Page 3 of 40436 results (0.060 seconds)

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1696.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: %CPEs: -EXPL: 0

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. • https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.0EPSS: %CPEs: -EXPL: 0

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: %CPEs: 1EXPL: 0

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. ... If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 8.8EPSS: %CPEs: 1EXPL: 0

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. ... If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. • https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •