51733 results (0.033 seconds)

CVSS: 8.6EPSS: %CPEs: 8EXPL: 0

08 Jul 2025 — When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. ... The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. • https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 • CWE-73: External Control of File Name or Path CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 8.1EPSS: %CPEs: 1EXPL: 0

08 Jul 2025 — This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • CWE-73: External Control of File Name or Path •

CVSS: 8.8EPSS: %CPEs: 2EXPL: 0

08 Jul 2025 — This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. • https://github.com/juju/juju/security/advisories/GHSA-4vc8-wvhw-m5gv • CWE-285: Improper Authorization •

CVSS: 7.5EPSS: %CPEs: 1EXPL: 0

08 Jul 2025 — Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: %CPEs: 26EXPL: 0

08 Jul 2025 — Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49742 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: %CPEs: 17EXPL: 0

08 Jul 2025 — Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49729 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: %CPEs: 13EXPL: 0

08 Jul 2025 — Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

08 Jul 2025 — Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49714 • CWE-501: Trust Boundary Violation •

CVSS: 7.8EPSS: %CPEs: 1EXPL: 0

08 Jul 2025 — Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49705 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: %CPEs: 2EXPL: 0

08 Jul 2025 — Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 • CWE-94: Improper Control of Generation of Code ('Code Injection') •