Page 48 of 38711 results (0.095 seconds)

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

This could lead to remote code execution with no additional execution privileges needed. • https://android.googlesource.com/platform/external/skia/+/0b628a960e74197ace9831ef0727f5ba7ab6ac10 https://source.android.com/security/bulletin/2024-11-01 • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2. • https://github.com/getumbrel/umbrel/commit/b83e3542650880bf1439419d00bf82285a7d2b22 https://github.com/getumbrel/umbrel/releases/tag/1.2.2 https://securitylab.github.com/advisories/GHSL-2024-164_Umbrel • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0

This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. • https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. • https://github.com/craftcms/cms/commit/123e48a696de1e2f63ab519d4730eb3b87beaa58 https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. • https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2 • CWE-502: Deserialization of Untrusted Data •