Page 13 of 40408 results (0.220 seconds)

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. • https://access.redhat.com/security/cve/CVE-2024-10573 https://bugzilla.redhat.com/show_bug.cgi?id=2322980 https://mpg123.org/cgi-bin/news.cgi#2024-10-26 • CWE-787: Out-of-bounds Write •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. • https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. • https://github.com/antonk52/lilconfig/commit/2c68a1ab8764fc74acc46771e1ad39ab07a9b0a7 https://github.com/antonk52/lilconfig/pull/48 https://github.com/antonk52/lilconfig/releases/tag/v3.1.1 https://security.snyk.io/vuln/SNYK-JS-LILCONFIG-6263789 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 1

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. • https://github.com/BLACK-SCORP10/CVE-2024-51430 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. • https://github.com/Studio-42/elFinder/issues/3615 • CWE-434: Unrestricted Upload of File with Dangerous Type •