52568 results (0.036 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

30 Jun 2025 — Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution Delta Electronics DTM Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution • https://www.deltaww.com/en-US/Cybersecurity_Advisory • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

30 Jun 2025 — This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. ... This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

30 Jun 2025 — This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. ... This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-daily-expense-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

30 Jun 2025 — Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. • https://medium.com/@mrcnry/cve-2025-26074-remote-code-execution-in-conductor-oss-via-inline-javascript-injection-5ce3cb651cfb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

30 Jun 2025 — An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file • http://d-link.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

28 Jun 2025 — A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

28 Jun 2025 — Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. ... Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

27 Jun 2025 — Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. • https://github.com/RooCodeInc/Roo-Code/commit/7d0b22f9e659dc6c26aab0bacbea27874986e772 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

27 Jun 2025 — Files can be created, deleted, or modified, potentially leading to remote code execution. ... Files can be created, deleted, or modified, potentially leading to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-168-05 • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

27 Jun 2025 — /wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution. • https://plugins.trac.wordpress.org/browser/game-users-share-buttons/tags/1.3.0/game-users-share-buttons.php#L638 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •