1010 matches found
CVE-2021-4457
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...
Online Bidding System bidnow.php File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /bidnow.php. An attacker can exploit this vulnerability to execute...
CVE-2025-52880 Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File
Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting XSS vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attacker...
CVE-2025-49796
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2025-090)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-090 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute...
CVE-2025-5554 PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The...
CVE-2025-45854
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams...
PT-2025-23440 · Unknown · Juzawebcms
Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A problematic vulnerability was found in the Profile Page component of juzaweb CMS, specifically in the /admin-cp/file-manager/upload file. The issue is related to the manipulation of the Upload...
CVE-2024-40846
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. Processing a maliciously crafted video file may lead to unexpected app termination...
CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of t...
CVE-2024-52779
DCME-320 =7.4.12.90, DCME-520 =9.25.5.11, DCME-320-L =9.3.5.26, and DCME-720 =9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/monstattop10.php...
CVE-2024-50804
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the DeviceDeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder...
CVE-2024-49778
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service DoS and Code Execution via a crafted MOV video file...
CVE-2023-32541
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability...
CVE-2023-27390
A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability...
CVE-2023-24566
A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2022 All versions, Solid Edge SE2023 All versions V223.0Update2. The affected application is vulnerable to stack-based buffer while parsing specially crafted PAR files. An attacker could leverage this...
CVE-2023-24560
A vulnerability has been identified in Solid Edge SE2022 All versions V222.0MP12, Solid Edge SE2023 All versions V223.0Update2. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to ...
CVE-2023-24269
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file...
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...
CVE-2022-25366
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...