CVE-2026-26064

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

CVE-2025-49753 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

...

CVE-2022-41924

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows...

KB5049981: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (January 2025)

The remote Windows host is missing security update 5049981. It is, therefore, affected by multiple vulnerabilities - Windows Reliable Multicast Transport Driver RMCAST Remote Code Execution Vulnerability CVE-2025-21307 - Windows Telephony Service Remote Code Execution Vulnerability CVE-2025-21223...

.NET Core Multiple Vulnerabilities - Windows

.NET Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore";...

Exploit for CVE-2017-0144

PoC exploit for CVE-2017-0144 EternalBlue using the Doublepulsar backdoor, implemented as a Metasploit module. The target product/service is Windows, and the vulnerability class is RCE Remote Code Execution. The probable entry point is the Metasploit module, and the notable dependency is the...

CVE-2020-0684

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...

Microsoft Windows and Microsoft Windows Server Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows and Microsoft Windows...

react-dev-utils on Windows vulnerable to Remote Code Execution

react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...

CVE-2018-0824

A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

CVE-2017-11885

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service...

MS16-069: Cumulative security update for JScript and VBScript: June 14, 2016

Resolves vulnerabilities in the JScript and VBScript scripting engines in Windows that could allow remote code execution if a user visits a specially crafted website.Summary This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The...

MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016

MS16-053: Description of the security update for JScript and VBScript 5.8: May 10, 2016 Summary This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially...

CVE-2015-2435

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1,...

ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection

source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

VLC Media Player M3U DoS Vulnerability - Windows

VLC Media Player is prone to denial of service DoS and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...