120812 matches found
CVE-2025-53000
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...
CVE-2025-53000 nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...
CVE-2025-67170
A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
CVE-2025-66953
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /systemsetup.htm, /setclock.htm, /receiversetup.htm, /cal.htm?..., and /channelsetup.htm endpoints...
EUVD-2025-203902
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...
GHSA-M4F2-XPFQ-H97V Pagekit CMS is vulnerable to OS Command Injection via Storage component
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...
CVE-2025-65855
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...
CVE-2025-14252
An Improper Access Control vulnerability in Advantech SUSI driver susi.sys allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior...
kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
A vulnerability has been identified in the Linux kernel's Network File System NFS daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client...
CVE-2025-53524
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
CVE-2025-53524 Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
EUVD-2025-203858
Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code...
Fuji Electric Monitouch V-SFT-6 缓冲区错误漏洞
Fuji Electric Monitouch V-SFT-6 is a screen configuration software from Fuji Electric, Japan. A buffer error vulnerability exists in Fuji Electric Monitouch V-SFT-6, which originates from an out-of-bounds write when processing a specially crafted project file, and could lead to the execution of...
CVE-2025-67170
A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
CVE-2025-67170
A reflected cross-site scripting XSS vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
Zed 命令注入漏洞
Zed is an open source code editor from Zed Industries. A command injection vulnerability exists in versions prior to Zed 0.218.2-pre that stems from loading a malicious LSP configuration from the settings.json file in the project.zed subdirectory, which could lead to arbitrary code execution...
Netun Solutions HelpFlash IoT 安全漏洞
Netun Solutions HelpFlash IoT is a smart connected vehicle emergency warning light from Netun Solutions, Spain. A security vulnerability exists in Netun Solutions HelpFlash IoT version v18178221102ASCIIPRO1R550, which stems from an OTA firmware update mechanism that uses hard-coded WiFi credentia...
ROS-20251217-7323
A vulnerability in the Redis database management system DBMS is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...