Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09142)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from the internally used 'LockProject' method. An attacker could exploit the vulnerability to cause bypass of...

Siemens TeleControl Server SQL Injection Vulnerability (CNVD-2025-09150)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to bypass authorization controls and execute arbitrary code...

Fortinet FortiIsolator Operating System Command Injection Vulnerability

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...

Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH

Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…...

CVE-2025-29820

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2025-27749

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2025-26671

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network...

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2024-54024

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...

CVE-2024-54025

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2025-29823

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CVE-2025-27749

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...

CVE-2025-27481

Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network...

CVE-2025-26686

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network...

CVE-2025-27751

CVE-2025-27751 is a Microsoft Excel remote code execution vulnerability described as a use-after-free in Excel, enabling an attacker to run code locally. Public materials in the connected set confirm an in-Excel object lifecycle issue is exploited via crafted DOCX payloads to achieve code executi...

CVE-2024-54025

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-54025

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests...

CVE-2024-54025

Fortinet FortiIsolator CLI prior to version 2.4.6 is affected by an OS Command Injection (CWE-78) vulnerability due to improper neutralization of special elements in commands. This could allow a privileged attacker to execute unauthorized commands via crafted CLI requests (local access). Affected...

CVE-2024-54024

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...

PT-2025-15592

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Office affected versions not specified Microsoft Office Long Term Servicing Channel affected versions not specifi...