Page 9 of 45906 results (0.048 seconds)

CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0

18 Jun 2025 — This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution. • https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

18 Jun 2025 — This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. • https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

18 Jun 2025 — A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user • https://www.veeam.com/kb4743 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 74EXPL: 0

18 Jun 2025 — A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Clam AntiVirus. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. • https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html • CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

18 Jun 2025 — A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. ... Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process. • https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html • CWE-122: Heap-based Buffer Overflow •

CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0

18 Jun 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 1

18 Jun 2025 — An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords. ... A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execut... • https://github.com/tansique-17/CVE-2025-26199 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

18 Jun 2025 — An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form • https://github.com/morphine009/CVE-2025-46157 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1

17 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/d0n601/CVE-2025-6220 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

17 Jun 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/csv-me/trunk/csv_me_index.php#L49 • CWE-434: Unrestricted Upload of File with Dangerous Type •