Page 4 of 34991 results (0.075 seconds)

CVSS: -EPSS: 0%CPEs: -EXPL: 0

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. • https://co-a1natas.feishu.cn/docx/GuYjd2lDEoxNhVxPa9Yc1akknee •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-28.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

Additional restrictions are required to avoid a remote code execution risk in calculated question types. • https://bugzilla.redhat.com/show_bug.cgi?id=2304253 https://moodle.org/mod/forum/discuss.php?d=461193 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.6EPSS: 0%CPEs: -EXPL: 0

By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely.  • https://docs.velociraptor.app/announcements/2024-cves • CWE-552: Files or Directories Accessible to External Parties CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0

Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution. • https://docs.logpoint.com/docs/whats-new-in-logpoint/en/latest https://servicedesk.logpoint.com/hc/en-us/articles/21968851138461-Remote-Code-Execution-RCE-in-EventHub-Collector https://servicedesk.logpoint.com/hc/en-us/sections/7201103730845-Product-Security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •