Page 150 of 35157 results (0.057 seconds)

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. • https://support.lenovo.com/us/en/product_security/LEN-165524 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface • https://blog.csdn.net/samwbs/article/details/140954482 https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/mstore-api/trunk/controllers/flutter-user.php#L1053 https://plugins.trac.wordpress.org/changeset/3147900/mstore-api/trunk/controllers/flutter-user.php https://plugins.trac.wordpress.org/changeset/3147900/mstore-api/trunk/functions/index.php https://www.wordfence.com/threat-intel/vulnerabilities/id/fe3834a6-a6f5-4cc7-951e-a6ada6346b07?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1695.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •