Page 5 of 50410 results (0.036 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

13 Aug 2025 — These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. • https://www.vulncheck.com/advisories/snort-report-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 4

13 Aug 2025 — When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement. • https://www.vulncheck.com/advisories/quickshare-file-server-path-traversal-rce • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 3

13 Aug 2025 — If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/netop.rb • CWE-121: Stack-based Buffer Overflow •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

13 Aug 2025 — myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. • https://www.vulncheck.com/advisories/mybb-backdoor-arbitrary-command-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-912: Hidden Functionality •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

13 Aug 2025 — The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/gta_samp.rb • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 4

13 Aug 2025 — The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dolibarr_cmd_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 3

13 Aug 2025 — This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. • https://www.vulncheck.com/advisories/comsndftp-user-format-string-rce • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

13 Aug 2025 — NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23304 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

13 Aug 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-23303 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

13 Aug 2025 — NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. • https://nvd.nist.gov/vuln/detail/CVE-2025-23294 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •