CVE-2025-29951

A buffer overflow in the AMD Secure Processor ASP bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

CVE-2026-0969

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

CVE-2025-1924

CVE-2025-1924 affects Yokogawa’s Vnet/IP Interface Package for CENTUM VP (R6/R7: VP6C3300/VP7C3300) as of R1.07.00 or earlier. The sources describe that processing of maliciously crafted packets can cause a DoS in Vnet/IP communication functions and may lead to arbitrary programs to be executed. ...

CVE-2025-63421

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

CVE-2026-20700

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this...

SUSE CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2025-70093

OpenSourcePOS v3.4.1 is affected by CVE-2025-70093, described as an arbitrary code execution vulnerability triggered by returning a crafted AJAX response. The available sources corroborate a high-severity issue (CVSS 7.4; network attack, no user interaction) affecting OpenSourcePOS 3.4.1. The doc...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.75 contained a security vulnerability caused by a CSS issue related to the reusing of released objects after use. This vulnerability could allow arbitrary code to be executed within a sandbox...

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VMSVGA...

PT-2026-8002

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1 Description An issue exists in OpenSourcePOS version 3.4.1 that permits attackers to execute arbitrary code by returning a specially crafted AJAX response. The issue involves manipulating the response from an AJAX...

KLA90881 ACE vulnerability in Google Chrome

Use-after-free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such...

Google Chrome < 144.0.7559.177 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 144.0.7559.177. It is, therefore, affected by a vulnerability as referenced in the 202602extended-stable-updates-for-desktop13 advisory. - Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote...

CVE-2019-25332

FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remot...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the overrides.yoke.cd/flight annotation, which allows a user-supplied URL to be used directly by the controller without validation. An attacker can execute arbitrary code within the controller context by...

[SECURITY] [DSA 6133-1] postgresql-17 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6133-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...