Page 33 of 35555 results (0.036 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Microsoft Excel Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. • https://github.com/peerigon/angular-expressions/commit/97f7ad94006156eeb97fc942332578b6cfbf8eef https://github.com/peerigon/angular-expressions/security/advisories/GHSA-5462-4vcx-jh7j • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.4EPSS: 0%CPEs: 40EXPL: 0

This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-800126.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. • https://r.sec-consult.com/imageaccess https://www.imageaccess.de/?page=SupportPortal&lang=en • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-59: Improper Link Resolution Before File Access ('Link Following') •