52911 results (0.029 seconds)

CVSS: 7.2EPSS: %CPEs: 1EXPL: 0

03 Jul 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.2EPSS: %CPEs: 1EXPL: 0

03 Jul 2025 — This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: %CPEs: 1EXPL: 2

02 Jul 2025 — An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/nscp_authenticated_rce.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •

CVSS: 9.4EPSS: %CPEs: 1EXPL: 1

02 Jul 2025 — An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. ... Because Lucee does not enforce integrity checks, path restrictions, or execution controls for scheduled task fetches, this feature can be abused to achieve arbitrary code execution. • https://vulncheck.com/advisories/lucee-admin-interface-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 10.0EPSS: %CPEs: 1EXPL: 0

02 Jul 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 4.8EPSS: %CPEs: 1EXPL: 0

02 Jul 2025 — An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA •

CVSS: 6.4EPSS: %CPEs: 5EXPL: 0

02 Jul 2025 — A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc •

CVSS: 10.0EPSS: %CPEs: 1EXPL: 2

02 Jul 2025 — A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. • https://vulncheck.com/advisories/stamparm-maltrail-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVSS: 9.8EPSS: %CPEs: 1EXPL: 1

02 Jul 2025 — A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •

CVSS: 10.0EPSS: %CPEs: 1EXPL: 1

02 Jul 2025 — A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete ... • https://ssd-disclosure.com/ssd-advisory-kerio-control-authentication-bypass-and-rce • CWE-306: Missing Authentication for Critical Function •