Page 245 of 8664 results (0.020 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10. Neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en gVectors Team wpDiscuz permite la inyección de código. Este problema afecta a wpDiscuz: desde n/a hasta 7.6.10. The wpDiscuz plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 7.6.10. The cause of this vulnerability is undisclosed at this time. • https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-6-10-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. Un problema en ThingNario Photon v.1.0 permite a un atacante remoto ejecutar código arbitrario y escalar privilegios a través de un script manipulado a la función de ping al endpoint "thingnario Logger Maintenance Webpage". • https://gist.github.com/GroundCTL2MajorTom/eef0d55f5df77cc911d84392acdbf625 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). • https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229 https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99 https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 https://peps.python.org/pep-0440/#post-release-spelling • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential theft. This issue has been patched in version 2023.9.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/home-assistant/core/security/advisories/GHSA-jvpm-q3hq-86rg • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

A specially crafted document can cause memory corruption, resulting in arbitrary code execution. • https://jvn.jp/en/jp/JVN28846531/index.html https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758 • CWE-416: Use After Free •