| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. |
| Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a shell command, which can be used for uploading files to arbitrary directories via path traversal, or executing system commands for Remote Code Execution (RCE). This issue is fixed in version 1.3.0. |
| Edge3 Worker RPC RCE on Airflow 2.
This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.
The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.
If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.
If you used Edge Provider in Airflow 3, you are not affected. |
| Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
This is similar to, but not identical to CVE-2023-32531 through 32534. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
This is similar to, but not identical to CVE-2023-32532 through 32535. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52329. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52326. |
| An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.
Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.
This is similar to, but not identical to CVE-2023-32530. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52328. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
Please note this vulnerability is similar, but not identical to CVE-2023-52327. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
This is similar to, but not identical to CVE-2023-32531 through 32535. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
This is similar to, but not identical to CVE-2023-32531 through 32535. |
| Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution.
Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities.
This is similar to, but not identical to CVE-2023-32529. |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers.
This is similar to, but not identical to CVE-2023-32531 through 32535. |
| Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download functionality, where user-controlled parameters are used to fetch remote content and construct file paths without proper validation. By supplying a crafted subtitle download URL and a path traversal sequence in the file name, an attacker can write files to arbitrary locations on the server, potentially leading to remote code execution. |
| The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The conditions are then executed as part of an eval statement executed on every site page. This leads to remote code execution. |
| AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid(). The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through unauthenticated API responses, allowing attackers to brute-force the remaining entropy. The recovered salt can then be used to encrypt a malicious payload supplied to a notification API endpoint that evaluates attacker-controlled input, resulting in arbitrary code execution as the web server user. |
| Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections. |
