120819 matches found
CVE-2021-47861
Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file system locations that will be...
EUVD-2026-3617
Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\Pingzapper\PZService.exe' to inject malicious executables and escalate...
CVE-2021-47882 FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during...
EUVD-2026-3640
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during...
CVE-2021-47882 FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path
FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during...
EUVD-2026-3643
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate...
USN-7971-1 glib2.0 vulnerability
It was discovered that GLib incorrectly handled the buffered input stream API. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code...
vLLM affected by RCE via auto_map dynamic module loading during model initialization
Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...
GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization
Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...
Arbitrary Code Injection
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the automap process during model initialization, even when trustremotecode is false. An attacker can execute arbitrary...
CVE-2025-54817
A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...
WordPress Beaver Builder plugin <= 2.9.4.1 - Arbitrary Code Execution vulnerability
Arbitrary Code Execution vulnerability discovered by mcdruid in WordPress Plugin Beaver Builder versions = 2.9.4.1...
Exploit for CVE-2026-23947
Walkthrough: CVE-2026-23947 - Orval Arbitrary Code Execution...
CVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed...
Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Overview The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. contains the following vulnerability. Uncontrolled search path element CWE-427 - CVE-2026-24016 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 CVSS score: 6.5, affects all versions of the module prior to version 2.3.0, whic...
USN-7970-1 iperf3 vulnerabilities
Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in...
GHSA-H526-WF6G-67JV Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerability CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by that fix. The vulnerability allows untrusted OpenAPI...
CVE-2025-65482
An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...
PT-2026-3879
Name of the Vulnerable Software and Affected Versions seroval versions prior to 1.4.0 Description seroval is a JavaScript library that facilitates value stringification, including complex structures beyond the capabilities of JSON.stringify. Improper input handling in the JSON deserialization...