Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the SCRIPTSAFEPREEXEC definition in RangerRequestScriptEvaluator. An attacker can execute arbitrary OS commands by invoking scripts that rebuild the script context/engine e.g., via loadWithNewGlobal and...

Exploit for OS Command Injection in Anysphere Cursor

CVE PoC: MCP Server Config Swap in Claude Code Vulnerabilit...

CVE-2026-2448

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that is due to an object lifecycle issue in PowerVR. An attacker can exploit the vulnerability to execute arbitrary code on the system...

D-Link DIR-513 安全漏洞

D-Link DIR-513 is a wireless router product from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-513 goform/formSetDomainFilter file, which originates from the parameter curTime in the goform/formSetDomainFilter file that fails to correctly validate the length of the...

PT-2026-22769

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

D-Link DIR-513 安全漏洞

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that originates from the failure of the parameter curTime in the file goform/formSetQoS to properly validate the length size of the input data, which can be...

CVE-2025-63910

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...

D-Link DIR-513 安全漏洞

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause a denial of service...

PT-2026-22713

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

libbiosig 安全漏洞

Libbiosig is an open-source software library developed by the BioSig Project for biomedical signal processing. It includes functions for bio-signal analysis. Version 3.9.2 of Libbiosig contains a security vulnerability, which stems from a heap buffer overflow in the Nicolet WFT parsing function...

libbiosig 安全漏洞

Libbiosig is an open-source software library developed by the BioSig Project for biomedical signal processing. It includes functions for bio-signal analysis. Version 3.9.2 of Libbiosig contains a security vulnerability, which stems from a heap buffer overflow in the Intan CLP parsing function. Th...

VulnCheck KEV: CVE-2021-30952

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

The Biosig Project libbiosig Intan CLP parsing heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2361 The Biosig Project libbiosig Intan CLP parsing heap-based buffer overflow vulnerability March 3, 2026 CVE Number CVE-2026-22891 SUMMARY A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbios...

EUVD-2026-9250

In multiple functions of memprotect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0038

In multiple functions of memprotect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-26699

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

CVE-2026-26699

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume th...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corrupti...