• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2019-9227

February 26, 2023 by

An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to execute arbitrary code. A BG_SITE_NAME parameter with malicious code can be written into the opt_base.inc.php file.

CVE-2019-9163

February 26, 2023 by

The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.

CVE-2019-9115

February 26, 2023 by

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.

CVE-2019-9082

February 26, 2023 by

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

CVE-2019-8324

February 26, 2023 by

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.

CVE-2019-8341

February 26, 2023 by

** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the “source” parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn’t valid because users shouldn’t use untrusted templates without sandboxing.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 154
  • Go to page 155
  • Go to page 156
  • Go to page 157
  • Go to page 158
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE