Page 29 of 8839 results (0.190 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19. The Media Library Assistant plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.19. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-19-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0

Consequently, heap corruption may happen, and arbitrary code execution is not discarded. • https://access.redhat.com/security/cve/CVE-2024-10573 https://bugzilla.redhat.com/show_bug.cgi?id=2322980 https://mpg123.org/cgi-bin/news.cgi#2024-10-26 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. • https://github.com/antonk52/lilconfig/commit/2c68a1ab8764fc74acc46771e1ad39ab07a9b0a7 https://github.com/antonk52/lilconfig/pull/48 https://github.com/antonk52/lilconfig/releases/tag/v3.1.1 https://security.snyk.io/vuln/SNYK-JS-LILCONFIG-6263789 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. • https://github.com/OpenXP-Research/CVE-2024-48359 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1

The manipulation leads to code injection. ... Durch Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/wuzhicms/wuzhicms/issues/209 https://vuldb.com/?ctiid.282444 https://vuldb.com/?id.282444 https://vuldb.com/?submit.427401 • CWE-94: Improper Control of Generation of Code ('Code Injection') •