Page 9 of 45922 results (0.040 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

23 Jun 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/aiomatic-automatic-ai-content-writer/38877369#item-description__changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0

23 Jun 2025 — An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component • https://drive.google.com/file/d/1oX5uKnWGiYMaBxnBuqPiOA53XLxv1Ef4/view?usp=sharing • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

23 Jun 2025 — An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. • https://drive.google.com/file/d/1ujUcB8XEs78WwWzs8cmD-u1Twqi10yEh/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

23 Jun 2025 — Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. • https://drive.google.com/file/d/1rTKc2nxEc40VTItJiJ9moZ5VrHG3xQuj/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

23 Jun 2025 — An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. • https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

23 Jun 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/image-shadow/vulnerability/wordpress-image-shadow-1-1-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0

23 Jun 2025 — ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. ... An attacker can leverage this vulnerability to execute code in the context of the current process. An attacker can levera... • https://docs.servicestack.net/releases/v8_06#reported-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2

20 Jun 2025 — The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. • https://vulncheck.com/advisories/sugarcrm-php-deserialization-rce • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 7

20 Jun 2025 — Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. ... Pterodactyl Panel versions prior to 1.11... • https://packetstorm.news/files/id/202893 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0

20 Jun 2025 — Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •