Page 30 of 8851 results (0.175 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. • https://vuldb.com/?ctiid.282930 https://vuldb.com/?id.282930 https://vuldb.com/?submit.427091 https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. • https://github.com/idrsdev/agile-board/tree/main https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51329%20-%20Host%20Header%20Injection • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands. En agentscope &lt;=v0.0.4, el archivo agentscope\web\workstation\workflow_utils.py tiene la función is_callable_expression. Dentro de esta función, la línea result = eval(s) plantea un riesgo de seguridad, ya que puede ejecutar directamente comandos proporcionados por el usuario. • https://gist.github.com/AfterSnows/0ad9d233a9d2a5b7e6e5273e2e23508d https://rumbling-slice-eb0.notion.site/Unauthenticated-Remote-Code-Execution-via-The-use-of-eval-in-is_callable_expression-and-sanitize_nod-cd4ea6c576da4e0b965ef596855c298d • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. langflow &lt;=1.0.18 es vulnerable a la ejecución remota de código (RCE), ya que cualquier componente proporciona la funcionalidad del código y los componentes se ejecutan en la máquina local en lugar de en un entorno aislado. • https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61 https://rumbling-slice-eb0.notion.site/There-is-a-Remote-Code-Execution-RCE-vulnerability-in-the-repository-https-github-com-langflow-a-105e3cda9e8c800fac92f1b571bd40d8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •