120816 matches found
CVE-2026-21408
beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges...
CVE-2026-21408
beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges...
CVE-2026-21408
The CVE-2026-21408 issue affects beat-access for Windows 3.0.3 and earlier, due to an insecure DLL search path (Uncontrolled search path element, CWE-427) that may cause loading of DLLs leading to arbitrary code execution with SYSTEM privileges. Documented impact is arbitrary code execution with ...
Delta Electronics ASDA-Soft 安全漏洞
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system...
PT-2026-4909
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...
Segurazo S Antivirus IC code issue vulnerability
Segurazo SAntivirus IC is a antivirus software developed by the American company Segurazo. Version 10.0.21.61 of Segurazo SAntivirus IC has a code vulnerability that stems from a service path without quotes, which may allow for the execution of arbitrary code...
Realtek Andrea RT Filters code-related vulnerabilities
Realtek Andrea RT Filters is a high-level audio processing component developed by Realtek Semiconductor. Version 1.0.64.7 of Realtek Andrea RT Filters contains a code vulnerability caused by an unquoted service path, which may allow for the execution of arbitrary code...
📄 PLY 3.11 Arbitrary Code Execution
An undocumented and unsafe feature in the PyPI‑distributed version of PLY version 3.11 allows arbitrary code execution when the yacc function is invoked with the picklefile parameter. 🚨 Undocumented Remote Code Execution in PLY CVE‑2025‑56005 CVE ID: CVE‑2025‑56005 Reported by: Ahmed Abd Disclosu...
KLA90858 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Layout: Scrolling and Overflo...
Motorola Device Manager code-related vulnerabilities
Motorola Device Manager is a computer-based device management tool developed by the American company Motorola. Version 2.5.4 of Motorola Device Manager contains a code vulnerability caused by an unquoted service path, which may allow for the execution of arbitrary code...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Git LFS vulnerabilities (USN-7977-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7977-1 advisory. Ryota K discovered that Git LFS may leak login credentials in certain instances due to failing to check for...
Quick-Media security vulnerabilities
Quick-Media is a multimedia service software developed by YiHui’s individual developers. Versions of Quick-Media prior to v1.0 contained security vulnerabilities. These vulnerabilities stemmed from a code injection vulnerability in the PNG encoding component, PNGImageEncoder.Java, which could all...
Motorola Device Manager code-related vulnerabilities
Motorola Device Manager is a computer-based device management tool developed by the American company Motorola. Version 2.4.5 of Motorola Device Manager contains a code vulnerability caused by an unquoted service path, which may allow for the execution of arbitrary code...
xrdp security vulnerabilities
XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to v0.10.5 contained security vulnerabilities. These vulnerabilities stemmed from improper boundary checking when processing user domain information, which could lead to stack-based buffer...
EZCast Pro II security vulnerabilities
EZCast Pro II is a computer screen-sharing software developed by EZCast Corporation in China. This software allows for wireless sharing of data from computer devices onto televisions or projection screens. EZCast Pro supports screen allocation and projection permissions. Version 1.17478.146 of...
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
GHSA-99P7-6V5W-7XG8 vm2 has a Sandbox Escape
In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...
vm2 has a Sandbox Escape
In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...
CVE-2025-71178 Crucial Storage Executive < 11.08.082025.00 Installer DLL Preloading LPE
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...
CVE-2025-71178
CVE-2025-71178 affects Crucial Storage Executive installer versions