Page 29 of 46893 results (0.087 seconds)

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code. • https://gist.github.com/475bd8bc21c4f4dfc8f26ce35eb6ca28.git • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. ... SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. • http://sas.com https://github.com/ACN-CVEs/CVE-2024-48733/blob/ea2da31c3d6e0140edd6a1455e6157b8ba2f7a67/SQL%20injection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned.setOwner function Un problema en Ethereum v.1.12.2 permite a un atacante remoto ejecutar código arbitrario a través de la función Owned.setOwner An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the Owned.setOwner function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/AURA_0x967d176328948e4db4446b8caf623ff9b47221fb.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function. • https://github.com/Wzy-source/Gala/blob/main/CVEs/PepeGxng_0x5d8d1f28cad84fad8d2fea9fdd4ab5022d23b0fe.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

The All Post Contact Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/allpost-contactform/wordpress-all-post-contact-form-plugin-1-6-7-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •