CVE-2024-33659

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, a...

CVE-2024-33659 BiosGuard Buffer Overflow and TOCTOU Vulnerability

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, a...

CVE-2022-43581

IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. IBM X-Force ID: 238805...

The vulnerability of the backup file loading function of the CMSimple system allows a perpetrator to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the backup file loading function of the CMSimple content management system is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected informati...

CVE-2019-19895

In IXP EasyInstall 6.2.13723, there is Lateral Movement using the Agent Service against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\PACKAGECODE\EveryLogon.bat, achieve this movement and execute code in the context of other users...

CVE-2020-17414

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handli...

CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7560

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-7351

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-12179

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-29822

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

CVE-2024-29825

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

CVE-2024-33578

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges...

CVE-2024-42023

An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely...

CVE-2024-4733

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the hc3session-cookie in versions up to, and including, 4.9.57. This makes it possible for an authenticated attacker with contributor access-level or above to inje...

CVE-2024-8030

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

CVE-2024-57395

Safety production process management system v1.0 is affected by CVE-2024-57395, where password and account number parameters enable a remote attacker to escalate privileges, execute arbitrary code, and obtain sensitive information. The available connected sources describe the issue and its impact...

CVE-2024-57395

Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters...

CVE-2025-24364

CVE-2025-24364 affects vaultwarden (Unofficial Bitwarden server) written in Rust. The vuln requires authenticated access to the vaultwarden admin panel and allows arbitrary code execution by manipulating mail settings to trigger shell commands, with a specially crafted favicon used to embed comma...

CVE-2024-12600

The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frswooproducttabs' parameter. This makes it possible for authenticated attackers, with Shop...