16978 matches found
CVE-2025-61937
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...
CVE-2025-68924
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...
CVE-2021-47842 StudyMD 0.3.2 - Persistent Cross-Site Scripting
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...
CVE-2021-47840 Moeditor 0.2.0 - Persistent Cross-Site Scripting
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...
OESA-2026-1116 gimp security update
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2025-59287 - WSUS / SCCM RCE Based on the original exploi...
H2O-3 PostgreSQL Driver RCE - Bypassing CVE-2025-6544 Mitigation
Description A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The current security mitigation implemented in H2O-3 relies on a parameter blacklist mechanism that exclusively targets MySQL JDBC...
CVE-2025-61937
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...
CVE-2025-61937 AVEVA Process Optimization Code Injection
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...
CVE-2025-61937 AVEVA Process Optimization Code Injection
The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of “taoimr” service, potentially resulting in complete compromise of the model application server...
CVE-2025-61937
CVE-2025-61937 affects AVEVA Process Optimization. The flaw allows unauthenticated remote code execution via the taoimr service, potentially fully compromising the model application server. CVSS metrics in the documents show CRITICAL impact. Remediation details or fixed versions are not provided ...
SnipCommand security vulnerability
SnipCommand is a command snippet manager developed by Güray Yarar. Version 0.1.0 of SnipCommand contains a security vulnerability that allows for the injection of malicious payloads into command snippets, potentially leading to remote command execution...
MiracleLinux 4 : firefox-24.4.0-1.0.1.AXS4 (AXSA:2014-175:02)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-175:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...
KB5073379: Windows Server 2025 Security Update (January 2026)
The remote Windows host is missing security update 5073379. It is, therefore, affected by multiple vulnerabilities - Use after free in Windows Local Security Authority Subsystem Service LSASS allows an authorized attacker to execute code over a network. CVE-2026-20854 - An issue was discovered in...
CVE-2021-47758 Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before...
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware
CVE-2021-36260 CVE-2021-36260 POC command injection vulnerabil...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002142)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002142 advisory. Integer signedness error in the ozhcdgetdesccnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003203)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003203 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
CVE-2026-0500
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...