Page 441 of 37780 results (0.143 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18 Un problema de Path Traversal que podría provocar la ejecución remota de código en Genie para todas las versiones anteriores a la 4.3.18 • https://github.com/JoeBeeton/CVE-2024-4701-POC https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0

This allows `jinja2` Server Side Template Injection which leads to remote code execution by a carefully constructed payload. llama-cpp-python son los enlaces de Python para llama.cpp. • https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829 • CWE-76: Improper Neutralization of Equivalent Special Elements •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17 https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://ni.com/r/CVE-2024-4044 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/z-downloads/wordpress-z-downloads-plugin-1-11-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •