12874 results (0.011 seconds)

CVSS: 6.8EPSS: %CPEs: 1EXPL: 0

23 Aug 2025 — The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers. • https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43766 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.3EPSS: %CPEs: 1EXPL: 4

22 Aug 2025 — This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/ufo_ai.rb • CWE-121: Stack-based Buffer Overflow •

CVSS: 10.0EPSS: %CPEs: -EXPL: 1

22 Aug 2025 — Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence. • https://github.com/ready2disclose/CVE-2022-31491 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-749: Exposed Dangerous Method or Function •

CVSS: 10.0EPSS: %CPEs: -EXPL: 0

22 Aug 2025 — An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. • https://gitee.com/anji-plus/report/issues/IB3ED6 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-287: Improper Authentication •

CVSS: 7.3EPSS: %CPEs: -EXPL: 0

22 Aug 2025 — ., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. • https://www.dlink.com/en/security-bulletin • CWE-269: Improper Privilege Management CWE-306: Missing Authentication for Critical Function CWE-494: Download of Code Without Integrity Check •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 3

21 Aug 2025 — The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/xenorate_xpl_bof.rb • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

21 Aug 2025 — This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/varicad_dwb.rb • CWE-121: Stack-based Buffer Overflow •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 4

21 Aug 2025 — The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/millenium_mp3_pls.rb • CWE-121: Stack-based Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

21 Aug 2025 — Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction. • https://www.maplesoft.com/products/maple • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2

21 Aug 2025 — This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution. • https://web.archive.org/web/20100923154433/http://secunia.com:80/advisories/41519 • CWE-121: Stack-based Buffer Overflow •