120950 matches found
CVE-2025-10021
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...
CVE-2025-10021
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...
CVE-2025-11542
CVE-2025-11542 concerns Sharp Display Solutions projectors (NEC-branded). The issue is a stack-based buffer overflow in the projector firmware that could allow an attacker to execute arbitrary commands and programs. Related connected documents enumerate additional vulnerabilities in the same fami...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgvalidatepipelinedesc function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...
Frappe Framework 安全漏洞
Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe India. A security vulnerability exists in the Attachments module of Frappe Framework v15.89.0, which stems from the fact that uploading a specially crafted XML file could lead to...
AIRC MyNET 安全漏洞
AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.06 and earlier versions, which stems from an iframe injection issue with the src parameter that could lead to the execution of arbitrary code by a remote attacker...
PT-2025-52703
Name of the Vulnerable Software and Affected Versions SOUND4 LinkAndShare Transmitter version 1.1.2 Description SOUND4 LinkAndShare Transmitter version 1.1.2 contains a format string vulnerability. This allows attackers to trigger memory stack overflows through maliciously crafted environment...
PT-2025-52716
Name of the Vulnerable Software and Affected Versions MyBB version 1.8.32 Description MyBB version 1.8.32 contains a chained issue that allows authenticated administrators to bypass avatar upload restrictions and potentially execute arbitrary code. Attackers can modify upload path settings, uploa...
📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking
HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...
[SECURITY] [DSA 6089-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6089-1 [email protected] https://www.debian.org/security/ Andres Salomon December 21, 2025 https://www.debian.org/security/faq -...
SUSE CVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...
CVE-2025-63665
An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...
FreeBSD : Firefox -- Memory safety bugs (23437e07-ddc0-11f0-902c-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 23437e07-ddc0-11f0-902c-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=1996570%2C1999700 reports: Memory safety bugs present in...
Improper Control of Dynamically-Managed Code Resources
Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An authenticated attacker can execute arbitrary code with the privileges of the underlying...
CVE-2023-53952
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...
EUVD-2025-204583
An issue in GT Edge AI Platform Versions before v2.0.10-dev allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...
CVE-2025-63665
An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...
CVE-2025-63665
An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...
CVE-2025-64462
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...
Security Bulletin: Arbitrary Code Execution in Keras
Summary Keras is used by many machine learning frameworks and applications as part of their deep learning infrastructure. Remote attackers can execute arbitrary code, leading to full system compromise, data breaches, and potential lateral movement where the identified vulnerability is present...