Filtered by vendor
Subscriptions
Total
5001 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-45673 | 2 Joplin Project, Laurent 22 | 2 Joplin, Joplin | 2025-04-11 | 8.9 High |
Joplin is a free, open source note taking and to-do application. A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. This issue has been addressed in version 2.13.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-36568 | 2 Mayurik, Sourcecodester | 2 Gas Agency Management System, Gas Agency Management System | 2025-04-11 | 9.8 Critical |
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | ||||
CVE-2024-41304 | 1 Wondercms | 1 Wondercms | 2025-04-11 | 5.4 Medium |
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
CVE-2024-42634 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-11 | 9.8 Critical |
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | ||||
CVE-2024-30878 | 1 Rageframe | 1 Rageframe | 2025-04-11 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | ||||
CVE-2012-1205 | 2 Alanft, Wordpress | 2 Relocate-upload, Wordpress | 2025-04-11 | N/A |
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. | ||||
CVE-2012-4864 | 1 Oreans | 1 Winlicense | 2025-04-11 | N/A |
Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. | ||||
CVE-2012-0922 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2025-04-11 | N/A |
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. | ||||
CVE-2012-0671 | 1 Apple | 1 Quicktime | 2025-04-11 | N/A |
Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. | ||||
CVE-2011-1392 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | N/A |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2012-0319 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2025-04-11 | N/A |
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue. | ||||
CVE-2013-3144 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | N/A |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163. | ||||
CVE-2011-1388 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | N/A |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2013-5369 | 1 Ibm | 1 Spss Analytical Decision Management | 2025-04-11 | N/A |
IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 might allow remote attackers to execute arbitrary code by deploying and accessing a service. | ||||
CVE-2011-1391 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | N/A |
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2011-5021 | 1 Phpids | 1 Phpids | 2025-04-11 | N/A |
PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors. | ||||
CVE-2011-4791 | 1 Hp | 1 Data Protector Media Operations | 2025-04-11 | N/A |
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field. | ||||
CVE-2011-4668 | 1 Ibm | 1 Tivoli Netcool\/reporter | 2025-04-11 | N/A |
IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server. | ||||
CVE-2011-0487 | 1 Icq | 1 Icq | 2025-04-11 | N/A |
ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism. |