Page 316 of 54321 results (0.248 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

03 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/imgspider/tags/2.3.10/classes/post.class.php#L189 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

03 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/imgspider/tags/2.3.10/classes/post.class.php#L122 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

02 Jul 2024 — mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. mySCADA myPRO utiliza una contraseña codificada que podría permitir a un atacante ejecutar código de forma remota en el dispositivo afectado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. ... An attacker can leverage this vulnerability to execute code in the context of... • https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 • CWE-259: Use of Hard-coded Password •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

02 Jul 2024 — parisneo/lollms-webui, in its latest version, is vulnerable to remote code execution due to an insecure dependency on llama-cpp-python version llama_cpp_python-0.2.61+cpuavx2-cp311-cp311-manylinux_2_31_x86_64. The vulnerability arises from the application's 'binding_zoo' feature, which allows attackers to upload and interact with a malicious model file hosted on hugging-face, leading to remote code execution. • https://huntr.com/bounties/ecf386df-4b6a-40b2-9000-db0974355acc • CWE-76: Improper Neutralization of Equivalent Special Elements •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

02 Jul 2024 — Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed. Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed. ... • https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq • CWE-669: Incorrect Resource Transfer Between Spheres •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

02 Jul 2024 — Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. • https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •

CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0

02 Jul 2024 — Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •

CVSS: 8.3EPSS: 0%CPEs: 76EXPL: 0

02 Jul 2024 — Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

02 Jul 2024 — A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. • https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 • CWE-494: Download of Code Without Integrity Check •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

02 Jul 2024 — Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. Una validación de entrada inadecuada expone el sistema a posibles riesgos de ejecución remota de código (RCE). Los atacantes pueden aprovechar esta vulnerabilidad agregando comandos de shell a la fun... • https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 • CWE-20: Improper Input Validation •