1834 matches found
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...
CVE-2026-35093
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...
PT-2026-29524
Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput that allows a local attacker to bypass security restrictions by placing a specially crafted Lua bytecode file in specific system or user configuration directories...
CVE-2024-14025
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the...
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-67030
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user. Mitigation Mitigation for this issue is either not...
EUVD-2025-208957
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-41660 CODESYS Control Boot Application Replacement Enables Code Execution
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...
PT-2026-27350
Name of the Vulnerable Software and Affected Versions CODESYS Control Runtime System affected versions not specified Description A remote attacker with limited privileges may be able to replace the boot application of the CODESYS Control runtime system. Successful exploitation could lead to...
CODESYS Control runtime system 安全漏洞
CODESYS Control runtime system is a control system runtime software developed by the German company CODESYS. It enables the execution of control logic for industrial automation devices. There is a security vulnerability in CODESYS Control runtime system. This vulnerability arises from the...
Siemens APE1808 Weak Authentication (CVE-2024-48886)
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1...
Siemens APE1808 Out-of-bounds Write (CVE-2024-21762)
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0...
EUVD-2025-208901
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-62846
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-62846
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-62846
Summary: CVE-2025-62846 is a SQL injection vulnerability affecting QHora/QuRouter. An attacker with local administrator privileges can exploit the flaw to execute unauthorized commands, with a CVSSv4 base score of 9.3 (CRITICAL), using a local attack vector, no user interaction required, and high...
CVE-2025-62846 QuRouter
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...
CVE-2025-69720
A flaw was found in ncurses. This vulnerability, a buffer overflow, exists within the analyzestring function. An attacker could potentially exploit this to execute unauthorized code on the affected system, which might lead to a denial of service in the affected application, the corruption of data...