Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38458 | 1 Xenforo | 1 Xenforo | 2024-11-21 | 8.8 High |
| Xenforo before 2.2.16 allows code injection. | ||||
| CVE-2024-38448 | 2024-11-21 | 9.1 Critical | ||
| htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. | ||||
| CVE-2024-38319 | 1 Ibm | 1 Soar | 2024-11-21 | 7.5 High |
| IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. | ||||
| CVE-2024-37934 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.4 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | ||||
| CVE-2024-37885 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | 3.8 Low |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0. | ||||
| CVE-2024-37855 | 1 Nepstech | 1 Ntpl-xpon1gfevn Firmware | 2024-11-21 | 8.4 High |
| An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. | ||||
| CVE-2024-37849 | 1 Itsourcecode | 1 Billing System | 2024-11-21 | 9.8 Critical |
| A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | ||||
| CVE-2024-37405 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A |
| Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory. | ||||
| CVE-2024-37124 | 2024-11-21 | 9.8 Critical | ||
| Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed. | ||||
| CVE-2024-37109 | 1 Wishlistmember | 1 Wishlist Member | 2024-11-21 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. | ||||
| CVE-2024-37084 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | 9.8 Critical |
| In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | ||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-11-21 | 9.8 Critical |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | ||||
| CVE-2024-36679 | 2024-11-21 | 10.0 Critical | ||
| In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file. | ||||
| CVE-2024-36598 | 1 Projectworlds | 1 Life Insurance Management System | 2024-11-21 | 8.1 High |
| An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. | ||||
| CVE-2024-36581 | 1 Prototype Solution | 1 Abw Badger Database | 2024-11-21 | 7.6 High |
| A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. | ||||
| CVE-2024-36575 | 1 Notabotai | 1 Getsetprop | 2024-11-21 | 9.8 Critical |
| A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. | ||||
| CVE-2024-36456 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-36268 | 1 Apache | 1 Inlong | 2024-11-21 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/10251 | ||||
| CVE-2024-36120 | 1 Ben-sb | 1 Javascript Deobfuscator | 2024-11-21 | 8.2 High |
| javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature. | ||||
| CVE-2024-36075 | 2024-11-21 | 6.5 Medium | ||
| The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint. | ||||