Page 16 of 40460 results (0.278 seconds)

CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0

By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.  • https://docs.velociraptor.app/announcements/2024-cves • CWE-552: Files or Directories Accessible to External Parties CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0

Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. • https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest https://servicedesk.logpoint.com/hc/en-us/articles/21968851138461-Remote-Code-Execution-RCE-in-EventHub-Collector https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. • https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. • https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. • https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac https://github.com/capricorn86/happy-dom/commit/d23834c232f1cf5519c9418b073f1dcec6b2f0fd https://github.com/capricorn86/happy-dom/issues/1585 https://github.com/capricorn86/happy-dom/pull/1586 https://github.com/capricorn86/happy-dom/releases/tag/v15.10.2 https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •