ReportizFlow
Filtered by vendor
Subscriptions
Total
4105 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 3.8 Low |
| Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-1306 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2024-11-21 | 8.8 High |
| An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | ||||
| CVE-2023-1304 | 1 Rapid7 | 2 Insightappsec, Insightcloudsec | 2024-11-21 | 8.8 High |
| An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | ||||
| CVE-2023-1287 | 1 3ds | 1 Enovia Live Collaboration | 2024-11-21 | 9 Critical |
| An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | ||||
| CVE-2023-1283 | 1 Builder | 1 Qwik | 2024-11-21 | 10 Critical |
| Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | ||||
| CVE-2023-1250 | 1 Otrs | 1 Otrs | 2024-11-21 | 7.4 High |
| Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-1178 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. | ||||
| CVE-2023-1097 | 1 Baicells | 2 Eg7035-m11, Eg7035-m11 Firmware | 2024-11-21 | 9.3 Critical |
| Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. | ||||
| CVE-2023-1005 | 1 Markdown-electron Project | 1 Markdown-electron | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-221738 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1003 | 2 Microsoft, Typora | 2 Windows, Typora | 2024-11-21 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. | ||||
| CVE-2023-0888 | 1 Bbraun | 2 Battery-pack Sp With Wifi, Battery-pack Sp With Wifi Firmware | 2024-11-21 | 4.9 Medium |
| An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks | ||||
| CVE-2023-0877 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 8.8 High |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | ||||
| CVE-2023-0792 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 6.5 Medium |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0788 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 8.1 High |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 8.8 High |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2023-0626 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 8 High |
| Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | ||||
| CVE-2023-0625 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 8 High |
| Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | ||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2024-11-21 | 7.8 High |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | ||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-11-21 | 7.2 High |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | ||||
| CVE-2023-0462 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | 8 High |
| An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | ||||