206235 matches found
EUVD-2026-41483
External Control of File Name or Path vulnerability in ASUS Business Manager allows a local user to execute arbitrary code with SYSTEM privileges via a tampered IPC message. Refer to the ' Security Update for ASUS Business Manager ' section on the ASUS Security Advisory for more information...
EUVD-2026-41459
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1 up to and...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
CVE-2026-13053
WatchGuard Fireware OS has an authenticated out-of-bounds write vulnerability in the CLI command handler (CVE-2026-13053). A privileged, authenticated attacker could trigger code execution via a crafted CLI input. Affected versions include Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–...
CVE-2026-13050
Summary (CVE-2026-13050): An out-of-bounds write in WatchGuard Fireware OS is exposed via the networkd component. An authenticated privileged user can trigger arbitrary code execution by sending specially crafted requests to the Management Web UI. Affected: Fireware OS versions 11.8 (through 11.1...
EUVD-2026-36325
OpenClaw: Workspace .env could override Homebrew executable selection for skill install flows...
EUVD-2026-41378
An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...
CVE-2026-57623
Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...
CVE-2026-27436
Editor Arbitrary Code Execution in Five Star Business Profile and Schema = 2.3.19 versions...
CVE-2026-57623
CVE-2026-57623 affects the WordPress W3 Total Cache plugin (versions
CVE-2026-27436 WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability
Editor Arbitrary Code Execution in Five Star Business Profile and Schema = 2.3.19 versions...
CVE-2026-27436
The CVE covers WordPress plugin Five Star Business Profile and Schema (versions
TOTOLINK CX-A3002RU - Remote Code Execution
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...
eyoucms v.1.6.5 - Cross-Site Scripting
Cross Site Scripting XSS vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. id: CVE-2024-22927 info: name: eyoucms v.1.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS...
vBulletin replaceAdTemplate - Remote Code Execution
vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution RCE vulnerability in the ajax/api/ad/replaceAdTemplate endpoint. This flaw arises from improper use of PHP's Reflection API, allowing unauthenticated attackers to invoke protected controller methods. By injecting a crafted...
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
FoxCMS v.1.2.5 - Remote Code Execution
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. id: CVE-2025-29306 info: name: FoxCMS v.1.2.5 - Remote Code Execution author: ritikchaddha severity: critical description: | An issue in FoxCMS v.1.2.5 allows a...
shadoweb wdja v1.5.1 - Cross-Site Scripting
shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...