34991 results (0.096 seconds)

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. • https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md https://github.com/mediacms-io/mediacms/security/advisories/GHSA-x3p4-4442-q2c3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 https://www.wordfence.com/threat-intel/vulnerabilities/id/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://themeforest.net/item/wplms-learning-management-system/6780226 https://www.wordfence.com/threat-intel/vulnerabilities/id/1932c9b4-2fea-40f8-9748-09ded8143c11?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. • https://plugins.trac.wordpress.org/browser/debug-tool/trunk/tools/image-puller.php#L120 https://www.wordfence.com/threat-intel/vulnerabilities/id/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=cve • CWE-862: Missing Authorization •