CVE-2025-66046

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67...

CVE-2025-66047

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131...

CVE-2025-66044

Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64...

Security Bulletin: Vulnerabilities in smarty and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in smarty and axios. Vulnerabilities include allowing an attacker to inject malicious scripts into a Web page and steal cookie-based authentication credentials, execute arbitrary code on the system, and...

CVE-2025-64995

A privilege escalation vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via insecure Hessian deserialization in the PD store. An attacker can execute arbitrary code by sending maliciously crafted data from a compromised or rogue Raft node. Details Serialization is a process...

CVE-2025-12824

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'playerleaderboard' shortcode. This is due to the plugin using an unsanitized user-supplied value from the shortcode's 'mode' attribute in a call to include withou...

CVE-2025-10451

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption...

CVE-2025-65474

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format...

CVE-2025-65473

An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name...

EUVD-2024-55343

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

CVE-2025-10451 H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption...

CVE-2025-10451 H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from unchecked output buffers and could lead to arbitrary code execution and SMM memory...

PT-2025-50798

Name of the Vulnerable Software and Affected Versions versions prior to Dec. 12, 2025 Description An unchecked output buffer issue may allow arbitrary code execution in System Management Mode SMM and potentially lead to SMM memory corruption. This relates to a memory corruption issue in combined...

Siemens Simcenter Femap 安全漏洞

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. A security vulnerability exists in versions prior to Siemens Simcenter Femap...

PCMan FTP Server 安全漏洞

PCMan FTP Server is a suite of FTP server software from PCMan Open Source. A security vulnerability exists in PCMan FTP Server version 2.0, which stems from a buffer overflow in the pwd command that could lead to the execution of arbitrary code...

CVE-2024-58313

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

CVE-2024-58304

CVE-2024-58304 – SPA-CART CMS 1.9.0.3 is affected by a stored cross-site scripting vulnerability in the product description parameter. The issue allows authenticated administrators to inject JavaScript via the descr field in the product edit form, causing arbitrary code execution in the web brows...