120840 matches found
CVE-2025-34324 GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...
CVE-2025-63603
A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...
CVE-2025-41736
The CVE-2025-41736 vulnerability affects METZ CONNECT EWIO2 family (EWIO2-M, EWIO2-M-BM, EWIO2-BM) and is triggered by a path traversal in PHP that allows a low-privileged, remote attacker to upload or overwrite a Python script, resulting in remote code execution. Multiple sources describe the is...
CVE-2025-8404
CVE-2025-8404 describes a stack buffer overflow in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC can trigger a crafted header to overflow a stack and achieve arbitrary code execution on the BMC firmware OS. The issue is assessed with CVSS 3.1: Network attack ...
EUVD-2025-197951
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...
CVE-2025-7623 Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system...
PT-2025-47331
Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...
PT-2025-47339
Name of the Vulnerable Software and Affected Versions GoSign Desktop versions 2.4.0 and earlier Description GoSign Desktop versions 2.4.0 and earlier utilize an unsigned update manifest for application updates. This manifest includes package URLs and SHA-256 hashes, but lacks digital signing,...
Supermicro BMC 安全漏洞
The SuperMicro BMC is a firmware from SuperMicro USA used in devices such as servers, top-of-rack switches or RAID devices. A security vulnerability exists in the Supermicro BMC Shared library that originates from a stack buffer overflow and could lead to arbitrary code execution...
Rockwell Automation Arena Stack Buffer Overflow Vulnerability
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...
Supermicro BMC Firmware 安全漏洞
Supermicro BMC Firmware is a system firmware from Supermicro Corporation USA. A security vulnerability exists in Supermicro BMC Firmware that originates from a stack buffer overflow that could lead to arbitrary code execution...
MCP Server for Data Exploration 安全漏洞
MCP Server for Data Exploration is an MCP server for reading-plus-ai individual developers. A security vulnerability exists in MCP Data Science Server version 0.1.6 that stems from the safeeval function not restricting the builtins dictionary, which could lead to arbitrary code execution...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in Fortinet...
Linksys E1200 Stack Buffer Overflow Vulnerability
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
EUVD-2025-198039
Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...
D-Link DIR-816L Buffer Overflow Vulnerability
DIR-816L is a wireless router product from D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which originates from the soapcgimain function in the /soap.cgi file that does not perform a valid bounds check on input data. An attacker could use this...
Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00025)
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
PT-2025-47327
Name of the Vulnerable Software and Affected Versions electic-shop version 1.0 Description A DOM-based cross-site scripting issue exists where the client-side JavaScript reads attacker-controlled input and inserts it into the DOM via unsafe sinks, specifically innerHTML, insertAdjacentHTML, and...
Supermicro BMC Firmware 安全漏洞
Supermicro BMC Firmware is a system firmware from Supermicro Corporation USA. A security vulnerability exists in Supermicro BMC Firmware that originates from a stack buffer overflow in the BMC Web function that could lead to arbitrary code execution...
PT-2025-47411
Name of the Vulnerable Software and Affected Versions Mozart FM Transmitter version WEBMOZZI-00287 Description The Mozart FM Transmitter web management interface is susceptible to a reflected Cross-Site Scripting XSS issue. An attacker can inject a malicious JavaScript payload into the ?m= query...