Page 10 of 8835 results (0.165 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Saso Nikolov Event Tickets con Ticket Scanner permite la inyección de Server Side Include (SSI). Este problema afecta a Event Tickets con Ticket Scanner: desde n/a hasta 2.3.11. The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with author-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. • https://github.com/laurent22/joplin/security/advisories/GHSA-hff8-hjwv-j9q7 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. • https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.  This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. • https://support.sonatype.com/hc/en-us/articles/30694125380755 • CWE-94: Improper Control of Generation of Code ('Code Injection') •