CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2026-25227

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

CVE-2025-54519

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

CVE-2025-29950

Improper input validation in system management mode SMM could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution...

CVE-2025-29951

A buffer overflow in the AMD Secure Processor ASP bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

CVE-2026-0969

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

CVE-2025-1924

CVE-2025-1924 affects Yokogawa’s Vnet/IP Interface Package for CENTUM VP (R6/R7: VP6C3300/VP7C3300) as of R1.07.00 or earlier. The sources describe that processing of maliciously crafted packets can cause a DoS in Vnet/IP communication functions and may lead to arbitrary programs to be executed. ...

CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...

CVE-2025-63421

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

CVE-2026-20700

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this...

SUSE CVE-2025-69872

DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...

KLA90881 ACE vulnerability in Google Chrome

Use-after-free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Stable Channel Update for Desktop Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...

PT-2026-8002

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1 Description An issue exists in OpenSourcePOS version 3.4.1 that permits attackers to execute arbitrary code by returning a specially crafted AJAX response. The issue involves manipulating the response from an AJAX...

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VMSVGA...

CVE-2025-70093

OpenSourcePOS v3.4.1 is affected by CVE-2025-70093, described as an arbitrary code execution vulnerability triggered by returning a crafted AJAX response. The available sources corroborate a high-severity issue (CVSS 7.4; network attack, no user interaction) affecting OpenSourcePOS 3.4.1. The doc...

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response...