EUVD-2024-18560

Malicious code in bioql PyPI...

CVE-2024-40085

A Buffer Overflow vulnerability in the localappsetrouterwan function of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoeusername and pppoepassword fields being larger than 128 bytes in length...

CVE-2024-7674

CVE-2024-7674 affects Autodesk Navisworks where parsing a DWFX file via dwfcore.dll can trigger a heap-based buffer overflow, enabling a crash or arbitrary code execution in the current process. Affected products are Navisworks components that parse DWFX; exploitation is described as impacting th...

CVE-2024-7013

Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file...

CVE-2024-28397

CVE-2024-28397 affects the Python js2py library (versions up to 0.74). The vulnerability enables a sandbox escape and remote code execution by abusing Python object introspection from JavaScript. Attackers can obtain a PyObjectWrapper via Object.getOwnPropertyNames({}) and then traverse to Python...

CVE-2023-43879

Rite CMS 3.0 has a Cross-Site scripting XSS vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu...

CVE-2023-4029

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code...

jFinal Server-Side Template Injection vulnerability

Server-Side Template Injection SSTI vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function...

CVE-2023-21508

Out-of-bounds Write vulnerability while processing BCTUICMDSENDRESOURCEDATA command in bctui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code...

Deserialization of untrusted data

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root...

Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.7.1, 3.8.1, 3.9.1 or 3.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-pi-epnm-eRPWAXLe advisory: - An information disclosure vulnerability in the web-based management...

CVE-2023-24163

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine...

CVE-2022-29351

An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here...

Stack overflow

FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code...

Sql injection

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

Google Android Elevation of Privilege Vulnerability (CNVD-2021-80276)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handset Alliance OHA. an elevation of privilege vulnerability exists in the Framework component of Google Android. An attacker could exploit this vulnerability to execute arbitrary code in the context of a...

Tenda G1 and G3 Buffer Overflow Vulnerability (CNVD-2022-10753)

Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code via a crafted action portMappingIndex request...

CVE-2021-22660

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code...

CVE-2021-28832

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration...

Buffer overflow

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code local. The component is: K7TSMngr.exe...