 1 Macos | 2024-11-21 | 7.8 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-32095 | 1 Milandinic | 1 Rename Media Files | 2024-11-21 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1. | ||||
| CVE-2023-31447 | 1 Draytek | 4 Vigor2620, Vigor2620 Firmware, Vigor2625 and 1 more | 2024-11-21 | 9.8 Critical |
| user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. | ||||
| CVE-2023-31315 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2024-11-21 | 7.5 High |
| Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. | ||||