Page 14 of 40408 results (0.291 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. • https://github.com/langflow-ai/langflow/issues/2908 •

CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) • https://gist.github.com/ahmedsherif/ad56cd3a9ef86cdc05175fb591804c64 https://mobaxterm.mobatek.net/download-home-edition.html •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. • https://herolab.usd.de/security-advisories/usd-2024-0008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. • https://github.com/OpenXP-Research/CVE-2024-48359 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. ... An attacker can leverage this vulnerability to execute code in the context of an administrator. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-303-03 • CWE-502: Deserialization of Untrusted Data •