Export limit exceeded: 10053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10053 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49109 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 9.8 Critical |
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | ||||
| CVE-2023-24078 | 1 Realtimelogic | 1 Fuguhub | 2025-03-18 | 8.8 High |
| Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. | ||||
| CVE-2023-25266 | 1 Docmosis | 1 Tornado | 2025-03-18 | 8.8 High |
| An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE). | ||||
| CVE-2022-45701 | 1 Commscope | 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more | 2025-03-18 | 8.8 High |
| Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | ||||
| CVE-2024-31807 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 9.8 Critical |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | ||||
| CVE-2024-31808 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 8.8 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | ||||
| CVE-2024-31809 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 8.8 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | ||||
| CVE-2024-31811 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 8.0 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. | ||||
| CVE-2024-43202 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 9.8 Critical |
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. | ||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | 7.5 High |
| Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | ||||
| CVE-2023-24114 | 1 Typecho | 1 Typecho | 2025-03-18 | 9.8 Critical |
| typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | ||||
| CVE-2023-23453 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 1 more | 2025-03-18 | 9.8 Critical |
| Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | ||||
| CVE-2023-23452 | 1 Sick | 4 Fx0-gpnt00000, Fx0-gpnt00000 Firmware, Fx0-gpnt00010 and 1 more | 2025-03-18 | 9.8 Critical |
| Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000. | ||||
| CVE-2024-56908 | 2025-03-17 | 6.8 Medium | ||
| In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with improper input validation, the attacker can bypass restrictions and upload arbitrary files to directories of their choice, potentially leading to remote code execution or server compromise. | ||||
| CVE-2024-3116 | 3 Fedoraproject, Pgadmin, Postgresql | 3 Fedora, Pgadmin 4, Pgadmin 4 | 2025-03-17 | 7.4 High |
| pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data. | ||||
| CVE-2024-40522 | 1 Seacms | 1 Seacms | 2025-03-14 | 8.8 High |
| There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. | ||||
| CVE-2023-50164 | 1 Apache | 1 Struts | 2025-03-14 | 9.8 Critical |
| An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | ||||
| CVE-2023-39475 | 1 Inductiveautomation | 1 Ignition | 2025-03-13 | 9.8 Critical |
| Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ParameterVersionJavaSerializationCodec class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20290. | ||||
| CVE-2023-39474 | 1 Inductiveautomation | 1 Ignition | 2025-03-13 | 8.8 High |
| Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-19915. | ||||
| CVE-2023-39473 | 1 Inductiveautomation | 1 Ignition | 2025-03-13 | 8.8 High |
| Inductive Automation Ignition AbstractGatewayFunction Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the AbstractGatewayFunction class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-17587. | ||||