Page 25 of 8839 results (0.146 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1 • CWE-824: Access of Uninitialized Pointer •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3182968/paid-member-subscriptions https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3183018%40woocommerce-currency-switcher&old=3178647%40woocommerce-currency-switcher&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb0dffa-02a2-4193-b2c4-4774091eacfa?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php. • http://seacms.com https://github.com/v9d0g/CVEs/blob/main/CVE-2024-50808.md •

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. • https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.17 https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.11 https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.6 https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •