Page 2 of 46775 results (0.038 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 2

25 Jul 2025 — Successful exploitation results in remote code execution. • https://www.exploit-db.com/exploits/32869 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

25 Jul 2025 — This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. • https://www.vulncheck.com/advisories/dlink-stack-based-buffer-overflow-rce • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •

CVSS: 8.5EPSS: 0%CPEs: 5EXPL: 0

25 Jul 2025 — A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. During the installation of maintenance updates, an attacker with local access may exploit uncontrolled search path or DLL loading behavior to execute arbitrary code with elevated privileges. ... A DLL injection vulnerability exists in Commvault for Windows 11.20.0, 11.28.0, 11.32.0, 11.34.0,... • https://www.vulncheck.com/advisories/commvault-for-windows-maintenance-installer-dll-injection • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 1

25 Jul 2025 — Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper input validation or encoding Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to... • https://github.com/pracharapol/CVE-2025-45960 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

25 Jul 2025 — Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to... • https://rapid-echo-f9c.notion.site/Grav-XSS-1dbaf8998a078072bb30ffc9b9e7ab4a?pvs=4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

25 Jul 2025 — Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute... • https://rapid-echo-f9c.notion.site/Grav-XSS-25-04-21-1dcaf8998a078001a2eff3dc47974d6d?pvs=4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 1

25 Jul 2025 — An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... • https://github.com/mselbrede/gardyn • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

25 Jul 2025 — An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute... • http://gardyn.com • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

25 Jul 2025 — An issue in Gardyn 4 allows a remote attacker execute arbitrary code • http://gardyn.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

24 Jul 2025 — This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-04 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •