Page 35 of 35138 results (0.211 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS. • https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. • https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-qrv6-3q86-qv89 • CWE-20: Improper Input Validation •