46274 results (0.007 seconds)

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6974 • CWE-457: Use of Uninitialized Variable •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971 • CWE-416: Use After Free •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

15 Jul 2025 — This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-0831 • CWE-125: Out-of-bounds Read •

CVSS: 9.3EPSS: %CPEs: 1EXPL: 2

15 Jul 2025 — An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/. • https://www.vulncheck.com/advisories/tiki-wiki-el-finder-unauthenticated-file-upload-rce • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.7EPSS: %CPEs: 4EXPL: 2

15 Jul 2025 — Successful exploitation leads to remote code execution in the context of the web server user. • https://www.acunetix.com/vulnerabilities/web/tiki-wiki-cms-remote-code-execution-via-calendar-module • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVSS: 9.3EPSS: %CPEs: 1EXPL: 1

15 Jul 2025 — An unauthenticated remote command execution vulnerability exists in Samsung WLAN AP WEA453e firmware prior to version 5.2.4.T1 via improper input validation in the “Tech Support” diagnostic functionality. The command1 and command2 POST or GET parameters accept arbitrary shell commands that are executed with root privileges on the underlying operating system. An attacker can exploit this by crafting a request that injects shell commands to create output files in writable directories and then access their con... • https://s4e.io/tools/samsung-wlan-ap-remote-code-execution • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVSS: 10.0EPSS: %CPEs: 2EXPL: 2

15 Jul 2025 — An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. • https://www.vulncheck.com/advisories/riverbed-steel-central-net-profiler-net-express-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •