CVE-2024-47196

A vulnerability has been identified in ModelSim All versions V2025.2, Questa All versions V2025.2. vsimk.exe in affected applications allows a specific tcl file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate...

The vulnerability of the file loading function in the “Change Favicon” interface of the Versa Director software platform for managing network infrastructure allows a hacker to gain increased privileges.

The vulnerability of the file loading function in the “Change Favicon of the software platform for managing network infrastructure Versa Director” interface relates to the unlimited loading of dangerous types of files. Exploiting this vulnerability could allow a malicious actor to enhance their...

The vulnerability of the file loading function of the backup and recovery software for remote and cloud-based Veeam Service Provider Console (VSPC) customers allows a hacker to execute arbitrary code on the VSPC server.

The vulnerability of the file loading function of the backup and data recovery software for remote and cloud-based Veeam Service Provider Console VSPC involves unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code on the VSPC...

CVE-2024-45389

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

The vulnerability of the Poly Clariti Manager platform for managing, planning, and maintaining audiovisual systems lies in its ability to download files of a malicious nature indefinitely, allowing a hacker to execute arbitrary code.

The vulnerability of the Poly Clariti Manager platform for managing, planning, and maintaining audio-visual systems is related to the ability to load files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Traccar GPS system’s application programming interface, related to the unlimited loading of dangerous type files, allows a violator to execute arbitrary code.

The vulnerability of the Traccar GPS system’s application programming interface is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by creating or loading arbitrary files...

The vulnerability in the Flask web interface for generating queries to the Vanna database allows a hacker to write arbitrary files and execute arbitrary commands.

The vulnerability in the Flask web framework’s database query generation interface for Vanna involves unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to write any files and execute any commands by sending specially created queries...

The vulnerability of microprogrammed software in Toshiba e-STUDIO multifunctional devices, related to bypassing the authentication process through an alternative path or channel, allows attackers to circumvent security restrictions and load arbitrary files.

The vulnerability of the microprogramming software in Toshiba e-STUDIO multifunctional devices relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and load arbitrary fil...

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” involves unlimited loading of dangerous type files, allowing a hacker to execute arbitrary code.

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted PHP file...

The vulnerability of ASUS routers, related to the unlimited loading of dangerous files, allows attackers to execute arbitrary commands.

The vulnerability of ASUS routers is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the application programming interface of the Spring Cloud Skipper package management server allows a perpetrator to write any files they desire.

The vulnerability of the Spring Cloud Skipper package manager’s application interface involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to write any files they desire...

The vulnerability of the CMS system Netcat, related to the unlimited loading of dangerous types of files, allows attackers to execute arbitrary code.

The vulnerability of the CMS system Netcat is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

[SECURITY] Fedora 39 Update: crosswords-0.3.13-1.fc39

A simple and fun game of crosswords. Load your crossword files, or play one of the included games. Features include: - Support for shaped and colored crosswords - Loading .ipuz and .puz files - Hint support, such as showing mistakes and suggesting words - Dark mode support - Locally installed...

Vulnerability of the /url/url.php script in D-Link DAR-7000 and DAR-8000 router microprogramming software, allowing a hacker to execute arbitrary code

The vulnerability of the /url/url.php script in D-Link’s router microprogramming software DAR-7000 and DAR-8000 is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Vulnerability of the /useratte/resmanage.php script of the D-Link DAR-7000 and DAR-8000 routers, allowing a hacker to execute arbitrary code.

The vulnerability of the /useratte/resmanage.php script of the D-Link DAR-7000 and DAR-8000 router microprogramming systems is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Vulnerability of the /user/onlineuser.php script in D-Link DAR-7000 and DAR-8000 router microprogramming software, allowing a hacker to execute arbitrary code

The vulnerability of the /user/onlineuser.php script in D-Link’s router microprogramming software DAR-7000 and DAR-8000 is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability in the Avalanche mobile device management web component allows a hacker to execute arbitrary commands with SYSTEM privileges.

The vulnerability of the Avalanche mobile device management web component is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the SYSTEM context...

The vulnerability of the Jenkins automation server lies in its ability to allow unlimited loading of dangerous files, enabling a hacker to gain access to read, modify, or delete these files.

The vulnerability of the Jenkins automation server relates to the loading of files using the Stapler web platform. Stapler creates temporary files in a temporary directory system, with default permissions for newly created files. Exploiting this vulnerability allows an attacker to gain read,...

The vulnerability of the phpMyFAQ web application, related to the unlimited download of dangerous types of files, allows a hacker to execute arbitrary code.

The vulnerability of the phpMyFAQ web application is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created .php files...

The vulnerability of the software file loading function of the Cisco AppDynamics Controller allows a perpetrator to gain access to protected information.

The vulnerability of the software file loading function of the Cisco AppDynamics Controller is related to deficiencies in path name checking for the directory. Exploiting this vulnerability could allow an attacker operating remotely to gain access to protected information...