4290 matches found
Microsoft Excel Remote Code Execution Vulnerability
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
GHSA-P4H8-56QP-HPGV SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh
Impact A crafted hostAlias argument such as -oProxyCommand=... was passed to ssh/scp without an argument terminator. SSH interprets arguments starting with - as options regardless of position, so the option-injection caused SSH to execute the attacker-supplied ProxyCommand locally on the machine...
PT-2026-32878
Name of the Vulnerable Software and Affected Versions Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 Description Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally by tricking a user into opening a malicious document...
PT-2026-32864
Name of the Vulnerable Software and Affected Versions Microsoft Graphics Component affected versions not specified Description A heap-based buffer overflow in the Microsoft Graphics Component allows an unauthorized attacker to execute arbitrary code locally and remotely, which can affect the...
PT-2026-32849
CVE-2026-32197 | Microsoft 365 Apps for Enterprise | Remote Code Execution Description Use-after-free vulnerability in Microsoft Office Excel allows unauth attacker to achieve RCE locally by tricking user into opening malicious Excel file. Severity: High Exploitation: Unknown Public PoC: Unknown...
PT-2026-32852
CVE-2026-32200 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. https://t.co/8Uy6aw5JNe...
PT-2026-32850
CVE-2026-32198 | Microsoft 365 Apps for Enterprise | Remote Code Execution Description Use-after-free vulnerability in Microsoft Office Excel allows unauth attacker to achieve RCE locally by tricking user into opening malicious Excel file. Severity: High Exploitation: Unknown Public PoC: Unknown...
PT-2026-32879
Name of the Vulnerable Software and Affected Versions Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 Description A use-after-free issue in Microsoft Office Word allows an unauthorized attacker to execute code locally. This occurs when a user is tricked into opening a malicious...
PT-2026-32870
Name of the Vulnerable Software and Affected Versions Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 Description A use-after-free issue in Microsoft Office Word allows an unauthorized attacker to execute code locally by tricking a user into opening a malicious document...
PT-2026-32826
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free in the Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. Use after free i...
PT-2026-32844
Name of the Vulnerable Software and Affected Versions Microsoft 365 Apps for Enterprise versions 16.0.1 through 16.0.1 Description A use-after-free issue in Microsoft Office Excel allows an unauthorized attacker to execute arbitrary code locally by tricking a user into opening a malicious Excel...
PT-2026-32841
Name of the Vulnerable Software and Affected Versions Windows Snipping Tool affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. Recommendatio...
PT-2026-32819
CVE-2026-32149 Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. https://t.co/jAvCgQ0s60...
PT-2026-32736
CVE-2026-26156 Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. https://t.co/WXiQEpBjLe...
Security Updates for Microsoft Word Products C2R (April 2026)
The Microsoft Word Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2026-23657, CVE-2026-33095, CVE-2026-33115 - Untrusted pointer dereference in...
R 缓冲区错误漏洞
R is a statistical computing software developed by The R Foundation. Version 3.4.4 of R contains a buffer overflow vulnerability, which stems from insufficient input validation for the GUI Preferences language field. This vulnerability could lead to a local buffer overflow and the execution of...
Exploit for CVE-2025-81110
CVE-2025-81110-PoC Improper Symbolic link handling in the PutC...
CVE-2025-70811
Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via the Admin Control Panel icon management functionality...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path through the hostIDReaderBSD.read function in sdk/resource/hostid.go. An attacker can execute a malicious kenv binary by placing it earlier in $PATH and triggering host ID detection on BSD or Solaris systems when...
CVE-2019-25679
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling SEH buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain a...