Page 126 of 35163 results (0.083 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. • https://github.com/badges/shields/commit/ec1b6c8daccda075403c1688ac02603f7aaa50b2 https://github.com/badges/shields/issues/10553 https://github.com/badges/shields/pull/10551 https://github.com/badges/shields/security/advisories/GHSA-rxvx-x284-4445 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. • https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83 • CWE-35: Path Traversal: '.../...//' CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •