Page 100 of 35370 results (0.209 seconds)

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. • https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions on the 0.5 branch prior to 0.5.0b3.dev87. ... This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. ... By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. ... This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. • https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

This issue may lead to Remote Code Execution. • https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 https://github.com/plentico/plenti/releases/tag/v0.7.2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. • https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800 https://securitylab.github.com/advisories/GHSL-2024-011_smartup • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. • https://github.com/herombey/Disclosures/blob/main/CVE-2024-37845%20RCE.pdf https://github.com/herombey/Disclosures/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •