CVE-1999-1588

Buffer overflow in nlpsserver in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen aka System V listener port, TCP port 2766...

Google Chrome 资源管理错误漏洞

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a Resource Management Error vulnerability that originates from reuse after release, which can be exploited by an attacker to submit a special Web request and trick the user into parsing it to execute arbitrary code...

The vulnerability of the ColdFusion software platform, related to insufficient validation of input data, allows attackers to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...

CVE-2025-3916

CVE-2025-3916 concerns Schneider Electric EcoStruxure Power Build Rapsody. A stack-based buffer overflow (CWE-121) could allow a local attacker to potentially execute arbitrary code when a user opens a malicious SSD file, per multiple sources. The vulnerability is locally exploitable with user in...

CVE-2025-0855

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

Google Chrome heap buffer overflow vulnerability (CNVD-2025-09156)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to submit a special Web request that can be tricked into being parsed by the user, crashing the application or executing arbitrary...

CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writ...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-30003

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

USN-7434-1 perl vulnerability

It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2025-29834

Out-of-bounds read in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...

The vulnerability of the Suricata intrusion detection and prevention system, due to insufficient validation of input data, allows attackers to bypass security restrictions and execute arbitrary codes.

The vulnerability of the Suricata intrusion detection and prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code...

CVE-2024-13645

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

CVE-2025-2332

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2025-28254

Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...

CVE-2024-13889

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

CVE-2024-58105

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker mus...

AMD processors’ vulnerabilities, related to improper access control, allow attackers to execute arbitrary code.

The vulnerability of AMD processors is related to improper access control in the System Management Mode SMM. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...