30699 matches found
CVE-2018-25224
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...
CVE-2017-20229
MAWK 1.3.3-17 and earlier contain a stack-based buffer overflow due to inadequate boundary checks on user-supplied input. An attacker can craft input that overflows the stack and facilitates a return-oriented programming chain to spawn a shell with application privileges. The connected documents ...
CVE-2017-20229
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programmi...
CVE-2017-20227 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
CVE-2017-20227
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
CVE-2017-20227 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
[SECURITY] Fedora 42 Update: php-phpseclib-2.0.52-1.fc42
MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...
PT-2026-28233
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
SUSE SLES15 Security Update : vim (SUSE-SU-2026:1095-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1095-1 advisory. Update Vim to version 9.2.0110: - CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip...
PT-2026-28234
Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...
EUVD-2025-209103
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...
CVE-2025-15616
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...
CVE-2025-15616 Wazuh Agent and Manager OS Command Injection and Untrusted Search Path
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...
CVE-2025-15616 Wazuh Agent and Manager OS Command Injection and Untrusted Search Path
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...
CVE-2025-15616
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 are affected by multiple shell injection and untrusted search path vulnerabilities. Attackers can achieve remote code execution by injecting commands via logcollector configuration, maild SMTP server tags, and Kaspersky AR script par...
CVE-2025-15616
Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...
CVE-2021-27113
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters...
Security update for docker-stable
This update for docker-stable fixes the following issues: CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...
Exploit for CVE-2026-3891
CVE-2026-3891 Pix for WooCommerce = 1.5.0 - Unauthenticate...