53159 results (0.024 seconds)

CVSS: 8.8EPSS: %CPEs: 1EXPL: 0

14 Jul 2025 — The cross-browser document creation component developed by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malicious website while the component is active, remote attackers can cause the system to download and execute arbitrary programs. • https://www.twcert.org.tw/en/cp-139-10242-5ab42-2.html • CWE-494: Download of Code Without Integrity Check •

CVSS: 7.0EPSS: %CPEs: -EXPL: 0

13 Jul 2025 — An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products. • https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-004_en.pdf • CWE-272: Least Privilege Violation •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This vulnerability allows for remote code execution and privilege escalation. • https://github.com/AounShAh/Research-on-v380-cctv-ip-camera • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://www.wordfence.com/threat-intel/vulnerabilities/id/96170b82-6ed9-4a52-8592-944163cdd3cf?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

11 Jul 2025 — The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. • https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. • https://drive.google.com/file/d/1K-_AcDk9BhUa0kSQ_M-UUnLgmnYJTA0l/view • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

11 Jul 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/wpbookit/trunk/core/admin/classes/controllers/class.wpb-profile-controller.php#L85 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: -EPSS: 0%CPEs: -EXPL: 7

https://packetstorm.news/files/id/206268 •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

11 Jul 2025 — An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDTunerSvc service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2

11 Jul 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Nxploited/CVE-2025-6058 • CWE-434: Unrestricted Upload of File with Dangerous Type •