55 matches found
EUVD-2011-2876
Malware in sbrugna...
EUVD-2021-0825
Malware in sbrugna...
EUVD-2023-27187
Malicious code in bioql PyPI...
CVE-2025-7361
A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...
AlmaLinux 8 : emacs (ALSA-2025:11030)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:11030 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the AlmaLinux security...
CVE-2025-47128 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...
CVE-2025-44023
An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212 allows an attacker to execute arbitrary via the accountmgr.cgi-cgichgadminpw components...
CVE-2024-40446
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script...
CVE-2025-30286 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. A high-privileged attacker could leverage this vulnerabili...
CVE-2025-22835
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...
CVE-2022-43643
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TC...
CVE-2022-42403
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2023-39943
Ashlar-Vellum Cobalt family (Cobalt, Xenon, Argon, Lithium, and related components) is affected by CVE-2023-39943 due to improper validation of user-supplied XE data, leading to an out-of-bounds write that could allow arbitrary code execution. Affected versions include Cobalt v12 SP0 Build (1204....
CVE-2024-49551
CVE-2024-49551 affects Adobe Media Encoder versions 25.0 and 24.6.3 and earlier, with an out-of-bounds write that could allow arbitrary code execution in the user’s context. Exploitation requires the victim to open a malicious file (user interaction). Connected sources also reference related CVEs...
GTKWave integer overflow vulnerability (CNVD-2024-37751)
GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An integer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...
CVE-2023-35986 Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32203 Horner Automation Cscape Out-of-bounds Write
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32305
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the...
CVE-2022-43646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP...
CVE-2023-24163
SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine...