Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9471 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | N/A |
| Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver. | ||||
| CVE-2022-4721 | 1 Ikus-soft | 1 Rdiffweb | 2025-04-09 | 5.4 Medium |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository ikus060/rdiffweb prior to 2.5.5. | ||||
| CVE-2023-0302 | 1 Radare | 1 Radare2 | 2025-04-07 | 7.8 High |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | ||||
| CVE-2024-27622 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-03-28 | 7.2 High |
| A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. | ||||
| CVE-2023-23912 | 1 Ui | 20 Er-10x, Er-10x Firmware, Er-12 and 17 more | 2025-03-24 | 8.8 High |
| A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. | ||||
| CVE-2024-31806 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 6.5 Medium |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. | ||||
| CVE-2024-31809 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 8.8 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. | ||||
| CVE-2024-31812 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 6.5 Medium |
| In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. | ||||
| CVE-2024-36983 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-03-07 | 8 High |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. | ||||
| CVE-2024-23274 | 1 Apple | 1 Macos | 2025-02-13 | 8.4 High |
| An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. | ||||
| CVE-2024-23268 | 1 Apple | 1 Macos | 2025-02-13 | 8.4 High |
| An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. | ||||
| CVE-2023-40743 | 1 Apache | 1 Axis | 2025-02-13 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. | ||||
| CVE-2024-35373 | 1 Mocado | 1 Mocado | 2025-02-13 | 9.8 Critical |
| Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. | ||||
| CVE-2023-1758 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-10 | 5.4 Medium |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2024-0044 | 1 Google | 1 Android | 2025-01-28 | 7.8 High |
| In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-51941 | 2025-01-22 | 8.8 High | ||
| A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari. | ||||
| CVE-2024-39243 | 1 Skycaiji | 1 Skycaiji | 2024-11-21 | 9.8 Critical |
| An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save. | ||||
| CVE-2024-24257 | 2024-11-21 | 7.5 High | ||
| An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. | ||||
| CVE-2024-21503 | 2 Python Software Foundation, Redhat | 2 Black, Ansible Automation Platform | 2024-11-21 | 5.3 Medium |
| Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. | ||||
| CVE-2024-0801 | 2024-11-21 | 7.5 High | ||
| A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. | ||||