Page 3 of 35799 results (0.054 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.  • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.  • https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. • https://github.com/APTRS/APTRS/commit/9f6b6e4a56a9119eb12126a4909441e83b6d7c11 https://github.com/APTRS/APTRS/security/advisories/GHSA-h4w2-hvcg-938j • CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-biamp-evoko-home • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. • https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41 https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m • CWE-94: Improper Control of Generation of Code ('Code Injection') •