8 matches found
CVE-2025-15540
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540 Authenticated RCE in Raytha CMS
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
CVE-2025-15540
Raytha CMS is affected by CVE-2025-15540 in the Functions module. Privileged users can write and execute JavaScript that can instantiate .NET components and perform arbitrary operations within the hosting environment due to insufficient sandboxing/access restrictions. Impact is described as authe...
CVE-2025-15540 Authenticated RCE in Raytha CMS
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...
Raytha CMS 代码注入漏洞
Raytha CMS is a content management system developed by the American company Raytha. Raytha CMS has a code injection vulnerability, which stems from the lack of sandboxing or access restrictions in the Functions module. This vulnerability could allow JavaScript code to instantiate.NET components a...
MiracleLinux 9 : python3.11-setuptools-65.5.1-2.el9_4.1 (AXSA:2024-8653:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8653:01 advisory. pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools CVE-2024-6345 Tenable has extracted the preceding...