54256 results (0.100 seconds)

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

16 Nov 2023 — A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check. • https://cyberintel.es/cve/notCVE-2023-0001/ • CWE-1247: Improper Protection Against Voltage and Clock Glitches •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

10 Feb 2025 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0

07 Feb 2025 — A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. ... A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. • https://www.iblsoft.com/security/advisory-isec-2024-001 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

07 Feb 2025 — The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. ... This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. • https://www.wordfence.com/threat-intel/vulnerabilities/id/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

07 Feb 2025 — An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'. • https://github.com/c10uds/tplink-wpa8630-rce-vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

07 Feb 2025 — Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. • https://gist.github.com/singhmanpreet493/0f1df7fa4e744a3317877ab85d187937#file-gistfile1-txt • CWE-427: Uncontrolled Search Path Element •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

07 Feb 2025 — An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. • https://github.com/shigophilo/CVE/blob/main/DataEase-v1-code-execute.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2025 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21342 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2025 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21408 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2025 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21283 • CWE-1222: Insufficient Granularity of Address Regions Protected by Register Locks •