CVE-2025-8404

Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system...

CVE-2024-42749

Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code in the victim's context and gain access to sensitive data. Successful exploitation requires the malicious party to tric...

EUVD-2025-93429

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-93432

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

EUVD-2025-93434

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Redis: Redis: Authenticated users can execute LUA scripts as a different user

A code injection vulnerability in Redis Lua scripting where an authenticated user can craft a Lua script to manipulate objects and potentially execute code in another user’s context...

Microsoft Visual Studio 命令注入漏洞

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to execute code on t...

CVE-2025-20376

The collection shows CVE-2025-20376 affecting Cisco Unified CCX web UI, due to insufficient input validation in the file upload mechanism. An authenticated, remote attacker could upload a malicious file via the web UI and execute arbitrary commands on the underlying system, with potential privile...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...

EUVD-2025-37390

Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

EUVD-2025-36993

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Excellent Infotek Document Management System 代码问题漏洞

Excellent Infotek Document Management System is a document management system from Excellent Infotek Taiwan, China. A code issue vulnerability exists in the Excellent Infotek Document Management System that stems from an arbitrary file upload vulnerability that could allow an unauthenticated, remo...

EUVD-2025-34614

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges...

RSUPPORT RemoteCall Remote Support Program 代码问题漏洞

RSUPPORT RemoteCall Remote Support Program is a remote assistance software from the Korean company RSUPPORT. A code issue vulnerability exists in RSUPPORT RemoteCall Remote Support Program versions prior to 5.1.0, which stems from an uncontrolled search path element that could lead to the executi...

CVE-2025-61799

Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user...

EUVD-2025-34381

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

EUVD-2025-34383

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...