Page 275 of 45564 results (0.391 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. ... An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. • https://www.axiros.com/2024/03/vulnerability-in-axusermanager • CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. • https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f https://huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45 • CWE-29: Path Traversal: '\..\filename' •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/d91217bc-9f8f-4971-885e-89edc45b2a4d • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •