Page 102 of 35163 results (0.145 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/create-flipbook-from-pdf/wordpress-creates-3d-flipbook-pdf-flipbook-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

If the following criteria are met, the attacker can carry out an RCE attack: 1. ... If the following criteria are met, the attacker can carry out an RCE attack: 1. • https://github.com/livewire/livewire/commit/70503b79f5db75a1eac9bf55826038a6ee5a16d5 https://github.com/livewire/livewire/security/advisories/GHSA-f3cx-396f-7jqp https://github.com/livewire/livewire/pull/8624 https://github.com/livewire/livewire/commit/cd168c6212ea13d13b82b3132485741f82d9fad9 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43488 • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43611 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0

Remote Desktop Client Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43599 • CWE-416: Use After Free •