Page 30 of 47281 results (0.080 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/gd-bbpress-attachments/trunk/code/front.php#L280 https://plugins.trac.wordpress.org/changeset/3189863/gd-bbpress-attachments/trunk/code/front.php https://www.wordfence.com/threat-intel/vulnerabilities/id/6f598cfc-4d41-4d22-95f0-47efdb7d07a2? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/vulnerability/advisories • CWE-122: Heap-based Buffer Overflow CWE-457: Use of Uninitialized Variable •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. ... An attacker can leverage this vulnerability to execute code in the context of the current user. • https://www.zerodayinitiative.com/advisories/ZDI-24-1513 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wc-product-table-lite/tags/3.8.6/main.php#L1778 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190789%40wc-product-table-lite&new=3190789%40wc-product-table-lite&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/c9b010ff-8a4a-4553-bb2b-d58a254d7ee4?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy//tags/2.4.6/lib/icit_srdb_replacer.php#L24 https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.4.7/lib/icit_srdb_replacer.php#L24 https://www.wordfence.com/threat-intel/vulnerabilities/id/16569267-ab52-4b96-86f0-d37c470a3938?source=cve • CWE-502: Deserialization of Untrusted Data •