| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| Microsoft Excel Remote Code Execution Vulnerability |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. |
| Microsoft Office Visio Remote Code Execution Vulnerability |
| Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Access Remote Code Execution Vulnerability |
| Microsoft Access Remote Code Execution Vulnerability |
| Microsoft Power Automate Remote Code Execution Vulnerability |
| Microsoft Access Remote Code Execution Vulnerability |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| .NET and Visual Studio Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office OneNote Remote Code Execution Vulnerability |
| In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue. |
