Page 40 of 8851 results (0.112 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. • https://gitee.com/dromara/J2EEFAST https://github.com/dromara/J2EEFAST https://github.com/lazy-forever/CVE-Reference/tree/main/2024/45944 •

CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 1

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified. • https://github.com/RandomRobbieBF/CVE-2024-9593 https://www.wordfence.com/threat-intel/vulnerabilities/id/247e599a-74e2-41d5-a1ba-978a807e6544?source=cve https://plugins.trac.wordpress.org/browser/time-clock/tags/1.2.2/includes/admin/ajax_functions_admin.php#L58 https://plugins.trac.wordpress.org/changeset/3171046/time-clock#file40 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

The manipulation leads to code injection. ... Mit der Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.280722 https://vuldb.com/?ctiid.280722 https://vuldb.com/?submit.420055 https://github.com/bayuncao/vul-cve-20 https://github.com/bayuncao/vul-cve-20/blob/main/PoC.py • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. • https://www.dell.com/support/kbdoc/en-us/000237300/dsa-2024-426-security-update-for-dell-openmanage-enterprise-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability. MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. • https://github.com/Ant1sec-ops/CVE-2023-26785 https://seclists.org/fulldisclosure/2012/Dec/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •