16979 matches found
Important: mariadb:10.3 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump utility vulnerable to remote code execution via improper path validation CVE-2025-13699 For more details about the security issues, including the impact...
MAL-2026-54 Malicious code in lium-4-96 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f30524e8a9ff2b7c5b43b57ea582beeba9d8f94da4097ecd572d26b4177e6626 This is a typosquatting/dependency confusion package that is part of a campaign embedding malicious code but was found before the malicious code was injected...
Craft CMS 安全漏洞
Craft CMS is an open source content management system CMS from Craft CMS. A security vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from a malicious add-on behavior that could lead to authenticated remote code execution...
RHEL 9 : mariadb (RHSA-2026:0061)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0061 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...
Command Execution Vulnerability in U8 Cloud of UFIDA Network Technology Corporation (CNVD-C-2026-26052)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A command execution vulnerability exists in UFIDA U8 Cloud, which can be...
CVE-2025-15389
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...
feast 代码问题漏洞
feast is an AI/ML open source function library from Feast Open Source. A code issue vulnerability exists in feast version 0.53.0, which stems from improper YAML deserialization and could lead to remote code execution...
CVE-2025-34468
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...
CVE-2020-36904
CVE-2020-36904 affects Selea CarPlateServer 4.0.1.6. A remote code execution flaw exists via the NO_LIST_EXE_PATH config parameter, allowing bypass of authentication through the /cps/ endpoint and modification of server config, including admin passwords, and execution of system commands. Document...
CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...
MAL-2025-193008 Malicious code in telegreph (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cca72e5a6a205d657e13d29aee3f5448061afd17f222f11db168ef8a20744992 The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...
CVE-2025-15388
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...
UBUNTU-CVE-2025-15279
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15275
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2025-15270
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...
CVE-2025-15222
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...
CVE-2025-15211
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...
FontForge 输入验证错误漏洞
FontForge is an open source font editing tool from fontforge that supports multiple languages. An input validation error vulnerability exists in FontForge that stems from improper validation of array indexes when parsing SFD files, which could lead to out-of-bounds writes and remote code executio...
PT-2025-54295
Name of the Vulnerable Software and Affected Versions QNO Technology VPN Firewall affected versions not specified Description The VPN Firewall developed by QNO Technology contains an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on th...
PT-2025-54427
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin meter2.php and admin indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...