Page 160 of 38467 results (0.150 seconds)

CVSS: 9.9EPSS: 0%CPEs: -EXPL: 1

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/maybeheisenberg/PoC-for-CVE-2024-28991 https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2024-3-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28991 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0

Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script • https://github.com/0xadik/CVEs/tree/main/CVE-2020-24061 https://medium.com/%40sadikul.islam/kasda-kw5515-cross-site-scripting-html-injection-e6cb9f65ae89?sk=5e1ea8e1cba8dbeaff7f9cd710808354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 1%CPEs: -EXPL: 2

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/horizon3ai/CVE-2024-29847 https://github.com/sinsinology/CVE-2024-29847 https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. • https://csirt.divd.nl/CVE-2024-27114 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. ... This leads to the possibility of execution of code on the underlying system when the file is triggered. • https://csirt.divd.nl/CVE-2024-27115 • CWE-434: Unrestricted Upload of File with Dangerous Type •