Lucene search
K

120950 matches found

Snyk
Snyk
added 2025/12/23 9:48 p.m.3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the parsing of time units. An attacker can execute arbitrary code in the context of the current user by enticing a user to visit a malicious page or open a malicious file. Remediation There is no fixed...

8.5CVSS7.4AI score0.00306EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/23 9:41 p.m.1 views

Heap-based Buffer Overflow

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the EXR file parsing process due to improper validation of user-supplied data length before copying it to a heap-based buffer. An attacker can...

8.5CVSS7.9AI score0.00158EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/23 9:41 p.m.3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the EXR file parsing process due to improper validation of user-supplied data length before copying it to a heap-based buffer. An attacker can execute arbitrary code in the context of the current process by...

8.5CVSS7.9AI score0.00158EPSS
Exploits0References2
CVE
CVE
added 2025/12/23 9:30 p.m.13 views

CVE-2025-13703

VIPRE Advanced Security for PC is affected by CVE-2025-13703 due to incorrect permissions on a folder in the product installer, enabling local privilege escalation to SYSTEM for code execution after bypassing low-privilege startup. Exploitation details are not provided in the available documents....

7.8CVSS7.7AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2025/12/23 9:18 p.m.13 views

CVE-2025-14498

CVE-2025-14498 affects TradingView Desktop (Electron) due to an unsecured script loading location in the Electron framework, enabling local privilege escalation via an uncontrolled search path. The root cause is a misconfiguration that allows a low-privilege attacker who can run code on the targe...

7.8CVSS7.7AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:17 p.m.3 views

CVE-2025-14489 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7.7AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/23 9:16 p.m.22 views

CVE-2025-14493 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:16 p.m.12 views

CVE-2025-14492

RealDefense SUPERAntiSpyware contains a local privilege escalation in the SAS Core Service due to an exposed dangerous function. The flaw allows an attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code on affected installations. CVSS v3.0 metrics indicate local...

7.8CVSS7.8AI score0.00172EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/23 9:16 p.m.19 views

CVE-2025-14492 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/12/23 9:15 p.m.4 views

CVE-2025-14924

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

7.8CVSS7.6AI score
Exploits0References1
Snyk
Snyk
added 2025/12/23 9:5 p.m.2 views

Deserialization of Untrusted Data

Overview accelerate is an Accelerate Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing of checkpoints. An attacker can execute arbitrary code by convincing a user to open a specially crafted file or visit a malicious web page. Note: The report w...

8.5CVSS7.6AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2025/12/23 8:15 p.m.6 views

CVE-2021-47739

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

8.5CVSS0.00168EPSS
Exploits1References5
Snyk
Snyk
added 2025/12/23 3:40 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the ddstime function due to insufficient validation in the time certificate verification. An attacker can gain elevated privileges and execute arbitrary commands by bypassing certificate checks...

10CVSS5.9AI score0.003EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/12/23 7:34 a.m.9 views

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613 , carries a CVSS score of 9.9 out of a maximum of 10.0...

9.9CVSS7.6AI score0.97875EPSS
Exploits29
EUVD
EUVD
added 2025/12/23 12:30 a.m.4 views

EUVD-2023-60228

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

9.8CVSS7.2AI score0.00617EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.8 views

PT-2025-52834

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...

8.6CVSS7AI score0.00712EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.2 views

LangChain 代码问题漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A code issue vulnerability exists in LangChain versions prior to 0.3.37 and prior to 1.2.3, which stems from serialization injection and could lead to the execution of arbitrary cod...

9.1CVSS7.5AI score0.00746EPSS
Exploits0References4
OSV
OSV
added 2025/12/22 10:16 p.m.4 views

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...

8.6CVSS6.1AI score0.01497EPSS
Exploits1References5
NVD
NVD
added 2025/12/22 10:16 p.m.3 views

CVE-2023-53966

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

9.8CVSS0.00617EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/22 9:35 p.m.6 views

CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...

8.8CVSS7.2AI score0.00409EPSS
Exploits1References3
Rows per page
Query Builder