Page 267 of 37488 results (0.111 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. • https://gitee.com/Aa272899/CHG-sec/issues/I9UO7X • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. ... An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. • https://www.axiros.com/2024/03/vulnerability-in-axusermanager • CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. • https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f https://huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45 • CWE-29: Path Traversal: '\..\filename' •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/d91217bc-9f8f-4971-885e-89edc45b2a4d • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2 • CWE-434: Unrestricted Upload of File with Dangerous Type •