Siemens RUGGEDCOM ROX II Injection Vulnerability (CNVD-2026-00019)

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to cause execution of arbitrary code...

[SECURITY] [DLA 4406-1] ruby-git security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4406-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 15, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 6081-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 14, 2025 https://www.debian.org/security/faq -...

CVE-2025-14476

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated...

Debian dsa-6081 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6081 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6081-1 [email protected]...

Debian dsa-6082 : libvlc-bin - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6082 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6082-1 [email protected] https://www.debian.org/security/...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the Decode function which runs pickle.loadsdecoded without isolation. An attacker can execute arbitrary code or manipulate application data by providing crafted serialized input. Details Serializati...

Insecure Deserialization

Modular is vulnerable to Insecure Deserialization. The vulnerability is due to insecure deserialization when the --experimental-enable-kvcache-agent feature is enabled, allowing attackers to supply crafted serialized data that can be processed by the server and lead to arbitrary code execution...

Insecure Deserialization

quantconnect.common is vulnerable to insecure deserialization. The vulnerability is due to insecure configuration of the TypeNameHandling property in the Json.NET library, which allows an attacker to exploit unsafe deserialization of crafted JSON payloads and potentially execute arbitrary code...

Code Injection

org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...

Insecure Deserialization

org.keycloak, keycloak-ldap-federation is vulnerable to insecure deserialization. The vulnerability is due to improper handling of untrusted Java object deserialization in a malicious LDAP server configuration, which allows an authenticated realm administrator to trigger the execution of arbitrar...

Remote Code Execution (RCE)

net.mingsoft, ms-mcms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation in the Template Management function, which allows an attacker to execute arbitrary code via a crafted payload...

Arbitrary Code Execution

QOS.CH logback-core is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsafe conditional processing of configuration files and environment variables, which allows an attacker with existing privileges to inject or modify a malicious configuration and execute arbitrary code at...

CVE-2025-10451

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption...

PT-2025-51077

Name of the Vulnerable Software and Affected Versions Extensive VC Addons for WPBakery page builder plugin for WordPress versions prior to 1.9.2 Description The software is susceptible to a Local File Inclusion issue due to insufficient path normalization and validation of the shortcode name...

Debian dla-4405 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4405 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4405-1 [email protected]...

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

CVE-2025-66588

In AzeoTech DAQFactory release 20.7 Build 2555, an access of uninitialized pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution...

CVE-2025-66590

In AzeoTech DAQFactory release 20.7 Build 2555, an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution or a system crash...

CVE-2024-58299 PCMan FTP Server 2.0 Remote Buffer Overflow via 'pwd' Command

PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access...