Page 15 of 46850 results (0.169 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

The Media Library Assistant plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.19. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-19-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

Consequently, heap corruption may happen, and arbitrary code execution is not discarded. ... Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. • https://access.redhat.com/security/cve/CVE-2024-10573 https://bugzilla.redhat.com/show_bug.cgi?id=2322980 https://mpg123.org/cgi-bin/news.cgi#2024-10-26 • CWE-787: Out-of-bounds Write •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. • https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 1

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component. • https://github.com/BLACK-SCORP10/CVE-2024-51430 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. • https://github.com/Studio-42/elFinder/issues/3615 • CWE-434: Unrestricted Upload of File with Dangerous Type •