CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7302 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7300 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7294

The CVE-2025-7294 entry concerns IrfanView CADImage Plugin with a DXF file parsing vulnerability that leads to memory corruption and remote code execution. Affected component: IrfanView CADImage Plugin; vulnerability type: memory corruption due to insufficient validation while parsing DXF files; ...

CVE-2025-7290

CVE-2025-7290 : Affects the IrfanView CADImage Plugin. The vulnerability stems from DXF file parsing where improper validation of user-supplied data can cause memory corruption, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a maliciou...

CVE-2025-7253 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7249 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-7241

CVE-2025-7241 affects IrfanView CADImage Plugin; memory corruption during DWG file parsing can lead to remote code execution in the plugin process. Exploitation requires user interaction (visitor to a malicious page or opening a malicious file). Root cause is improper validation of user-supplied ...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-53770-Checker Comprueba si un servidor SharePoint on-...

CVE-2015-10138

The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary...

Remote Code Execution (RCE)

github.com/juju/juju is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient authorization checks caused by allowing any authenticated controller user to upload arbitrary agent binaries to any model or the controller without verifying model membership or permissions...

XWiki 7.2-milestone-2 < 16.4.7, 16.5.0-rc-1 < 16.10.3, 17.0.0-rc-1 < 17.0.0 RCE Vulnerability (GHSA-jp4x-w9cj-97q7)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2025-52379

Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/umfileNameset.cgi and /web/umwebupgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated...

CVE-2025-26186

SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php...

CVE-2025-49828 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...

CVE-2025-26186

SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php...

CVE-2025-53890 pyLoad vulnerable to remote code execution through js2py onCaptchaResult

pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no...

CVE-2025-53825

Dokploy (PaaS) unreleased/preview deployments feature: prior to 0.24.3, unauthenticated preview deployments allow any user to execute arbitrary code and read sensitive environment variables by opening a pull request in a public repository. This is described as a remote code execution risk affecti...

CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution

Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...

Exploit for SQL Injection in Fortinet Fortiweb

Table of Contents - Overview - Vulnerability D...