EUVD-2025-201771

In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48583

CVE-2025-48583 involves a logic error in BaseBundle.java across multiple Android components, enabling potential arbitrary code execution and local privilege escalation without user interaction. The issue is described consistently across NVD/Red Hat/OSV and related sources as an Elevation of Privi...

[SECURITY] [DLA 4397-1] lasso security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4397-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler December 08, 2025 https://wiki.debian.org/LTS -...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android, which stems from a logic error issue in the BaseBundle.java file that could lead to the execution of arbitrary code...

Tenda Ax3 安全漏洞

The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A buffer overflow vulnerability exists in Tenda Ax3 version v16.03.12.11, which stems from the iptvType parameter failing to properly validate the length and size of the input data, and can be exploited by ...

[SECURITY] [DSA 6073-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6073-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 07, 2025 https://www.debian.org/security/faq -...

CVE-2020-36880

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system...

CVE-2024-58278

perl2exe = V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized acce...

Arbitrary Code Execution in NLTK StanfordSegmenter via untrusted JAR loading

This report is not public...

CVE-2025-66032

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

CVE-2020-36880

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system...

CVE-2020-36881

Flexsense DiskBoss 7.7.14 contains a local buffer overflow in the Input Directory component. An unauthenticated attacker can craft a directory path via the Add Input Directory field to execute arbitrary code on the system. The CVE entry notes high impact (code execution) with local attack vector ...

EUVD-2020-30824

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

EUVD-2025-201292

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...

CVE-2025-12195

CVE-2025-12195 describes an out-of-bounds write vulnerability in the WatchGuard Fireware OS CLI. An authenticated privileged user can trigger arbitrary code execution by sending specially crafted IPSec configuration CLI commands. Affected versions span Fireware OS 11.0–11.12.4+541730, 12.0–12.11....

CVE-2025-12026 WatchGuard Firebox Authenticated Out of Bounds Write in certd

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including...

CVE-2024-58278

IndigoSTAR Perl2exe

CVE-2024-58278 IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution

perl2exe = V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized acce...

CVE-2024-58278 IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution

perl2exe = V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized acce...