16981 matches found
CVE-2023-25617
SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
Soda PDF Desktop Code Execution Vulnerability (CNVD-2026-06110)
Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing XLS files without us...
Dell PowerProtect Data Domain 操作系统命令注入漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. An operating system command injection vulnerability exists in Dell PowerProtect Data Domain, which stems from improper neutralization of...
RockyLinux 9 : mariadb:10.11 (RLSA-2026:0247)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0247 advisory. mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log...
Trend Micro Apex Central LoadLibraryEx RCE (CVE-2025-69258)
Binary data trendmicroapexcentralcve-2025-69258.nbin...
(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...
CVE-2026-0730
PHPGurukul Staff Leave Management System 1.0 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically the ADD_STAFF/UPDATE_STAFF function in /staffleave/slms/slms/adminviews.py. Manipulating the profile_pic argument can trigger XSS, with remote exploitation report...
CVE-2025-61548
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. Unsanitized user input is incorporated directly into SQL queries without proper parameterizati...
CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...
Important: Red Hat Security Advisory: gimp:2.8 security update
An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...
Important: Red Hat Security Advisory: mariadb:10.11 security update
An update for the mariadb:10.11 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
CVE-2025-61548
SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. Unsanitized user input is incorporated directly into SQL queries without proper parameterizati...
CVE-2026-21869
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...
CVE-2013-7355
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema...
CVE-1999-0061
File creation and deletion, and remote execution, in the BSD line printer daemon lpd...
CVE-1999-0333
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack...
CVE-1999-0244
Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root...
CVE-1999-0440
The byte code verifier component of the Java Virtual Machine JVM allows remote execution through malicious web pages...
CVE-2019-12430
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection...
CVE-2006-3577
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op...