Export limit exceeded: 13968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10336 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0200 | 1 Github | 1 Enterprise Server | 2024-11-21 | 7.2 High |
| An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-6974 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 9.8 Critical |
| A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | ||||
| CVE-2023-6691 | 1 Cambiumnetworks | 2 Epmp Force 300-25, Epmp Force 300-25 Firmware | 2024-11-21 | 7.8 High |
| Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | ||||
| CVE-2023-6140 | 1 G5plus | 1 Essential Real Estate | 2024-11-21 | 8.8 High |
| The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. | ||||
| CVE-2023-6016 | 1 H2o | 1 H2o | 2024-11-21 | 9.8 Critical |
| An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. | ||||
| CVE-2023-6012 | 1 Lanaccess | 1 Onsafe Monitorhm | 2024-11-21 | 8.3 High |
| An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. | ||||
| CVE-2023-5939 | 1 Rtcamp | 1 Rtmedia | 2024-11-21 | 7.2 High |
| The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. | ||||
| CVE-2023-5886 | 1 Soflyy | 2 Export Any Wordpress Data To Xml\/csv, Wp All Export | 2024-11-21 | 8.8 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. | ||||
| CVE-2023-5766 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | ||||
| CVE-2023-5762 | 1 Filr Project | 1 Filr | 2024-11-21 | 8.8 High |
| The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. | ||||
| CVE-2023-5747 | 1 Hanwhavision | 5 Pno-a6081r-e1t, Pno-a6081r-e1t Firmware, Pno-a6081r-e2t and 2 more | 2024-11-21 | 7.2 High |
| Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution." | ||||
| CVE-2023-5673 | 1 Wpvibes | 1 Wp Mail Log | 2024-11-21 | 8.8 High |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. | ||||
| CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.5 Medium |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 4.7 Medium |
| A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | ||||
| CVE-2023-5539 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 4.7 Medium |
| A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | ||||
| CVE-2023-5185 | 1 Projectworlds | 1 Gym Management System Project | 2024-11-21 | 9.1 Critical |
| Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2023-50965 | 1 Starnight | 1 Micro Http Server | 2024-11-21 | 9.8 Critical |
| In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI. | ||||
| CVE-2023-50760 | 1 Kashipara | 1 Online Notice Board System | 2024-11-21 | 8.8 High |
| Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2023-50722 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 9.7 Critical |
| XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`. | ||||
| CVE-2023-50721 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 10 Critical |
| XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`. | ||||