Page 123 of 35276 results (0.016 seconds)

CVSS: -EPSS: 0%CPEs: -EXPL: 0

This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. • https://r.sec-consult.com/rittaliot https://www.rittal.com/de-de/products/deep/3124300 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. • https://www.twcert.org.tw/en/cp-139-8153-1120e-2.html https://www.twcert.org.tw/tw/cp-132-8152-09e81-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. • https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. • https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve https://filemanagerpro.io • CWE-434: Unrestricted Upload of File with Dangerous Type •