Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the ElementIndexesController and FieldsController components. An attacker can execute arbitrary code by...

EUVD-2026-12419

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

EUVD-2026-12227

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

EUVD-2026-12226

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrar...

EUVD-2025-208675

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...

EUVD-2025-208679

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...

CVE-2026-3476

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-2920

A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...

About the Remote Code Execution Vulnerability - n8n (CVE-2025-68613)

About Remote Code Execution Vulnerability - n8n CVE-2025-68613. n8n is a workflow automation platform available under a fair-code license. Improper Control of Dynamically-Managed Code Resources CWE-913 in the n8n workflow expression evaluation system allows a remote authenticated attacker without...

CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2026-3476 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file...

CVE-2025-41432

CVE-2025-41432 is an out-of-bounds write vulnerability affecting OpenHarmony up to v5.1.0. The issue is present in arkcompiler_ets_runtime and allows a local attacker to execute arbitrary code within pre-installed apps. The impact is described as high for confidentiality, integrity, and availabil...

Delta Electronics COMMGR2 Stack Buffer Overflow Vulnerability

Delta Electronics COMMGR2 is an automation equipment communication management software from Delta Electronics China. Delta Electronics COMMGR2 suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking. An attacker could exploit this vulnerability to execute...

CVE-2025-69784

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

PT-2026-25776

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

PT-2026-25623

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...

arduino-TuyaOpen 安全漏洞

Arduino-TuyaOpen is an IoT development framework based on Arduino, open-sourced by Tuya. Versions of Arduino-TuyaOpen prior to 1.2.1 contained security vulnerabilities. These vulnerabilities stemmed from a single-byte buffer overflow in the WiFiMulti component, which could allow for the execution...

PT-2026-25703

Name of the Vulnerable Software and Affected Versions SOLIDWORKS Desktop versions 2025 through 2026 Description A code injection issue exists in SOLIDWORKS Desktop. Successful exploitation while opening a specially crafted file could allow an attacker to execute arbitrary code on the user's...