120950 matches found
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the parsing of time units. An attacker can execute arbitrary code in the context of the current user by enticing a user to visit a malicious page or open a malicious file. Remediation There is no fixed...
Heap-based Buffer Overflow
Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the EXR file parsing process due to improper validation of user-supplied data length before copying it to a heap-based buffer. An attacker can...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the EXR file parsing process due to improper validation of user-supplied data length before copying it to a heap-based buffer. An attacker can execute arbitrary code in the context of the current process by...
CVE-2025-13703
VIPRE Advanced Security for PC is affected by CVE-2025-13703 due to incorrect permissions on a folder in the product installer, enabling local privilege escalation to SYSTEM for code execution after bypassing low-privilege startup. Exploitation details are not provided in the available documents....
CVE-2025-14498
CVE-2025-14498 affects TradingView Desktop (Electron) due to an unsecured script loading location in the Electron framework, enabling local privilege escalation via an uncontrolled search path. The root cause is a misconfiguration that allows a low-privilege attacker who can run code on the targe...
CVE-2025-14489 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14493 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14492
RealDefense SUPERAntiSpyware contains a local privilege escalation in the SAS Core Service due to an exposed dangerous function. The flaw allows an attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code on affected installations. CVSS v3.0 metrics indicate local...
CVE-2025-14492 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14924
Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...
Deserialization of Untrusted Data
Overview accelerate is an Accelerate Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing of checkpoints. An attacker can execute arbitrary code by convincing a user to open a specially crafted file or visit a malicious web page. Note: The report w...
CVE-2021-47739
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the ddstime function due to insufficient validation in the time certificate verification. An attacker can gain elevated privileges and execute arbitrary commands by bypassing certificate checks...
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613 , carries a CVSS score of 9.9 out of a maximum of 10.0...
EUVD-2023-60228
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...
PT-2025-52834
Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...
LangChain 代码问题漏洞
LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A code issue vulnerability exists in LangChain versions prior to 0.3.37 and prior to 1.2.3, which stems from serialization injection and could lead to the execution of arbitrary cod...
CVE-2023-53979
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...
CVE-2023-53966
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...
CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...