46013 results (0.007 seconds)

CVSS: 10.0EPSS: %CPEs: 4EXPL: 0

08 Jul 2025 — An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 9.1EPSS: %CPEs: 11EXPL: 0

08 Jul 2025 — SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. • https://me.sap.com/notes/3618955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.7EPSS: %CPEs: 1EXPL: 0

07 Jul 2025 — This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). ... Esto permite a un atacante cargar y ejecutar firmware arbitrario, lo que resulta en la ejecución remota de código (RCE). • https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.1EPSS: %CPEs: 1EXPL: 0

07 Jul 2025 — Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with the php.validate.executablePath setting which lets you set the path for the php executable for syntax validation. The attacker could have written the path to an arbitrary command there and then created a php file to... • https://github.com/RooCodeInc/Roo-Code/commit/1be6fce1a6864ae63e8160b0666db2c647f2dbba • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.0EPSS: %CPEs: 4EXPL: 1

07 Jul 2025 — From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. • https://github.com/leesh3288/CVE-2025-32023 • CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — Insufficient security mechanisms for created containers in educoder challenges v1.0 allow attackers to execute arbitrary code via injecting crafted content into a container. • https://github.com/YX-hueimie/CVE-Issues/blob/main/CVE-2025-45479.md •

CVSS: 7.3EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. •

CVSS: 7.8EPSS: %CPEs: -EXPL: 0

07 Jul 2025 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. •