9 matches found
(Pwn2Own) Redis Lua Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certain string values by the embedded Lua interpreter. The issue results from the...
CVE-2025-32408
In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...
PT-2024-39786 · Trimble · Trimble Sketchup Viewer
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this, where the...
Prototype Pollution
ejs is vulnerable to Prototype Pollution. The vulnerability is due to inadequate object checks which lack prototype protection measures, which allows an attackers to overwrite certain object prototypes...
Privilege Escalation
n8n is vulnerable to Privilege Escalation. The vulnerability is due to a lack of object checks when merging the user supplied fields with the server object. The privilege escalation vulnerability occurs whenever the updateCurrentUser method of the MeController class merges a user object with an...
CVE-2022-24357
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2021-46601
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-34922
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Bentley Systems Bentley View 资源管理错误漏洞
Bentley View, a free viewer from Bentley Systems, Inc. A security vulnerability exists in Bentley View 3DS file parsing, which is caused by not verifying the existence of an object before performing an operation on it. An attacker could exploit this vulnerability to execute code in the context of...