CVE-2024-41605

CVE-2024-41605 affects Foxit PDF Reader before 2024.3 and Foxit PDF Editor before 2024.3, and 13.x before 13.1.4. The issue is that the updater lacks integrity validation, allowing an attacker to replace an update file with a Trojan horse and execute attacker-controlled code via side loading. Thi...

CVE-2024-42787

A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=saveplaylist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields...

CVE-2024-42790

CVE-2024-42790 describes a Reflected XSS in Kashipara Music Management System v1.0 affecting /music/index.php?page=test via the page parameter. The issue stems from insufficient input handling/escaping, enabling remote attackers to inject scripts and potentially run code in the victim’s context. ...

CVE-2024-38433

CVE-2024-38433 affects Nuvoton NPCM7xx BMC subsystem that uses the BootBlock. An attacker with write access to SPI-Flash can modify the u-boot image header parsed by BootBlock, enabling an authentication bypass and potentially arbitrary code execution. The CVSS data in the connected documents ind...

CVE-2024-26574

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe...

CVE-2024-28583

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the readLine function when reading images in XPM format...

CVE-2023-48201

Sunlight CMS 8.0.1 is affected by a Cross Site Scripting (XSS) vulnerability in the Content text editor component. A remote authenticated attacker can craft a script that, when processed by the editor, may lead to arbitrary code execution and privilege escalation. The available sources consistent...

(0Day) (Pwn2Own) Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft DirectX Graphics Kernel Elevation of Privilege (CVE-2022-37954)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Ubuntu: Security Advisory (USN-2424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bentley MicroStation CONNECT 3DS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2021-44629

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloudconfig/routerpost/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request...

JT Utilities and JTTK File Parsing Vulnerability (CNVD-2021-101008)

JT is a publicly released data format developed by Siemens Digital Industry Software.JT Open Toolkit also known as JTTK is developer-oriented application programming interface API JT-enabled software.JT Open Toolkit is a read and write toolkit.JT Utilities and JTTK file parsing vulnerabilities. A...

Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Out-of-bounds

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code...

(Pwn2Own) Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Security Update for Microsoft Word 2016 (KB4484510) 32-Bit Edition

A security vulnerability exists in Microsoft Word 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Ovirt Engine Reflected Cross Site Scripting (CVE-2016-3113)

A reflected cross site scripting vulnerability exists in Ovirt Engine. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

Prototype Pollution

@commercial/subtext is vulnerable to prototype pollution. Lack of object validation allows an attacker to inject arbitrary Object properties which can potentially lead to execution of arbitrary code...