MICROSENS NMP Web+ 路径遍历漏洞

MICROSENS NMP Web+ is a network management platform from the German company MICROSENS. MICROSENS NMP Web+ suffers from a path traversal vulnerability that originates from an unauthenticated attacker being able to overwrite files and execute arbitrary code...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.3.1.1139 and earlier, which originates from a backup job that can be modified by a user in the Backup Operator role, which could lead to the...

CVE-2025-47959

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code over a network...

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and gain unauthorized access to protected...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote objects in telemetry and telemechanics systems, allowing a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the ImportCertificate method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ImportCertificate method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that originates from insufficient validation of user-supplied data lengths, which can be exploited by an attacker to...

CVE-2024-20843

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2024-20528

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

CVE-2024-48450

An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group...

CVE-2024-57386

Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function...

CVE-2024-53620

A cross-site scripting XSS vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter...

CVE-2023-52324

An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any...

CVE-2023-32973

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-32971

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...