46513 results (0.034 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This vulnerability allows for remote code execution and privilege escalation. • https://github.com/AounShAh/Research-on-v380-cctv-ip-camera • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/96170b82-6ed9-4a52-8592-944163cdd3cf?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

11 Jul 2025 — The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. • https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf • CWE-502: Deserialization of Untrusted Data •

CVSS: -EPSS: 0%CPEs: -EXPL: 1

https://packetstorm.news/files/id/206268 •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

11 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDTunerSvc service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php#L85 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-booking-type-controller.php#L455 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

11 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). ... Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

10 Jul 2025 — A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). ... Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. • https://www.advantech.com/en/support/details/firmware-?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •