Page 18 of 35545 results (0.031 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29 https://plugins.trac.wordpress.org/changeset/3173408 https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php https://www.wordfence.com/threat-intel/vulnerabilities/i • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. • https://www.zerodayinitiative.com/advisories/ZDI-24-1670 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. • https://www.zerodayinitiative.com/advisories/ZDI-24-1671 • CWE-1395: Dependency on Vulnerable Third-Party Component •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. • https://www.zerodayinitiative.com/advisories/ZDI-24-1672 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •