Total
5456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39681 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload. | ||||
| CVE-2023-39660 | 1 Gabrieleventuri | 1 Pandasai | 2024-11-21 | 9.8 Critical |
| An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. | ||||
| CVE-2023-39631 | 1 Langchain | 1 Langchain | 2024-11-21 | 9.8 Critical |
| An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | ||||
| CVE-2023-39445 | 2 Elecom, Logitec | 15 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 12 more | 2024-11-21 | 8.8 High |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | ||||
| CVE-2023-39157 | 1 Crocoblock | 1 Jetelements | 2024-11-21 | 9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.10. | ||||
| CVE-2023-39059 | 1 Ansible-semaphore | 1 Ansible Semaphore | 2024-11-21 | 8.8 High |
| An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. | ||||
| CVE-2023-39023 | 1 University Compass Project | 1 University Compass | 2024-11-21 | 9.8 Critical |
| university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39022 | 1 Oscore | 1 Oscore | 2024-11-21 | 9.8 Critical |
| oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39021 | 1 Wix | 1 Wix Embedded Mysql | 2024-11-21 | 9.8 Critical |
| wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39020 | 1 Stanford | 1 Stanford Parser | 2024-11-21 | 9.8 Critical |
| stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39017 | 1 Softwareag | 1 Quartz | 2024-11-21 | 9.8 Critical |
| quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. | ||||
| CVE-2023-39016 | 1 Bbossgroups | 1 Bboss | 2024-11-21 | 9.8 Critical |
| bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | ||||
| CVE-2023-39015 | 1 Code4craft | 1 Webmagic | 2024-11-21 | 9.8 Critical |
| webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | ||||
| CVE-2023-39013 | 1 Larsga | 1 Duke | 2024-11-21 | 9.8 Critical |
| Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | ||||
| CVE-2023-39010 | 1 Boofcv | 1 Boofcv | 2024-11-21 | 9.8 Critical |
| BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | ||||
| CVE-2023-38943 | 1 Shuize 0x727 Project | 1 Shuize 0x727 | 2024-11-21 | 8.8 High |
| ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. | ||||
| CVE-2023-38889 | 1 Alluxio | 1 Alluxio | 2024-11-21 | 9.8 Critical |
| An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). | ||||
| CVE-2023-38877 | 1 Economizzer | 1 Economizzer | 2024-11-21 | 8.8 High |
| A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords. | ||||
| CVE-2023-38860 | 1 Langchain | 1 Langchain | 2024-11-21 | 9.8 Critical |
| An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | ||||
| CVE-2023-38576 | 2 Elecom, Logitec | 3 Lan-wh300n\/re, Lan-wh300n\/re Firmware, Lan-wh300n Re | 2024-11-21 | 8.0 High |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | ||||