Page 443 of 45876 results (0.074 seconds)

CVSS: 5.5EPSS: %CPEs: -EXPL: 0

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. • http://cloud.com http://www.minipacs.com/ylqxrj https://github.com/WarmBrew/web_vul/blob/main/Cloud%20based%20customer%20service/SQLi.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

An issue in briscKernelDriver.sys in BlueRiSC WindowsSCOPE Cyber Forensics before 3.3 allows a local attacker to execute arbitrary code within the driver and create a local denial-of-service condition due to an improper DACL being applied to the device the driver creates. • https://github.com/dru1d-foofus/briscKernelDriver • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: %CPEs: -EXPL: 0

Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload. • https://gist.github.com/cgnl/672ace3cbad1116fcd9ae633e54ea9f8 •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0

When running a remote execution job on a host, the host's SSH key is not being checked. ... This flaw can lead to a man-in-the-middle attack (MITM), denial of service, leaking of secrets the remote execution job contains, or other issues that may arise from the attacker's ability to forge an SSH key. This issue does not directly allow unauthorized remote execution on the Satellite, although it can leak secrets that may lead to it. • https://access.redhat.com/security/cve/CVE-2024-4871 https://bugzilla.redhat.com/show_bug.cgi?id=2278627 https://access.redhat.com/errata/RHBA-2024:4589 • CWE-322: Key Exchange without Entity Authentication •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.  The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. • https://search.abb.com/library/Download.aspx?DocumentID=SI20330&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-787: Out-of-bounds Write •