57543 results (0.036 seconds)

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

04 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/plugin/easy-stripe/vulnerability/wordpress-easy-stripe-1-1-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

04 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Remote Code Inclusion. • https://patchstack.com/database/wordpress/theme/alone/vulnerability/wordpress-alone-7-8-2-arbitrary-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

04 Jul 2025 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mndpsingh287 Frontend File Manager allows Code Injection. This issue affects Frontend File Manager: from n/a through 23.2. • https://patchstack.com/database/wordpress/plugin/wp-file-manager/vulnerability/wordpress-frontend-file-manager-plugin-23-2-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0

04 Jul 2025 — A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. • https://github.com/Cockpit-HQ/Cockpit/commit/bdcd5e3bc651c0839c7eea807f3eb6af856dbc76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

04 Jul 2025 — Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications. • https://tunnelblick.net/cCVE-2025-43711.html • CWE-459: Incomplete Cleanup •

CVSS: -EPSS: 0%CPEs: -EXPL: 1

04 Jul 2025 — WordPress Migration, Backup, Staging – WPvivid Backup and Migration plugin versions 0.9.116 and below are vulnerable to arbitrary file uploads due to missing file type validation in the wpvivid_upload_import_files function. This allows authenticated attackers (Administrator-level and above) to upload arbitrary files to the server, potentially enabling remote code execution. • https://packetstorm.news/files/id/205244 •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

03 Jul 2025 — An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. ... This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privile... • https://vulncheck.com/advisories/remote-for-mac-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2

03 Jul 2025 — An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user. This behavior was present in the legacy AdminLTE interface and has since been patched in later versions. Existe una vulnerabilidad de inyec... • https://vulncheck.com/advisories/pihole-adminlte-whitelist-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2

03 Jul 2025 — An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. • https://vulncheck.com/advisories/pandora-fms-rce-via-ping • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

03 Jul 2025 — An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. • https://kb.igel.com/security-safety/current/isn-2021-01-igel-os-remote-command-execution-vulne • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •