CVE Notify
19.3K subscribers
4 photos
203K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2023-51892
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-51926
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-51927
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-51928
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-51924
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-51925
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-24135
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-36177
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-22900
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-22902
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-23054
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24397
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24396
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-24398
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-46359
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.

๐ŸŽ–@cveNotify