Total
5393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22947 | 2 Oracle, Vmware | 10 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 7 more | 2025-07-30 | 10 Critical |
| In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | ||||
| CVE-2022-22963 | 3 Oracle, Redhat, Vmware | 29 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 26 more | 2025-07-30 | 9.8 Critical |
| In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | ||||
| CVE-2022-22965 | 6 Cisco, Oracle, Redhat and 3 more | 45 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 42 more | 2025-07-30 | 9.8 Critical |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | ||||
| CVE-2022-22954 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-07-30 | 9.8 Critical |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | ||||
| CVE-2022-24816 | 1 Geosolutionsgroup | 1 Jai-ext | 2025-07-30 | 10 Critical |
| JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath. | ||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2025-07-30 | 9.8 Critical |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | ||||
| CVE-2022-41223 | 1 Mitel | 1 Mivoice Connect | 2025-07-30 | 6.8 Medium |
| The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | ||||
| CVE-2023-22952 | 1 Sugarcrm | 1 Sugarcrm | 2025-07-30 | 8.8 High |
| In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | ||||
| CVE-2022-43769 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-07-30 | 8.8 High |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | ||||
| CVE-2023-29492 | 2 3rdmill, Novisurvey | 2 Novi Survey, Novi Survey | 2025-07-30 | 9.8 Critical |
| Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. | ||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-30 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33246 | 1 Apache | 1 Rocketmq | 2025-07-30 | 9.8 Critical |
| For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . | ||||
| CVE-2023-32435 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-30 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | ||||
| CVE-2023-32439 | 3 Apple, Redhat, Webkitgtk | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-30 | 8.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2023-3519 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-30 | 9.8 Critical |
| Unauthenticated remote code execution | ||||
| CVE-2023-37450 | 3 Apple, Redhat, Webkitgtk | 9 Ipados, Iphone Os, Macos and 6 more | 2025-07-30 | 8.8 High |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2025-07-30 | 7.2 High |
| A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-6548 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-30 | 5.5 Medium |
| Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | ||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-30 | 7.6 High |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2024-4040 | 1 Crushftp | 1 Crushftp | 2025-07-30 | 9.8 Critical |
| A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | ||||