CVE-2025-4657

A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2025-6232

Lenovo Vantage (CVE-2025-6232) shows an improper validation vulnerability where a local attacker could execute code with elevated privileges by modifying certain registry locations. The CVE is tracked with high severity (CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base score 7.8; CVSS 4.0/AV:L/...

CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations...

Adobe InDesign Heap Overflow Vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for layout editing of various printed materials. A heap overflow vulnerability exists in Adobe InDesign processing files, which originates from a partial overwrite of heap memory, and can be exploited by a remote...

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2025-48824

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49666

CVE-2025-49666 is a Windows Kernel flaw described as a heap-based buffer overflow that enables remote code execution by an authorized attacker over a network. Public data lists attack vector as Network with high impact to confidentiality, integrity, and availability, and requires HIGH privileges ...

CVE-2025-49676

CVE-2025-49676: heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) over network; initial description provides this; connected documents do not add concrete technical details (affected products/versions, root cause, fix). Monitor for updates.

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

MICROSENS NMP Web+ 路径遍历漏洞

MICROSENS NMP Web+ is a network management platform from the German company MICROSENS. MICROSENS NMP Web+ suffers from a path traversal vulnerability that originates from an unauthenticated attacker being able to overwrite files and execute arbitrary code...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.3.1.1139 and earlier, which originates from a backup job that can be modified by a user in the Backup Operator role, which could lead to the...

CVE-2025-47959

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code over a network...

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and gain unauthorized access to protected...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote objects in telemetry and telemechanics systems, allowing a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the ImportCertificate method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ImportCertificate method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...