Page 449 of 37791 results (0.248 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-7-01-001-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-2-63-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. ... A flaw was found in Werkzeug, where an attacker may be able to execute code on a developer's machine under some circumstances. • https://github.com/pallets/werkzeug/commit/3386395b24c7371db11a5b8eaac0c91da5362692 https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4SH32AM3CTPMAAEOIDAN7VU565LO4IR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFERFN7PINV4MOGMGA3DPIXJPDCYOEJZ https://security.netapp.com/advisory/ntap-20240614-0004 https://access.redhat.com/security/cve/CVE-2024-34069 https://bugzilla.redhat. • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.5EPSS: 0%CPEs: -EXPL: 0

When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) ... This issue may lead to object injection, resulting in remote code execution. • https://hackerone.com/reports/1187477 https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281 https://access.redhat.com/security/cve/CVE-2024-27281 https://bugzilla.redhat.com/show_bug.cgi? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability. • https://cert.vde.com/en/advisories/VDE-2024-024 • CWE-787: Out-of-bounds Write •