Page 87 of 40858 results (0.054 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

The Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in a function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-image/wordpress-instant-image-generator-one-click-image-uploads-from-pixabay-pexels-and-openai-plugin-1-5-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.283793 https://vuldb.com/?id.283793 https://vuldb.com/?submit.432690 https://wiki.shikangsi.com/post/share/ba791f6d-7f63-494f-bd73-827ed7f26e2e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/8.8.08.004/wppa-ajax.php#L1238 https://plugins.trac.wordpress.org/changeset/3184852 https://wordpress.org/plugins/wp-photo-album-plus/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Out-of-bounds data access in filenameforall can lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707895 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8 https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1 • CWE-824: Access of Uninitialized Pointer •