Export limit exceeded: 10203 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10203 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39469 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | 7.2 High |
| PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the External User Lookup functionality. The issue results from the lack of proper validation of a user-supplied string before using it to execute Java code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21013. | ||||
| CVE-2024-25995 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-30 | 9.8 Critical |
| An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. | ||||
| CVE-2023-29963 | 1 S-cms | 1 S-cms | 2025-01-29 | 7.2 High |
| S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | ||||
| CVE-2023-31099 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-01-29 | 8.8 High |
| Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. | ||||
| CVE-2023-30065 | 1 Mitrastar | 2 Gpt-2741gnac-n2, Gpt-2741gnac-n2 Firmware | 2025-01-29 | 8.8 High |
| MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. | ||||
| CVE-2023-24958 | 1 Ibm | 6 3948-ved, 3948-ved Firmware, 3957-vec and 3 more | 2025-01-29 | 8.8 High |
| A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. | ||||
| CVE-2023-22780 | 1 Hp | 2 Arubaos, Instantos | 2025-01-29 | 9.8 Critical |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22779 | 1 Hp | 2 Arubaos, Instantos | 2025-01-29 | 9.8 Critical |
| There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2022-36330 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2025-01-28 | 1.9 Low |
| A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. | ||||
| CVE-2023-31587 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-01-27 | 9.8 Critical |
| Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | ||||
| CVE-2023-30353 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 9.8 Critical |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | ||||
| CVE-2023-32336 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-01-27 | 8.8 High |
| IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | ||||
| CVE-2023-31502 | 1 Apsystems | 3 Alternergy Power Control Software, Ecu-c, Ecu-r | 2025-01-27 | 7.2 High |
| Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. | ||||
| CVE-2022-47129 | 1 Phpok | 1 Phpok | 2025-01-27 | 9.8 Critical |
| PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2022-42699 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2025-01-27 | 9.1 Critical |
| Auth. Remote Code Execution vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | ||||
| CVE-2022-4774 | 1 Bitapps | 1 Bit Form | 2025-01-24 | 9.8 Critical |
| The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. | ||||
| CVE-2024-28135 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 5 Medium |
| A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected. | ||||
| CVE-2023-32073 | 1 Wwbn | 1 Avideo | 2025-01-23 | 8.8 High |
| WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3. | ||||
| CVE-2024-1882 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | 7.2 High |
| This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. | ||||
| CVE-2024-1654 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-01-23 | 7.2 High |
| This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this. | ||||