Page 15 of 8781 results (0.019 seconds)

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3183018%40woocommerce-currency-switcher&old=3178647%40woocommerce-currency-switcher&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb0dffa-02a2-4193-b2c4-4774091eacfa?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php. • http://seacms.com https://github.com/v9d0g/CVEs/blob/main/CVE-2024-50808.md •

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. • https://bugzilla.redhat.com/show_bug.cgi?id=2304253 https://moodle.org/mod/forum/discuss.php?d=461193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. • https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •