57902 results (0.032 seconds)

CVSS: 8.4EPSS: %CPEs: 3EXPL: 0

17 Jul 2025 — A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code. • https://iknow.lenovo.com.cn/detail/430155 • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: %CPEs: 4EXPL: 0

17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 7.8EPSS: %CPEs: 4EXPL: 0

17 Jul 2025 — A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. ... This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. • https://www.ros.org/blog/noetic-eol • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 9.0EPSS: %CPEs: 2EXPL: 0

17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-426: Untrusted Search Path •

CVSS: 9.1EPSS: %CPEs: 1EXPL: 0

17 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://wordpress.org/plugins/attachment-manager • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.6EPSS: %CPEs: 2EXPL: 0

17 Jul 2025 — Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

17 Jul 2025 — Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds. • https://gist.github.com/night-0p/8d414bfef1cb16539da67e122d91e8da •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

17 Jul 2025 — Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. • http://www.webbatch.com •

CVSS: 9.8EPSS: %CPEs: 1EXPL: 0

17 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-refund-and-exchange/17810207#item-description__changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: %CPEs: 1EXPL: 0

17 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab970f5-35d1-43e9-891c-87a2a3e464c6?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •