The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 93.9%.
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.