44572 results (0.009 seconds)

CVSS: 8.8EPSS: %CPEs: 1EXPL: 0

28 Mar 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: %CPEs: 1EXPL: 0

28 Mar 2025 — This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: -EPSS: %CPEs: -EXPL: 0

28 Mar 2025 — A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component. • https://gist.github.com/tariqhawis/a8b2c936622c885558173c37df0a77d9 •

CVSS: -EPSS: %CPEs: -EXPL: 0

28 Mar 2025 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/32c0a48023036e51918f6a098f21953d •

CVSS: -EPSS: %CPEs: -EXPL: 0

28 Mar 2025 — This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. • https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713 •

CVSS: -EPSS: %CPEs: -EXPL: 0

28 Mar 2025 — InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller. • https://github.com/InvoicePlane/InvoicePlane/pull/1127 •

CVSS: -EPSS: %CPEs: -EXPL: 1

28 Mar 2025 — If certain features (like xp_cmdshell) are enabled, this may lead to remote code execution. • https://github.com/maliktawfiq/CVE-2025-22953 •

CVSS: -EPSS: %CPEs: -EXPL: 0

28 Mar 2025 — Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions(). • https://github.com/Leantime/leantime/blob/0e7ddbbe3d582f657a1dddfef7b3419ae588cbf7/app/Domain/Notifications/Services/Notifications.php#L128 •

CVSS: -EPSS: %CPEs: -EXPL: 0

28 Mar 2025 — An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. • https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/A3100R/1.md •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

27 Mar 2025 — If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. • https://lists.apache.org/thread/6j19pt8yoqfphf1lprtrzoqkvz1gwbnc • CWE-94: Improper Control of Generation of Code ('Code Injection') •