1835 matches found
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...
PT-2025-28567 · Microsoft · Windows Routing/Remote Access Service +1
Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
PT-2025-28561 · Microsoft · Windows Routing/Remote Access Service +1
Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: A heap-based buffer overflow issue in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
PT-2025-28527 · Microsoft · Windows Nt Rras +1
Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Windows Routing and Remote Access Service RRAS, which allows an unauthorized attacker to...
PT-2025-28556 · Microsoft · Windows Nt Rras +1
Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Windows Routing and Remote Access Service RRAS, which allows an unauthorized attacker to...
PT-2025-28596
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to a use after free condition in Microsoft Office, which enables an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...
CVE-2025-52969
ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables...
QNAP Qsync Central SQL Injection Vulnerability
QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...
CVE-2025-52969
Removed by vendor...
CVE-2025-33122
CVE-2025-33122 affects IBM i 7.2–7.6, due to an unqualified library call in IBM Advanced Job Scheduler for i that can let a user gain elevated privileges (administrator) through user-controlled code. IBM’s bulletin confirms the affected releases and that the issue is fixed via PTF 5770-JS1 (skip ...
TencentOS Server 3: gimp:2.8 (TSSA-2024:0074)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0074 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-47174
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally...
CVE-2025-29828
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network...
CVE-2025-31104
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...
CVE-2025-32717
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...
CVE-2025-47175
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally...
CVE-2025-32710
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...
CVE-2025-31104
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...
CVE-2025-31104
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...
CVE-2025-31104
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker...