CVE-2025-24043

Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network...

CVE-2025-24081

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

USN-7349-1 rar vulnerabilities

It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. CVE-2022-30333 It was discovered th...

CVE-2025-27394

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2025-27393

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device...

CVE-2025-23400

A vulnerability has been identified in Teamcenter Visualization V14.3 All versions V14.3.0.13, Teamcenter Visualization V2312 All versions V2312.0009, Teamcenter Visualization V2406 All versions V2406.0007, Teamcenter Visualization V2412 All versions V2412.0002, Tecnomatix Plant Simulation V2302...

WordPress plugin Review Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-13906

The CVE-2024-13906 entry pertains to Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress (WordPress plugin) versions

CVE-2025-25361

An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file...

CVE-2024-13787

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2025-22224

VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

Advisory ROSA-SA-2025-2754

Software: PackageKit 1.1.12 OS: ROSA Virtualization 2.1 packageevrstring: PackageKit-1.1.12-7.0.1.rv3 CVE-ID: CVE-2024-0217 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A use-after-free vulnerability in PackageKitd allows an attacker to access freed memory and potentially execute arbitrary code...

CVE-2024-9193

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

CVE-2024-13899

The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access a...

CVE-2024-13556

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

The vulnerability of the Mobile Security Framework (MobSF) for mobile application security research lies in an incorrect pathname limitation, which allows a malicious actor to gain unauthorized access for reading, deleting protected information, and executing arbitrary code.

The vulnerability of the Mobile Security Framework MobSF for mobile application security research is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to read, delete protected information...

CVE-2024-13636

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-24926. Reason: This candidate is a reservation duplicate of CVE-2024-24926. Notes: All CVE users should reference CVE-2024-24926 instead of this candidate. All references and descriptions in this candidate have been...

CVE-2024-57964

Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:...

CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...

CVE-2024-12562

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...