CVE-2023-52251

Public exploit
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.
Max CVSS
8.8
EPSS Score
2.88%
Published
2024-01-25
Updated
2024-02-29

CVE-2023-49070

Public exploit
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
Max CVSS
9.8
EPSS Score
84.67%
Published
2023-12-05
Updated
2023-12-29

CVE-2023-41892

Public exploit
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Max CVSS
10.0
EPSS Score
85.57%
Published
2023-09-13
Updated
2023-12-22

CVE-2023-37466

Public exploit
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.
Max CVSS
10.0
EPSS Score
0.26%
Published
2023-07-14
Updated
2024-02-01

CVE-2023-34468

Public exploit
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
Max CVSS
8.8
EPSS Score
86.04%
Published
2023-06-12
Updated
2023-10-03

CVE-2023-33246

Known exploited
Public exploit
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
Max CVSS
9.8
EPSS Score
97.34%
Published
2023-05-24
Updated
2023-07-12
CISA KEV Added
2023-09-06

CVE-2023-3519

Known exploited
Public exploit
Used for ransomware
Unauthenticated remote code execution
Max CVSS
9.8
EPSS Score
91.19%
Published
2023-07-19
Updated
2023-08-04
CISA KEV Added
2023-07-19

CVE-2023-0297

Public exploit
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Max CVSS
9.8
EPSS Score
50.96%
Published
2023-01-14
Updated
2023-06-15

CVE-2022-43769

Public exploit
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 
Max CVSS
8.8
EPSS Score
72.83%
Published
2023-04-03
Updated
2023-05-11

CVE-2022-42889

Public exploit
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
Max CVSS
9.8
EPSS Score
96.83%
Published
2022-10-13
Updated
2024-01-19

CVE-2022-24734

Public exploit
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
Max CVSS
7.2
EPSS Score
30.59%
Published
2022-03-09
Updated
2022-09-30

CVE-2022-23642

Public exploit
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.
Max CVSS
8.8
EPSS Score
93.82%
Published
2022-02-18
Updated
2023-06-27

CVE-2022-22965

Known exploited
Public exploit
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Max CVSS
9.8
EPSS Score
97.49%
Published
2022-04-01
Updated
2023-02-09
CISA KEV Added
2022-04-04

CVE-2022-22963

Known exploited
Public exploit
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Max CVSS
9.8
EPSS Score
97.54%
Published
2022-04-01
Updated
2023-07-13
CISA KEV Added
2022-08-25

CVE-2022-22954

Known exploited
Public exploit
Used for ransomware
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Max CVSS
10.0
EPSS Score
97.44%
Published
2022-04-11
Updated
2022-09-09
CISA KEV Added
2022-04-14

CVE-2022-22947

Known exploited
Public exploit
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Max CVSS
10.0
EPSS Score
97.48%
Published
2022-03-03
Updated
2023-07-24
CISA KEV Added
2022-05-16

CVE-2021-44529

Known exploited
Public exploit
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
Max CVSS
9.8
EPSS Score
96.89%
Published
2021-12-08
Updated
2024-03-26
CISA KEV Added
2024-03-25

CVE-2021-39144

Known exploited
Public exploit
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Max CVSS
8.5
EPSS Score
96.98%
Published
2021-08-23
Updated
2023-06-26
CISA KEV Added
2023-03-10

CVE-2021-32706

Public exploit
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. The issue lies in the fact that one of the periods is not escaped, allowing any character to be used in its place. A patch for this vulnerability was released in version 5.5.1.
Max CVSS
8.8
EPSS Score
0.86%
Published
2021-08-04
Updated
2022-04-25

CVE-2021-22205

Known exploited
Public exploit
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Max CVSS
10.0
EPSS Score
97.46%
Published
2021-04-23
Updated
2022-07-12
CISA KEV Added
2021-11-03

CVE-2020-26124

Public exploit
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
Max CVSS
9.0
EPSS Score
60.16%
Published
2020-10-02
Updated
2022-01-06

CVE-2020-8644

Known exploited
Public exploit
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
Max CVSS
9.8
EPSS Score
95.60%
Published
2020-02-05
Updated
2022-07-12
CISA KEV Added
2021-11-03

CVE-2020-8518

Public exploit
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Max CVSS
9.8
EPSS Score
96.49%
Published
2020-02-17
Updated
2022-01-01

CVE-2019-16759

Known exploited
Public exploit
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Max CVSS
9.8
EPSS Score
97.49%
Published
2019-09-24
Updated
2021-07-21
CISA KEV Added
2021-11-03

CVE-2019-13372

Public exploit
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
Max CVSS
9.8
EPSS Score
97.07%
Published
2019-07-06
Updated
2023-02-28
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!