CVE-2025-14492

RealDefense SUPERAntiSpyware contains a local privilege escalation in the SAS Core Service due to an exposed dangerous function. The flaw allows an attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code on affected installations. CVSS v3.0 metrics indicate local...

CVE-2025-14492 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2025-14924

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

Deserialization of Untrusted Data

Overview accelerate is an Accelerate Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing of checkpoints. An attacker can execute arbitrary code by convincing a user to open a specially crafted file or visit a malicious web page. Note: The report w...

CVE-2021-47739

Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the ddstime function due to insufficient validation in the time certificate verification. An attacker can gain elevated privileges and execute arbitrary commands by bypassing certificate checks...

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613 , carries a CVSS score of 9.9 out of a maximum of 10.0...

EUVD-2023-60228

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

PT-2025-52834

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...

LangChain 代码问题漏洞

LangChain is a LangChain open source framework for developing applications powered by the Large Language Model LLM. A code issue vulnerability exists in LangChain versions prior to 0.3.37 and prior to 1.2.3, which stems from serialization injection and could lead to the execution of arbitrary cod...

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...

CVE-2023-53966

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute...

CVE-2023-53971 WebTareas 2.4 Authenticated Remote Code Execution via File Upload

WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file pa...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-11542

CVE-2025-11542 concerns Sharp Display Solutions projectors (NEC-branded). The issue is a stack-based buffer overflow in the projector firmware that could allow an attacker to execute arbitrary commands and programs. Related connected documents enumerate additional vulnerabilities in the same fami...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgvalidatepipelinedesc function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...

Frappe Framework 安全漏洞

Frappe Framework is a metadata-driven full-stack web application framework based on Python and JavaScript from Frappe India. A security vulnerability exists in the Attachments module of Frappe Framework v15.89.0, which stems from the fact that uploading a specially crafted XML file could lead to...

AIRC MyNET 安全漏洞

AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.06 and earlier versions, which stems from an iframe injection issue with the src parameter that could lead to the execution of arbitrary code by a remote attacker...

PT-2025-52716

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.32 Description MyBB version 1.8.32 contains a chained issue that allows authenticated administrators to bypass avatar upload restrictions and potentially execute arbitrary code. Attackers can modify upload path settings, uploa...