Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Go Vulnerability Report: Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g...

CVE-2020-36971

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

CVE-2025-61140

A flaw was found in jsonpath. The value function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of...

CVE-2020-36971

CVE-2020-36971 affects Nidesoft 3GP Video Converter 2.6.18. The vulnerability is a local stack buffer overflow in the license registration parameter; an attacker can craft a malicious payload in the License Code field to execute arbitrary code on the host. Provided sources consistently describe t...

EUVD-2020-30878

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

CVE-2020-36965 docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

CVE-2020-36991

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain...

CVE-2026-24747

A flaw was found in PyTorch, a Python package for tensor computation. A remote attacker could craft a malicious checkpoint file, which, when loaded using the weightsonly unpickler, could lead to memory corruption. This vulnerability may enable an attacker to achieve arbitrary code execution on th...

Cross-site Scripting (XSS)

Overview billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by supplying crafted...

Cross-site Scripting (XSS)

Overview org.webjars.npm:billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by...

Gear Box Computers IP Watcher code issues and vulnerabilities

Gear Box Computers IP Watcher is a network monitoring tool developed by Gear Box Computers. Version 3.0.0.30 of Gear Box Computers IP Watcher has a code vulnerability; this vulnerability stems from Windows service configurations that include service paths without quotes, which may allow arbitrary...

10-Strike Network Inventory Explorer security vulnerabilities

10-Strike Network Inventory Explorer is a scanning software developed by 10-Strike Corporation. It is used to track hardware and software on network computers. Version 8.65 of 10-Strike Network Inventory Explorer contains a security vulnerability caused by buffer overflow in exception handling,...

RHEL 9 : openssl (RHSA-2026:1473)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1473 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

AlmaLinux 10 : openssl (ALSA-2026:1472)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1472 advisory. openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187 openssl: OpenSSL: Remote code execution or...

VeryPDF docPrint Pro security vulnerability

VeryPDF docPrint Pro is a virtual printer and document conversion software developed by VeryPDF Corporation. Version 8.0 of VeryPDF docPrint Pro contains a security vulnerability. This vulnerability stems from a local buffer overflow in the “Add URL” input field, which could allow for the executi...

ROS-20260128-73-0048

Vulnerability in kernel-lt related to writing outside buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

ROS-20260128-73-0044

Vulnerability in kernel-lt related to writing outside buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

Linux Distros Unpatched Vulnerability : CVE-2026-24747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to...

PT-2026-5111

IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges...