Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

PT-2025-24866

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description The issue involves access of a resource using an incompatible type, also known as 'type confusion', in Microsoft Office. This allows an unauthorized attacker to execute code locally...

PT-2025-24907 · Microsoft · Visual Studio

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio affected versions not specified Description: The issue is related to the improper neutralization of special elements used in a command, also known as 'command injection', in Microsoft Visual Studio. This allows an...

Security Updates for Microsoft Office Products (June 2025) (macOS)

The version of Microsoft Office for Mac installed on the remote host is affected by multiple vulnerabilities as referenced in the june-10-2025 advisory. - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2025-47164, CVE-2025-47953 - Use after free in...

CVE-2025-29892

An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6...

CVE-2025-29892

An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6...

CVE-2025-29892 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6...

CVE-2025-29892

CVE-2025-29892 concerns QNAP Qsync Central, where an SQL injection vulnerability could allow remote attackers with user access to execute unauthorized code or commands. Public details across sources confirm the issue originates from insufficient validation of externally entered SQL statements in ...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

PT-2025-24305 · Unknown · Qsync Central

Name of the Vulnerable Software and Affected Versions: Qsync Central versions prior to 4.5.0.6 Description: An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, this issue could allow remote attackers who have gained user access to execute unauthorized code or...

CVE-2025-32106

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code...

PT-2025-23642 · Audiocodes · Audiocodes Mediapack Mp-11X

Name of the Vulnerable Software and Affected Versions: Audiocodes Mediapack MP-11x versions 6.60A.369.002 and earlier Description: The issue allows an unauthenticated remote user to execute unauthorized code by sending a crafted POST request. This can result in the execution of unauthorized code...

CVE-2025-32106

CVE-2025-32106 affects AudioCodes Mediapack MP-11x line up to firmware 6.60A.369.002. According to the provided sources, a crafted HTTP POST request can allow an unauthenticated remote attacker to execute unauthorized code on the device. The NVD entry lists a high-severity impact with CVSS 3.1 ba...

AudioCodes Audiocodes Mediapack MP-11x 安全漏洞

The AudioCodes Audiocodes Mediapack MP-11x is a gateway device from AudioCodes Israel. A security vulnerability exists in AudioCodes Audiocodes Mediapack MP-11x 6.60A.369.002 and earlier versions, which stems from a specially crafted POST request that could lead to unauthorized code execution...

CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...

CVE-2024-21756

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted requests...

CVE-2024-23109

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API requests...

CVE-2024-23669

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...

CVE-2024-23670

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI...