Page 58 of 35234 results (0.085 seconds)

CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0

This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. • https://cert-portal.siemens.com/productcert/html/ssa-871035.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability. • https://me.sap.com/notes/3520281 https://url.sap/sapsecuritypatchday • CWE-791: Incomplete Filtering of Special Elements •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-upload-files/11442983 https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. • https://github.com/Mrnmap/mrnmap-cve https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28726 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •