Page 356 of 37591 results (0.085 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765 https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948 https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6 https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementor https://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-8 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. ... Atacar a un usuario con altos privilegios (carga, creación de librerías) puede provocar la ejecución remota de código (RCE) en el peor de los casos. Esto se probó en la versión 2.9.0 en Windows, pero una escritura de archivo arbitraria es lo suficientemente potente como está y debería conducir fácilmente a RCE también en Linux. • https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319 https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664 https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0 https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Severidad de seguridad de Chrome: alta) Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. • https://github.com/mistymntncop/CVE-2024-5274 https://github.com/Alchemist3dot14/CVE-2024-5274-Detection https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/341663589 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure. • https://github.com/josepsanzcamp/RhinOS https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos • CWE-94: Improper Control of Generation of Code ('Code Injection') •