44082 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

14 Mar 2025 — This can be used to facilitate RCE. ... This can be used to facilitate RCE. • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-23: Relative Path Traversal •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

14 Mar 2025 — The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. The Automation Scripting functionality can be exploited by at... • https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0

14 Mar 2025 — An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process. • https://fortiguard.com/psirt/FG-IR-23-345 • CWE-73: External Control of File Name or Path •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

14 Mar 2025 — A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. • https://www.ibm.com/support/pages/node/7185949 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.4EPSS: 0%CPEs: -EXPL: 0

14 Mar 2025 — The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. • https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF • CWE-494: Download of Code Without Integrity Check •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

14 Mar 2025 — File Upload vulnerability in nestjs nest v.10.3.2 allows a remote attacker to execute arbitrary code via the Content-Type header. • https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-457: Use of Uninitialized Variable •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

13 Mar 2025 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001 • CWE-457: Use of Uninitialized Variable •