Lucene search
K

120948 matches found

RedhatCVE
RedhatCVE
added 2025/10/15 7:38 p.m.10 views

CVE-2025-54273

Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00176EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/10/15 6:55 a.m.5 views

Multiple RSUPPORT products may insecurely load Dynamic Link Libraries

Overview Multiple RSUPPORT products contain multiple vulnerabilities listed below. RemoteView PC Application Console vulnerable to uncontrolled search path element CWE-427 - CVE-2025-26859 RemoteCall Remote Support Program for Operator vulnerable to uncontrolled search path element CWE-427 -...

8.5CVSS7.8AI score0.00157EPSS
Exploits0References7
NVD
NVD
added 2025/10/15 6:15 a.m.12 views

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS0.00157EPSS
Exploits0References2
NVD
NVD
added 2025/10/15 6:15 a.m.11 views

CVE-2025-26859

RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 6:7 a.m.9 views

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 6:7 a.m.14 views

CVE-2025-26861

CVE-2025-26861 affects RemoteCall Remote Support Program (for Operator). The vulnerability is an uncontrolled search path element (CWE-427) in versions prior to 5.3.0, which could allow arbitrary code execution if a crafted DLL is placed in the same folder as the affected product. Public sources ...

8.5CVSS7.3AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/15 6:7 a.m.3 views

CVE-2025-26861

RemoteCall Remote Support Program for Operator versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS7.3AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 6:6 a.m.17 views

CVE-2025-26860

The CVE-2025-26860 entry concerns RemoteCall Remote Support Program (for Operator) prior to version 5.1.0. The vulnerability is an uncontrolled search path element (CWE-427) that can allow arbitrary code execution if a crafted DLL is placed in the application’s folder. Documents confirm the root ...

8.5CVSS7.3AI score0.00157EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/15 6:6 a.m.4 views

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS7.3AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/15 6:6 a.m.17 views

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 6:6 a.m.10 views

CVE-2025-26859

CVE-2025-26859 affects RSUPPORT’s RemoteView PC Application Console. Versions prior to 6.0.2 are vulnerable to an uncontrolled search path element (CWE-427) that can allow arbitrary code execution if a crafted DLL is placed in the application’s folder. The issue’s root cause is a perilous search ...

8.5CVSS7.3AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 6:6 a.m.3 views

EUVD-2025-34518

RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

8.5CVSS7.2AI score0.00157EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2025/10/15 2:45 a.m.5 views

USN-7823-1: FFmpeg vulnerabilities

It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. CVE-2024-35365 It was discovered that FFmpeg did not correctly handle...

9.8CVSS7AI score0.01084EPSS
Exploits0
OSV
OSV
added 2025/10/15 2:45 a.m.4 views

USN-7823-1 ffmpeg vulnerabilities

It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. CVE-2024-35365 It was discovered that FFmpeg did not correctly handle...

9.8CVSS7.1AI score0.01084EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/10/15 2:26 a.m.8 views

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

8.8CVSS0.00682EPSS
Exploits0References2
NVD
NVD
added 2025/10/15 2:15 a.m.3 views

CVE-2023-7305

SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensitive operations or execute arbitrary code o...

9.2CVSS0.00485EPSS
Exploits0References4
NVD
NVD
added 2025/10/15 2:15 a.m.9 views

CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

9.3CVSS0.00436EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/15 1:23 a.m.5 views

EUVD-2011-5263

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

9.3CVSS7.7AI score0.00436EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/10/15 1:23 a.m.5 views

CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

9.3CVSS6.2AI score0.00436EPSS
Exploits0References5
NVD
NVD
added 2025/10/15 1:15 a.m.9 views

CVE-2025-54279

Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00231EPSS
Exploits0References1
Rows per page
Query Builder