50450 results (0.061 seconds)

CVSS: 9.2EPSS: %CPEs: -EXPL: 0

11 Jun 2025 — Remote code execution vulnerability in RSForm! • https://rsjoomla.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.0EPSS: %CPEs: 1EXPL: 0

11 Jun 2025 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454#item-description__release-3-3-3-06-june-2025 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.3EPSS: %CPEs: 1EXPL: 0

11 Jun 2025 — Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration. • https://blog.blacklanternsecurity.com/p/doomla-zero-days • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://pentraze.com • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •

CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks. • https://github.com/wazuh/wazuh/security/advisories/GHSA-3crh-39qv-fxj7 • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

11 Jun 2025 — A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files. ... An attacker could possibly use this issue to execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-30399 • CWE-427: Uncontrolled Search Path Element •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

11 Jun 2025 — KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. ... In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code. • https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75 • CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

11 Jun 2025 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

11 Jun 2025 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. ... An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. •