Page 23 of 42152 results (0.258 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://cdn.wacom.com/u/productsupport/drivers/win/professional/releasenotes/Windows_6.4.8-2.html https://www.zerodayinitiative.com/advisories/ZDI-24-1683 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-9290 https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030 https://www.wordfence.com/threat-intel/vulnerabilities/id/7c31d9b3-38b1-49a1-b361-ffe97e02bff0? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. • https://support.apple.com/en-us/121563 •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

Running a mount command may unexpectedly execute arbitrary code. • https://support.apple.com/en-us/121839 https://support.apple.com/en-us/121840 https://support.apple.com/en-us/121842 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. • https://support.apple.com/en-us/121563 • CWE-770: Allocation of Resources Without Limits or Throttling •