| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. |
| MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. |
| The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation.
Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue. |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability. |
| Microsoft Office Remote Code Execution Vulnerability |
| Windows OLE Remote Code Execution Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Windows Bluetooth Driver Remote Code Execution Vulnerability |
| Remote Desktop Client Remote Code Execution Vulnerability |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
| Windows Network File System Remote Code Execution Vulnerability |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Azure CycleCloud Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
