CVE-2020-36937

The CVE-2020-36937 entry concerns Microvirt MEMU Play 3.7.0, where the MEmusvc Windows service has an unquoted service path. This allows a local attacker to potentially execute arbitrary code by injecting a malicious executable placed in the unquoted path, with elevated LocalSystem privileges. Do...

KMSpico code-related vulnerabilities

KMSpico is a Windows operating system and Office software cracking tool developed by KMSpico Corporation. Version KMSpico 17.1.0.0 has a code vulnerability that stems from the lack of quotation marks around service paths, which may allow for the execution of arbitrary code...

HTC IPTInstaller code-related vulnerabilities

HTC IPTInstaller is a Windows platform tool plugin developed by HTC Corporation in the United States. Version 4.0.9 of HTC IPTInstaller contains a code vulnerability; this vulnerability stems from the service path not being enclosed in quotes, which may allow for the execution of arbitrary code...

CVE-2026-0781

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-24403 iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

iccDEV input validation error vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflow in the CIccProfile::CheckHeader function,...

CVE-2021-47896

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will b...

Arbitrary Code Execution

binary-parser is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized interpolation of untrusted values into dynamically generated code, where attacker-controlled parser field names or encoding parameters are embedded directly into generated JavaScript, allowing arbitra...

Command Injection

Overview gemini-mcp-tool is a MCP server for Gemini CLI integration Affected versions of this package are vulnerable to Command Injection via the execAsync function. An attacker can execute arbitrary code with the privileges of the service account by supplying crafted input that is not properly...

Command Injection

Overview mcp-server-siri-shortcuts is a MCP server that provides access to Siri shortcuts Affected versions of this package are vulnerable to Command Injection via the shortcutName parameter. An attacker can execute arbitrary code with elevated privileges by supplying crafted input that is used i...

Command Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Command Injection via the installfrontmatterrequirements function. An attacker can execute arbitrary code in the context of the service account by supplying crafted input that is not properly validated before...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validation. Details Serialization is a process of converting an object in...

Deserialization of Untrusted Data

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the disk cache service. An attacker can execute arbitrary code by supplying crafted data that is deserialized without proper validatio...

Eval Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted string that is evaluated without proper validation...

Eval Injection

Overview lfx is a lfx is a command-line tool for running Langflow workflows. It provides two main commands: serve and run. Affected versions of this package are vulnerable to Eval Injection via the evalcustomcomponentcode function. An attacker can execute arbitrary code by supplying a crafted...

Unsafe Dependency Resolution

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the execglobals parameter in the validate endpoint. An attacker can execute arbitrary code by supplying crafted input to this parameter...

CVE-2026-0771

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0757

MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...

UBUNTU-CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...