57616 results (0.033 seconds)

CVSS: 10.0EPSS: %CPEs: 4EXPL: 0

08 Jul 2025 — An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 9.1EPSS: %CPEs: 11EXPL: 0

08 Jul 2025 — SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with high privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. • https://me.sap.com/notes/3618955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.7EPSS: %CPEs: 1EXPL: 0

07 Jul 2025 — This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. ... Esto permite a un atacante cargar y ejecutar firmware arbitrario, lo que resulta en la ejecución remota de código (RCE). Esta vulnerabilidad se corrigió en la versión 3.2.1. • https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.1EPSS: %CPEs: 1EXPL: 0

07 Jul 2025 — Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. ... Roo Code es un agente de codificación autónomo basado en IA. Antes de la versión 3.22.6, si la víctima tenía la opción "Escribir" aprobada automáticamente, un atacante con la capacidad de enviar solicitudes al agente podía escribir en los archiv... • https://github.com/RooCodeInc/Roo-Code/commit/1be6fce1a6864ae63e8160b0666db2c647f2dbba • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 9.0EPSS: %CPEs: 1EXPL: 0

07 Jul 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php files can be uploaded and included. • https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 9.0EPSS: %CPEs: 1EXPL: 0

07 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3316262%40business-reviews-wp%2Ftrunk&old=3201057%40business-reviews-wp%2Ftrunk&sfp_email=&sfph_mail= • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 7.0EPSS: %CPEs: 4EXPL: 1

07 Jul 2025 — From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. • https://github.com/leesh3288/CVE-2025-32023 • CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. • https://github.com/YX-hueimie/CVE-Issues/blob/main/CVE-2025-45479.md •

CVSS: 7.3EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppServer service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •