46475 results (0.002 seconds)

CVSS: 10.0EPSS: %CPEs: 1EXPL: 2

09 Jul 2025 — This endpoint does not enforce authentication or content-type validation, enabling attackers to upload malicious PHP code directly to the server. • https://vulncheck.com/advisories/wordpress-ait-csv-import-export-plugin-rce • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: %CPEs: 1EXPL: 2

09 Jul 2025 — Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server. • https://vulncheck.com/advisories/wordpress-pie-register-plugin-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: %CPEs: 1EXPL: 2

09 Jul 2025 — An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. • https://vulncheck.com/advisories/wordpress-simple-file-list-plugin-rce • CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: %CPEs: 1EXPL: 0

08 Jul 2025 — Successful exploitation can lead to remote code execution under the server process's privileges. • https://github.com/Flux159/mcp-server-kubernetes/commit/ab165f5a0eea917fef5dbae954506fff6f4bf514 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.1EPSS: %CPEs: 9EXPL: 0

08 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661 • CWE-73: External Control of File Name or Path •

CVSS: 9.0EPSS: %CPEs: 2EXPL: 0

08 Jul 2025 — This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. • https://github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv • CWE-285: Improper Authorization •

CVSS: 7.5EPSS: %CPEs: 1EXPL: 0

08 Jul 2025 — Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: %CPEs: 17EXPL: 0

08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49729 • CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: %CPEs: 13EXPL: 0

08 Jul 2025 — Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: 1EXPL: 0

08 Jul 2025 — Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49714 • CWE-501: Trust Boundary Violation •