ReportizFlow
Filtered by vendor
Subscriptions
Total
4091 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25600 | 2024-11-21 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | ||||
| CVE-2024-25502 | 2024-11-21 | 9.8 Critical | ||
| Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. | ||||
| CVE-2024-25415 | 2024-11-21 | 7.2 High | ||
| A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. | ||||
| CVE-2024-25376 | 2024-11-21 | 7.8 High | ||
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | ||||
| CVE-2024-25359 | 2024-11-21 | 6.6 Medium | ||
| An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. | ||||
| CVE-2024-25350 | 2024-11-21 | 9.8 Critical | ||
| SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. | ||||
| CVE-2024-25301 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.2 High |
| Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | ||||
| CVE-2024-25298 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.2 High |
| An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | ||||
| CVE-2024-25293 | 2024-11-21 | 9.3 Critical | ||
| mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. | ||||
| CVE-2024-25291 | 2024-11-21 | 9.8 Critical | ||
| Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. | ||||
| CVE-2024-25202 | 2024-11-21 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. | ||||
| CVE-2024-25180 | 2024-11-21 | 9.8 Critical | ||
| An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | ||||
| CVE-2024-25096 | 2024-11-21 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | ||||
| CVE-2024-25089 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-11-21 | 9.8 Critical |
| Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | ||||
| CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-11-21 | 7.8 High |
| Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2024-25077 | 2024-11-21 | 9.8 Critical | ||
| An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Because the encryption engine for on-the-fly decryption uses AES in CTR mode without authentication, an attacker-modified Nonce can result in execution of arbitrary code. | ||||
| CVE-2024-24707 | 2024-11-21 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | ||||
| CVE-2024-24525 | 2024-11-21 | 9.8 Critical | ||
| An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. | ||||
| CVE-2024-24520 | 2024-11-21 | 7.8 High | ||
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | ||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | ||||