Arbitrary Code Execution

SandboxJS is vulnerable to Arbitrary Code Execution. The vulnerability is due to exposing Map in SAFEPROTOTYPES, where Map.prototype can be accessed and its has method overwritten from within the sandbox, allowing attackers to alter host behavior and escape the sandbox restrictions...

CVE-2026-25676

The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges...

GHSA-G4XW-JXRG-5F6M next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content...

Arbitrary Code Injection

Overview next-mdx-remote is an utilities for loading mdx from any remote source as data, rather than as a local import Affected versions of this package are vulnerable to Arbitrary Code Injection via the serialize function. An attacker can execute arbitrary code by submitting specially crafted MD...

CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

CVE-2026-0969

The CVE-2026-0969 issue stems from the serialize function used to compile MDX in next-mdx-remote, with insufficient sanitization enabling arbitrary code execution in React server-side rendering of untrusted MDX content. The description provides a CVSSv3.1 base score of 8.8 (HIGH) and a network at...

CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

CVE-2026-0969

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

CVE-2026-21349

Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

HashiCorp next-mdx-remote 安全漏洞

HashiCorp next-mdx-remote is a content rendering tool developed by the American company HashiCorp. Versions of HashiCorp next-mdx-remote prior to version 6.0.0 contained security vulnerabilities, which were due to insufficient MDX content cleanup and could lead to arbitrary code execution...

InternetSoft Domain Quester Pro 安全漏洞

InternetSoft Domain Quester Pro is a domain name search and query tool provided by InternetSoft Corporation. Version 6.02 of InternetSoft Domain Quester Pro contains a security vulnerability. This vulnerability stems from a stack overflow issue in the Domain Name Keywords input field, which could...

CVE-2025-63421

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

InternetSoft FTP Commander Pro 安全漏洞

InternetSoft FTP Commander Pro is an FTP software developed by InternetSoft Corporation. Version 8.03 of InternetSoft FTP Commander Pro contains a security vulnerability. This vulnerability stems from the possibility of local stack overflows when custom commands are entered, which could lead to t...

PT-2026-7930

AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to...

CVE-2025-63421

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

PostgreSQL 安全漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Vulnerabilities existed in versions prior to PostgreSQL 18.2, 17....

AMD Vivado Documentation Navigator installation 安全漏洞

The AMD Vivado Documentation Navigator installation is an integrated document management software tool developed by AMD, a US semiconductor company. The AMD Vivado Documentation Navigator installation contains a security vulnerability, which stems from DLL hijacking. This vulnerability may allow...

CVE-2025-63421

CVE-2025-63421 affects Filosoft Comerc.32 Commercial Invoicing v16.0.0.3. The issue arises from a flaw in the comeinst.exe file that allows a local attacker to execute arbitrary code. CVSS v3.1 indicates a HIGH base score (7.8) with LOCAL access, LOW attack complexity, and privileges required, no...

PT-2026-7864

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

KLA90882 Multiple vulnerabilities in PostgreSQL

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Improper validation vulnerability in PostgreSQL can be used to...