Page 102 of 47041 results (0.144 seconds)

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Teachers%20Record/Reflected%20XSS.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0

REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Se descubrió que REDAXO CMS v2.11.0 contenía una vulnerabilidad de ejecución remota de código (RCE). • https://github.com/Purposex7/Vulns4Study/blob/main/REDAXO%20Cronjobs%20%20AddOns%20RCE.md •

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. • https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html https://issues.chromium.org/issues/352651673 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the virtual TPM device. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-306: Missing Authentication for Critical Function •