Total
4451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44744 | 1 Malwarebytes | 1 Premium Security | 2024-10-04 | 5.7 Medium |
| An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. | ||||
| CVE-2024-46080 | 1 Scriptcase | 1 Scriptcase | 2024-10-04 | 8 High |
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | ||||
| CVE-2024-45186 | 1 Filesender | 1 Filesender | 2024-10-04 | 9.8 Critical |
| FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. | ||||
| CVE-2024-46489 | 1 Ferrislucas | 1 Promptr | 2024-10-02 | 8.8 High |
| A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | ||||
| CVE-2024-6596 | 2 Endress, Endress\+hauser | 17 Echo Curve Viewer, Field Xpert Smt50, Field Xpert Smt50 Firmware and 14 more | 2024-10-01 | 9.8 Critical |
| An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | ||||
| CVE-2024-45200 | 1 Nintendo | 1 Mario Kart 8 | 2024-09-30 | 6.3 Medium |
| In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library, | ||||
| CVE-2024-6983 | 1 Mudler | 1 Localai | 2024-09-30 | N/A |
| mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system. | ||||
| CVE-2024-8258 | 2 Apple, Logitech | 3 Macos, Logi Options\+, Options Plus | 2024-09-27 | 7.8 High |
| Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration. | ||||
| CVE-2024-8271 | 2 Pluginus, Realmag777 | 2 Fox - Currency Switcher Professional For Woocommerce, Fox-currency Switcher Professional | 2024-09-27 | 7.3 High |
| The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-8479 | 1 Webliberty | 1 Simple Spoiler | 2024-09-27 | 7.3 High |
| The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-37779 | 1 Woodwing Elvis Dam | 1 Woodwing Elvis Dam | 2024-09-27 | 8.8 High |
| WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | ||||
| CVE-2024-0004 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | ||||
| CVE-2024-6386 | 1 Wpml | 1 Wpml | 2024-09-27 | 9.9 Critical |
| The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | ||||
| CVE-2024-8623 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2024-09-26 | 7.3 High |
| The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-8268 | 1 Buffercode | 1 Frontend Dashboard | 2024-09-26 | 8.8 High |
| The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords. | ||||
| CVE-2024-8478 | 1 Ifeelweb | 1 Affiliate Super Assistent | 2024-09-26 | 7.3 High |
| The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-46639 | 1 Evolutionscript | 1 Helpdeskz | 2024-09-26 | 7.6 High |
| A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box. | ||||
| CVE-2024-46103 | 1 Sem-cms | 1 Semcms | 2024-09-26 | 9.8 Critical |
| SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. | ||||
| CVE-2024-40442 | 1 Doccano | 2 Auto Labeling Pipeline, Doccano | 2024-09-26 | 7.2 High |
| An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request. | ||||
| CVE-2024-46640 | 1 Seacms | 1 Seacms | 2024-09-26 | 9.8 Critical |
| SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. | ||||