Page 253 of 8676 results (0.039 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue. Cachet, el sistema de páginas de estado de código abierto. Antes de la rama 2.4, tiene una funcionalidad de plantilla que permitía a los usuarios crear plantillas, les permitía ejecutar cualquier código en el servidor durante la filtración incorrecta y la versión antigua de twig. • https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587 https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0

Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/photoshop/apsb23-51.html • CWE-824: Access of Uninitialized Pointer •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. La neutralización inadecuada de etiquetas HTML relacionadas con scripts en una vulnerabilidad de página web (XSS básico) en WP Darko Responsive Tabs permite la inyección de código. Este problema afecta a las pestañas responsivas: desde n/a antes de 4.0.6. The Responsive Tabs plugin for WordPress is vulnerable to Arbitrary Content Injection in versions prior to 4.0.6. This vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing. • https://patchstack.com/database/vulnerability/responsive-tabs/wordpress-responsive-tabs-plugin-4-0-6-html-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Skype for Business Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código de Skype Empresarial • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. Se ha identificado una vulnerabilidad en Simcenter Amesim (Todas las versiones &lt; V2021.1). La aplicación afectada contiene un endpoint SOAP que podría permitir a un atacante remoto no autenticado realizar una inyección de DLL y ejecutar código arbitrario en el contexto del proceso de la aplicación afectada. • https://cert-portal.siemens.com/productcert/pdf/ssa-386812.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •