120933 matches found
CVE-2025-9458
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2025-12556
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine...
[SECURITY] [DSA 6050-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6050-1 [email protected] https://www.debian.org/security/ Andres Salomon November 07, 2025 https://www.debian.org/security/faq -...
CVE-2025-61261
CVE-2025-61261 is a reflected XSS vulnerability affecting CKEditor 46.1.0 (CKEditor 5) when used with Angular 18.0.0. The issue enables an attacker-supplied payload to execute in the user’s browser context (impact: partial in some documents; CVSS 3.1 base score 5.4). Affected component is CKEdito...
Lexmark Printers CWE CATEGORY: Pointer Issues (CVE-2023-50735)
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503896; scriptversion"1.5";...
Lexmark Printers Improper Validation of Array Index (CVE-2023-26066)
A PostScript operator that improperly validates the stack has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503906;...
Teamcenter Visualization WRL File Parsing Vulnerabilities
Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...
Lexmark Printers Improper Input Validation (CVE-2023-26069)
An input validation vulnerability has been identified in the web API in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503901; scriptversion"1.3";...
Lexmark Printers Stack-based Buffer Overflow (CVE-2023-50734)
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503885; scriptversion"1.4";...
money-pos 安全漏洞
money-pos McNee Cashiering System is a cashiering system by the individual developer of McNeeMoney. A security vulnerability exists in money-pos, which stems from a SQL injection vulnerability in the orderby parameter that could lead to the execution of arbitrary code...
Lexmark Printers Buffer Overflow (CVE-2023-26064)
An out of bounds write vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503891; scriptversion"1.3";...
py-pdfminer.six -- Arbitrary Code Execution in pdfminer.six via Crafted PDF Input
Pieter Marsman reports: pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in pdfminer.six uses pickle.loads to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six...
Lexmark Printers Access of Resource Using Incompatible Type (CVE-2024-11346)
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503884;...
Lexmark Printers Integer Overflow or Wraparound (CVE-2023-26065)
An integer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503905; scriptversion"1.3";...
Command Injection
Overview evernote-mcp-server is a MCP Server for Evernote unofficial Affected versions of this package are vulnerable to Command Injection via the openBrowser function. An attacker can execute arbitrary code with elevated privileges by supplying crafted input that is used in a system call without...
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2025-12489 evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability
evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of evernote-mcp-server. An attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2022-50589 SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality
SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code...
CVE-2025-11093
An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment. By default, access ...
CVE-2025-20376
A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a...