CVE-2025-6232

Lenovo Vantage (CVE-2025-6232) shows an improper validation vulnerability where a local attacker could execute code with elevated privileges by modifying certain registry locations. The CVE is tracked with high severity (CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base score 7.8; CVSS 4.0/AV:L/...

Adobe InDesign Heap Overflow Vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for layout editing of various printed materials. A heap overflow vulnerability exists in Adobe InDesign processing files, which originates from a partial overwrite of heap memory, and can be exploited by a remote...

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2025-48824

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49666

CVE-2025-49666 is a Windows Kernel flaw described as a heap-based buffer overflow that enables remote code execution by an authorized attacker over a network. Public data lists attack vector as Network with high impact to confidentiality, integrity, and availability, and requires HIGH privileges ...

CVE-2025-49676

CVE-2025-49676: heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) over network; initial description provides this; connected documents do not add concrete technical details (affected products/versions, root cause, fix). Monitor for updates.

Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

MICROSENS NMP Web+ 路径遍历漏洞

MICROSENS NMP Web+ is a network management platform from the German company MICROSENS. MICROSENS NMP Web+ suffers from a path traversal vulnerability that originates from an unauthenticated attacker being able to overwrite files and execute arbitrary code...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code that originates from an unauthorized WebSocket connection and could result in reading arbitrary files or executing code. The following versions are affected: Claude Code for VSCode...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication version 12.3.1.1139 and earlier, which originates from a backup job that can be modified by a user in the Backup Operator role, which could lead to the...

CVE-2025-47959

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code over a network...

CVE-2025-29828

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...

Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...

The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and gain unauthorized access to protected...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

CVE-2025-27953

An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component...

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote objects in telemetry and telemechanics systems, allowing a hacker to bypass security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the UpdateWebServerGatewaySettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the ImportCertificate method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the ImportCertificate method in software for managing and monitoring remote devices in telemetry and telemechanics systems related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that originates from insufficient validation of user-supplied data lengths, which can be exploited by an attacker to...

CVE-2024-20843

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code...