120948 matches found
CVE-2025-61932
Lanscope Endpoint Manager On-Premises Client program MR and Detection agent DA improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets...
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
USN-7826-2: Samba vulnerabilities
USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An...
CVE-2025-11948
Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-11948
CVE-2025-11948 affects the Document Management System by Excellent Infotek. Descriptions across Red Hat, NVD, CIRCL and CVE lists report an Arbitrary File Upload vulnerability that enables unauthenticated remote attackers to upload and execute a web shell, leading to arbitrary code execution on t...
thunderbird: firefox: Memory safety bugs
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...
VulnCheck KEV: CVE-2022-28054
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value...
TruffleHog 安全漏洞
TruffleHog is an open source tool from Truffle Security. A security vulnerability exists in TruffleHog version 3.90.2, which stems from a specially crafted repository could lead to arbitrary code execution...
VulnCheck KEV: CVE-2025-61932
Lanscope Endpoint Manager On-Premises Client program MR and Detection agent DA improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets...
SLiMS 9 Bulian 安全漏洞
SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which stems from...
GeoVision GV-BX1500和GeoVision GV-MFD1501 安全漏洞
The GeoVision GV-BX1500 and GeoVision GV-MFD1501 are both a series of indoor IP cameras from GeoVision China. A security vulnerability exists in the GeoVision GV-BX1500 and GeoVision GV-MFD1501 that stems from a remote command injection in /PictureCatch.cgi, which could lead to the execution of...
Truffle Security Co. TruffleHog git arbitrary code execution vulnerability
Talos Vulnerability Report TALOS-2025-2243 Truffle Security Co. TruffleHog git arbitrary code execution vulnerability October 20, 2025 CVE Number CVE-2025-41390 SUMMARY An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially...
JLSEC-2025-123 libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale h...
libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...
FreeBSD : Mozilla -- Memory safety bugs (ed132d42-ab81-11f0-b961-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ed132d42-ab81-11f0-b961-b42e991fc52e advisory. [email protected] reports: Memory safety bug. This bug showed evidence of memory corruption and we...
[slackware-security] sqlite
New sqlite packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sqlite-3.50.4-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: A memory corruption issue caused by improper handling...
Deserialization of Untrusted Data
Overview pyquokka is a Quokka Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the doaction function in the flight.py file. An attacker can execute arbitrary code on the server by sending maliciously crafted serialized data through the network interface...
EUVD-2025-34911
An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2025-56320
Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...
CVE-2025-56218
An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...
GHSA-CVHH-Q5G5-QPRP Keras framework vulnerable to deserialization of untrusted data
Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...