Filtered by vendor
Subscriptions
Total
5382 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36591 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-15 | 7.3 High |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
CVE-2023-36592 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-15 | 7.3 High |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
CVE-2023-36702 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-15 | 7.8 High |
Microsoft DirectMusic Remote Code Execution Vulnerability | ||||
CVE-2023-36718 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2025-04-15 | 7.8 High |
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | ||||
CVE-2023-36789 | 1 Microsoft | 1 Skype For Business Server | 2025-04-15 | 7.2 High |
Skype for Business Remote Code Execution Vulnerability | ||||
CVE-2022-4223 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-04-14 | 8.8 High |
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server. | ||||
CVE-2024-13345 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | 7.3 High |
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
CVE-2025-27429 | 2025-04-14 | 9.9 Critical | ||
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | ||||
CVE-2025-26970 | 1 Arktheme | 1 The Ark | 2025-04-14 | 10 Critical |
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a before 1.71.0. | ||||
CVE-2016-3154 | 1 Spip | 1 Spip | 2025-04-12 | N/A |
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | ||||
CVE-2014-0584 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. | ||||
CVE-2016-9862 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected. | ||||
CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2025-04-12 | N/A |
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
CVE-2014-5340 | 2 Check Mk Project, Redhat | 2 Check Mk, Storage | 2025-04-12 | N/A |
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL. | ||||
CVE-2012-5649 | 1 Apache | 1 Couchdb | 2025-04-12 | N/A |
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. | ||||
CVE-2015-8761 | 1 Values Project | 1 Values | 2025-04-12 | N/A |
The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | ||||
CVE-2016-0033 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | ||||
CVE-2015-7381 | 1 Refbase | 1 Refbase | 2025-04-12 | N/A |
Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | ||||
CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | N/A |
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | ||||
CVE-2014-8791 | 1 Enalean | 1 Tuleap | 2025-04-12 | N/A |
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. |