Page 2 of 35321 results (0.052 seconds)

CVSS: 8.8EPSS: %CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/school-management-system-for-wordpress/11470032 https://www.wordfence.com/threat-intel/vulnerabilities/id/1b36fc50-7573-466e-883e-8d26f243c4d0?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. • https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes • CWE-646: Reliance on File Name or Extension of Externally-Supplied File •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. • https://github.com/6pc1/BugHub/blob/main/alist-tvbox%20command%20execution%20vulnerability.pdf •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe InDesign. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://helpx.adobe.com/security/products/indesign/apsb24-91.html • CWE-125: Out-of-bounds Read •