Page 226 of 8664 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. Un problema en TOTOlink A3700R v.9.1.2u.6134_B20201202 permite a un atacante local ejecutar código arbitrario a través de la función setTracerouteCfg. • http://totolink.com https://github.com/zxsssd/TotoLink- https://www.totolink.net • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. OpenCRX versión 5.2.0 es vulnerable a la inyección de HTML a través de Activity Search Criteria-Activity Number. • https://www.esecforte.com/cve-2023-40809-html-injection-search • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2

The manipulation leads to code injection. ... Mittels Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1352 https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1358 https://vuldb.com/?ctiid.245735 https://vuldb.com/?id.245735 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. • https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html • CWE-502: Deserialization of Untrusted Data •