CVE-2022-39952

A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via...

CVE-2020-27860

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-6081

An exploitable code execution vulnerability exists in the PLCTask functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2020-13585

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2024-52571

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Teamcenter Visualization V2406 All versions V2406.0005, Tecnomatix Plant Simulation V2302...

CVE-2024-47940

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 9. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the curre...

CVE-2024-23795

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0012, Tecnomatix Plant Simulation V2302 All versions V2302.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. Thi...

CVE-2024-1829

A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injectio...

CVE-2024-10871

The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'paramscaf-post-layout' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2024-45470

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0016, Tecnomatix Plant Simulation V24...

CVE-2024-55978

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WalletStation Code Generator Pro code-generator-pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through = 1.2...

CVE-2024-4326

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

CVE-2025-21107

Dell NetWorker, versions prior to 19.11.0.3, all versions of 19.10 & prior versions contains an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2024-0140

NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2025-24364

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjus...

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

CVE-2024-55971

SQL Injection vulnerability in the default configuration of the Logitime WebClock application = 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server...