Page 4 of 51954 results (0.033 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

15 Jul 2025 — Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6974 • CWE-457: Use of Uninitialized Variable •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-0831 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

15 Jul 2025 — When the client connects to a remote FTP server and receives an overly long '220 Server Ready' response, the vulnerable component responsible for parsing the banner overflows a stack buffer, leading to arbitrary code execution under the context of the user. • http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

15 Jul 2025 — An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. • https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2

15 Jul 2025 — When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user. • https://www.acunetix.com/vulnerabilities/web/tiki-wiki-cms-remote-code-execution-via-calendar-module • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •