CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2019-15324

The ad-inserter plugin before 2.4.22 for WordPress has remote code execution...

CVE-2019-11954

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

CVE-2019-0952

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'...

CVE-2025-3882 eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability

eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not required to exploit th...

CVE-2025-3887 GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

CVE-2011-4941

Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors...

PT-2025-22368

Name of the Vulnerable Software and Affected Versions sr feuser register extension for TYPO3 versions through 12.4.8 Description The issue allows remote code execution via unsafe deserialization. There is no information provided about the estimated number of potentially affected devices worldwide...

CVE-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with...

CVE-2025-4389 Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomaticgeneratefeaturedimage function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to...

CVE-2025-47785

CVE-2025-47785 affects Emlog up to version 2.5.9. The issue is a SQL injection in the $origContent parameter of admin/article_save.php, which is accessible to ordinary registered users. This can induce SQL injection when the registered site is enabled, potentially allowing the injection of the ad...

CVE-2025-47785 EMLOG SQL Injection Vulnerability

Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/articlesave.php is not strictly filtered. Since admin/articlesave.php can be accessed by ordinary registered users, this will cause SQL injectio...

CVE-2025-26389

A vulnerability has been identified in OZW672 All versions V8.0, OZW772 All versions V8.0. The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with roo...

CVE-2025-3053

CVE-2025-3053: UiPress lite for WordPress

PT-2025-21257 · WordPress · 百度站长Seo合集

Name of the Vulnerable Software and Affected Versions: 百度站长SEO合集 plugin for WordPress versions up to, and including, 2.0.6 Description: The issue is related to arbitrary file uploads due to missing file type validation in the download remote image to media library function. This allows...

CVE-2025-47292

Cap Collectif's CVE-2025-47292 describes an insecure deserialization flaw in the DebateAlternateArgumentsResolver, where deserializing a Cursor can be controlled by an unauthenticated user and lead to Remote Code Execution. Affected software is Cap Collectif prior to the commit 812f2a7d271b76deab...

PT-2025-21145 · Unknown · Cap Collectif

Name of the Vulnerable Software and Affected Versions: Cap Collectif versions prior to the version including commit 812f2a7d271b76deab1175bdaf2be0b8102dd198 Description: The issue concerns the Cap Collectif online decision-making platform, which has a flaw in the DebateAlternateArgumentsResolver...

CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability

...