EUVD-2026-4738

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weightsonly unpickler allows an attacker to craft a malicious checkpoint file .pth that, when loaded with torch.load..., weightsonly=True, can corrupt memory and potentially lead to...

EUVD-2020-30868

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during syste...

CVE-2020-36983

Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during syste...

EUVD-2020-30869

SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling...

Command Injection

Overview runx is a runx - experiment manager for machine learning research Affected versions of this package are vulnerable to Command Injection in undisclosed functionality. According to the vendor, an attacker can execute arbitrary code, escalate privileges, cause denial of service, disclose...

CVE-2025-69419

A flaw was found in OpenSSL. When processing a specially crafted PKCS12 Personal Information Exchange Syntax Standard file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSLuni2utf8 function, leads to memory corruption by writing data...

CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

Eval Injection

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Eval Injection during the Expression evaluation workflow. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not...

CVE-2026-24810

A flaw was found in rethinkdb. Commonly known as a classic buffer overflow, the vulnerability allows a remote, unauthenticated attacker to provide specially crafted input. Successful exploitation can lead to arbitrary code execution, granting the attacker full control over the affected system...

CVE-2025-41726

CVE-2025-41726 affects Beckhoff components (Beckhoff: Arbitrary code execution within privileged processes). The connected records describe a low-privileged remote attacker who can issue specially crafted calls to the Device Manager web service or interact via an API, triggering integer overflows...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

EUVD-2025-206407

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

Exploit for CVE-2025-56005

Ply 3.11 Exploit Rejection This project argues that CVE‑202...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the PNGImageEncoder process. An attacker can execute arbitrary code by supplying crafted input that is improperly handled during image encoding. Remediation A fix was pushed into the master branch but not ye...

CVE-2026-21408

beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges...

CVE-2026-21408

beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges...

CVE-2026-21408

The CVE-2026-21408 issue affects beat-access for Windows 3.0.3 and earlier, due to an insecure DLL search path (Uncontrolled search path element, CWE-427) that may cause loading of DLLs leading to arbitrary code execution with SYSTEM privileges. Documented impact is arbitrary code execution with ...

Motorola Device Manager code-related vulnerabilities

Motorola Device Manager is a computer-based device management tool developed by the American company Motorola. Version 2.4.5 of Motorola Device Manager contains a code vulnerability caused by an unquoted service path, which may allow for the execution of arbitrary code...