120819 matches found
Digital Arts FinalCode Client 代码问题漏洞
Digital Arts FinalCode Client is an enterprise-level information rights management client software developed by Digital Arts in Japan. The Digital Arts FinalCode Client has a code vulnerability that stems from issues with the DLL search path in the installer, which may allow arbitrary code to be...
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
Agenta 代码注入漏洞
Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.48.1 contained a code injection vulnerability. This vulnerability stemmed from a sandbox error that allowed the numpy package, potentially leading t...
CVE-2025-50857
ZenTaoPMS versions 18.11 through 21.6.beta are affected by a Directory Traversal vulnerability in /module/ai/control.php that allows arbitrary code execution via a crafted file upload. The root cause is a directory traversal flaw in the file-upload handling, enabling an attacker to place or execu...
FastCMS 安全漏洞
FastCMS is a content management system developed by FastCMS Inc. Versions of FastCMS prior to 0.1.6 contained security vulnerabilities. These vulnerabilities were caused by issues with the PluginController.java component, which could allow local attackers to execute arbitrary code...
c3p0 代码问题漏洞
c3p0 is an open-source JDBC connection pool library developed by Steve Waldman. Versions of c3p0 prior to 0.12.0 had code vulnerabilities, which stemmed from improper deserialization and could lead to the execution of arbitrary code...
Wolters Kluwer A3factura 跨站脚本漏洞
Wolters Kluwer A3factura is a billing management software developed by the German company Wolters Kluwer. Wolters Kluwer A3factura has a cross-site scripting vulnerability. This vulnerability stems from the reflective cross-site scripting in the parameter name located at the endpoint...
SUSE SLES12: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2026:0615-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0615-1 advisory. Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of serv...
SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2026:0614-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0614-1 advisory. Update to version 16.12. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of serv...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and triggering a git operation. This is onl...
Eval Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression. Note: This is only exploitable if a workflow...
Exploit for CVE-2025-49132
CVE-2025-49132 is a critical arbitrary code execution vulnerabil...
CVE-2025-69771
Cross-Site Scripting XSS vulnerability in the subtitle loading function of the asbplayer Chrome Extension version 1.14.0 allows attackers to execute arbitrary JavaScript in the context of the active streaming platform via a crafted .srt subtitle file. Because the script executes within the...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume th...
Vulnerabilities fixed in SolarWinds Serv-U
SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...
CVE-2025-40540
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
CVE-2026-25785
Path traversal vulnerability exists in Lanscope Endpoint Manager On-Premises Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system...
CVE-2026-25785
CVE-2026-25785 describes a path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server, versions up to 9.4.7.3 and earlier. The issue could allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system via a network attack with l...
Siemens SINEC NMS Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Siemens SINEC NMS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration ...