CVE-2022-41168

Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part .catpart, CatiaTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

CVE-2022-48006

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php...

CVE-2022-43061

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-36943

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item...

CVE-2022-27530

A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code...

CVE-2022-25495

The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...

CVE-2022-24656

HexoEditor 1.1.8 is affected by Cross Site Scripting XSS. By putting a common XSS payload in a markdown file, if opened with the app, will execute several times...

CVE-2021-34844

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-30843

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution...

CVE-2021-34280

Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer Vulnerability in PolarisOffice.exe and EngineDLL.dll that may cause a Remote Code Execution. To exploit the vulnerability, someone must open a crafted PDF file...

CVE-2021-24638

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website...

CVE-2020-16243

Multiple buffer overflow vulnerabilities exist when LeviStudioU Version 2019-09-21 and prior processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application...

CVE-2020-21605

libde265 v1.0.4 contains a segmentation fault in the applysaointernal function, which can be exploited via a crafted a file...

CVE-2020-27797

An invalid memory address reference was discovered in the elflookup function in plxelf.cpp in UPX 4.0.0 via a crafted Mach-O file...

CVE-2020-23893

A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted tiff file...

CVE-2020-27802

An floating point exception was discovered in the elflookup function in plxelf.cpp in UPX 4.0.0 via a crafted Mach-O file...

CVE-2020-13494

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability...

CVE-2019-9720

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c misuses snprintf...