EUVD-2021-32194

Malicious code in bioql PyPI...

Ubuntu: Security Advisory (USN-7486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-47238

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution...

CVE-2024-45962

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

EulerOS Virtualization 2.11.0 : util-linux (EulerOS-SA-2024-2203)

According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed.QEMU has two operating modes: Full...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

USN-6592-1: libssh vulnerabilities

It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. CVE-2023-6004 It was discovered that libssh incorrectl...

Debian: Security Advisory (DLA-3469-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-38448

Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

U.S. Dept Of Defense: LOGJ4 VUlnerability [HtUS]

Description: Hi team, log4 shell is recent 0-day exploit it's Java package vulnerable. █████ is vulnerable Impact RCE System Hosts ██████ Affected Products and Versions CVE Numbers CVE-2021-44228 Steps to Reproduce 1. Go to this url =...

Privilege escalation

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

Code Injection in ngockhanh5110/nlp-vietnamese-text-summarization

Description nlp-vietnamese-text-summarization package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os...

Code injection

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code...

Type confusion

A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it...

CVE-2020-7081

Autodesk FBX-SDK is affected by CVE-2020-7081 (type confusion) in versions prior to 2019.5 according to connected sources. The underlying issue is a type confusion in the FBX-SDK that can lead to arbitrary code read/write on the host system. Real-world exploitation details are not provided in the...

USN-4156-2: SDL vulnerabilities

USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote...

USN-4129-2: curl vulnerability

USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resultin...

CVE-2018-17132

admin/goodsupdate.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue array parameter...

Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a privilege escalation vulnerability in Moxa’s EDR-810 Industrial Secure Router. Moxa has produced firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following EDR-810 versions ar...