47689 results (0.233 seconds)

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

21 Jan 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

20 Jan 2025 — The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. • https://www.twcert.org.tw/en/cp-139-8375-59abd-2.html • CWE-502: Deserialization of Untrusted Data •

CVSS: -EPSS: 0%CPEs: -EXPL: 1

20 Jan 2025 — Those two defects combined then allows to inject arbitrary OS commands inside shell_exec() calls, thus achieving arbitrary code execution. • https://packetstorm.news/files/id/188748 •

CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0

19 Jan 2025 — This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. ... An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

18 Jan 2025 — This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. • https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

17 Jan 2025 — An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 9.5EPSS: 0%CPEs: 1EXPL: 0

17 Jan 2025 — Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local E... • https://doi.org/10.1145/3643833.3656139 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

17 Jan 2025 — CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project fi... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-06.pdf • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

17 Jan 2025 — CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote co... • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf • CWE-611: Improper Restriction of XML External Entity Reference •