CVE-2019-20630

An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BSReadByte called from gfbsreadbit in utils/bitstream.c that can cause a denial of service via a crafted MP4 file...

CVE-2018-1999020

Open Networking Foundation ONF ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion overwrite. This attack appear to be exploitable vi...

CVE-2019-9614

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with ' $ ex"' followed by the command...

CVE-2018-15817

FastStone Image Viewer 6.5 has a Read Access Violation on Block Data Move starting at image00400000+0x0000000000002d63 via a crafted image file...

CVE-2017-10976

When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock function in lib/ttf.c...

CVE-2019-0345

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...

CVE-2015-7339

JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /comjce/editor/libraries/classes/browser.php script...

CVE-2011-2161

The apereadheader function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service application crash via an APE aka Monkey's Audio file that contains a header but no frames...

CVE-2011-3945

The decodeframe function in the KVG1 decoder kgv1dec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service crash and possibly...

CVE-2013-3934

Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file...

CVE-2011-5083

Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory...

CVE-2002-2392

Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to 1 wsz and 2 wal files that contain embedded code...

CVE-2025-30310

Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type 'Type Confusion' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must...

The vulnerability of Microsoft Excel spreadsheet editors, Microsoft Office programs, and Microsoft 365 Apps for Enterprise, related to the possibility of using freed memory, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Excel spreadsheet editors, as well as Microsoft Office products and Microsoft 365 Apps for Enterprise, is related to the ability to utilize freed memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted...

CVE-2025-30329

Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user...

CVE-2025-45885

PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries...

CVE-2025-26169

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be...

PT-2025-18698 · Unknown · Phpgurukul Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul COVID19 Testing Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul COVID19 Testing Management System. The issue affects some unknown functionality of the file /login.php. The...

CVE-2025-4031

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2025-2105

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...