Page 129 of 35373 results (0.422 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.121 via the template engine. This is due to the plugin not properly restricting functions that can be called and passed to code execution functions. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-1-5-121-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

The Contact Form by Supsystic plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.28. ... This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. • https://issues.chromium.org/issues/346197738 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. • https://supportportal.juniper.net/JSA88110 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-01.pdf • CWE-347: Improper Verification of Cryptographic Signature •