Page 296 of 45618 results (0.053 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://roadmap.theplusaddons.com/updates https://www.wordfence.com/threat-intel/vulnerabilities/id/8699142d-4ddd-4ca1-9886-9b2d905a36cd?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. • https://github.com/CyberSentryX/CVE_Hunting/tree/main/CVE-2024-31586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. ... The Wishlist Member plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.25.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.vipre.com/en_US/home-windows-release-notes/home-windows-release-notes-20240227 https://www.zerodayinitiative.com/advisories/ZDI-24-817 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. • http://moodle.com https://github.com/MohamedAzizMSALLEMI/Moodle_Security/blob/main/CVE-2024-37674.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •