Common Vulnerabilities and Exposures (CVE)

CVE-2024-45873

Jul 5, 2026 00:46:21 UTC

A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.

CVE-2024-28710

Jul 5, 2026 00:45:57 UTC

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.

CVE-2024-28709

Jul 5, 2026 00:45:53 UTC

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.

CVE-2023-31493

Jul 5, 2026 00:45:44 UTC

RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while executing a crafted payload and escalate privileges allowing execution of any commands on the remote sy...

CVE-2024-46084

Jul 5, 2026 00:45:36 UTC

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.

CVE-2024-46607

Jul 5, 2026 00:45:33 UTC

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

CVE-2024-45993

Jul 5, 2026 00:45:28 UTC

Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb.

CVE-2023-46948

Jul 5, 2026 00:45:24 UTC

A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.

CVE-2024-33109

Jul 5, 2026 00:45:19 UTC

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.

CVE-2024-44902

Jul 5, 2026 00:45:14 UTC

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

CVE-2024-44667

Jul 5, 2026 00:45:10 UTC

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root ...

CVE-2024-44577

Jul 5, 2026 00:45:05 UTC

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.

CVE-2024-44575

Jul 5, 2026 00:44:58 UTC

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.

CVE-2024-44574

Jul 5, 2026 00:44:54 UTC

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.

CVE-2024-44573

Jul 5, 2026 00:44:50 UTC

A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.