120819 matches found
CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...
USN-7919-1 binutils vulnerabilities
It was discovered that GNU binutils' dumpdwarfsection function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11081 It was...
CVE-2025-40937
A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application do not properly validate input parameters in its REST API, resulting in improper handling of unexpected arguments. This could allow an authenticated attacker to execute arbitrary code with limited...
CVE-2025-9571 Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload
A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...
CVE-2025-9571
CVE-2025-9571 is a remote code execution vulnerability in Google Cloud Data Fusion. An attacker with permission to upload artifacts to a Data Fusion instance can execute arbitrary code in the core AppFabric component, potentially gaining control of the Data Fusion instance and leading to unauthor...
EUVD-2025-202341
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...
EUVD-2025-202339
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
EUVD-2025-202344
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted...
CVE-2025-61808
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
CVE-2025-61810
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted...
CVE-2025-61811
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute...
CVE-2025-61812
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction...
CVE-2025-61810
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted...
CVE-2025-61808
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed...
Adobe ColdFusion 访问控制错误漏洞
Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. An Access Control Error vulnerability exists in Adobe ColdFusion versions 2025.4, 2023.16, 2021.22,...
PT-2025-50364
Name of the Vulnerable Software and Affected Versions Algernon version 1.17.4 Description A Cross Site Scripting issue exists in Algernon version 1.17.4. This allows attackers to execute arbitrary code by injecting a crafted payload into a filename. The issue involves the injection of malicious...
MailEnable 代码问题漏洞
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
CVE-2025-65754
Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename...
Tenda Ax3 Buffer Overflow Vulnerability
The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A buffer overflow vulnerability exists in Tenda Ax3 version v16.03.12.11, which stems from the iptvType parameter failing to properly validate the length and size of the input data, and can be exploited by ...