| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DHCP Server Service Remote Code Execution Vulnerability |
| Microsoft Xbox Remote Code Execution Vulnerability |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Windows MultiPoint Services Remote Code Execution Vulnerability |
| Windows Fax Service Remote Code Execution Vulnerability |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| Windows Imaging Component Remote Code Execution Vulnerability |
| Windows Graphics Component Remote Code Execution Vulnerability |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d. |
| eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory. |
| Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution. |
| Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator. |
| Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. |
| CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. This issue has been patched in version 0.28.5.0. |
