ReportizFlow
Filtered by vendor
Subscriptions
Total
5379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10644 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-14 | 9.1 Critical |
| Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2025-49029 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0. | ||||
| CVE-2025-52718 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 7.2 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. This issue affects Alone: from n/a through 7.8.2. | ||||
| CVE-2025-6744 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2025-07-14 | 7.3 High |
| The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shortcode() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-26936 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0. | ||||
| CVE-2024-5826 | 1 Vanna-ai | 1 Vanna | 2025-07-14 | N/A |
| In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the `exec` function in `src/vanna/base/base.py`. This vulnerability can be exploited by an attacker to achieve remote code execution on the app backend server, potentially gaining full control of the server. | ||||
| CVE-2024-27191 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 8.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2. | ||||
| CVE-2025-49250 | 1 Wordpress | 1 Wordpress | 2025-07-14 | 4.3 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a. | ||||
| CVE-2024-47051 | 1 Mautic | 1 Mautic | 2025-07-14 | 9.1 Critical |
| This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts. * Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system. | ||||
| CVE-2024-12333 | 2 Wordpress, Xtemos | 2 Wordpress, Woodmart | 2025-07-14 | 6.5 Medium |
| The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-41667 | 1 Openidentityplatform | 1 Openam | 2025-07-13 | 8.8 High |
| OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default OpenAM login, they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. | ||||
| CVE-2024-32599 | 2 Deepak Anand, Wordpress | 2 Wp Dummy Content Generator, Wordpress | 2025-07-13 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.2.1. | ||||
| CVE-2025-30580 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound DigiWidgets Image Editor allows Remote Code Inclusion. This issue affects DigiWidgets Image Editor: from n/a through 1.10. | ||||
| CVE-2024-13929 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-13 | 7.2 High |
| Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||||
| CVE-2024-39844 | 1 Znc | 1 Znc | 2025-07-13 | 9.8 Critical |
| In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. | ||||
| CVE-2024-9639 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-07-13 | 8 High |
| Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||||
| CVE-2024-13557 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-2303 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | ||||
| CVE-2025-0708 | 1 Fumiao | 1 Opencms | 2025-07-13 | 3.5 Low |
| A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10252 | 1 Langgenius | 1 Dify | 2025-07-13 | 7.2 High |
| A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of the entire sandbox service and causing irreversible damage. | ||||