ROS-20260129-73-0044

Vulnerability in python-django related to failure to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260129-73-0050

Vulnerability in nextcloud-app-contacts related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260129-73-0006

Vulnerability in gdb related to writing outside buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...

PT-2026-5285

BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search...

CVE-2025-69749

CVE-2025-69749 describes a Cross Site Scripting vulnerability in tale v2.0.5 . The public descriptions state an attacker can execute arbitrary code, but the connected documents do not provide concrete technical details (e.g., vulnerable component, root cause, affected files, or patch/version with...

CVE-2025-69749

Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code...

TongSoft Audio Playback Recorder has a security vulnerability

TongSoft Audio Playback Recorder is an audio recording tool developed by TongSoft Corporation. Version 3.2.2 of TongSoft Audio Playback Recorder contains a security vulnerability. This vulnerability stems from local buffer overflows in pop-up windows and registration parameters, which may allow f...

PT-2026-5291

Name of the Vulnerable Software and Affected Versions CodeMeter version 6.60 Description CodeMeter 6.60 contains an unquoted service path that may allow local users to execute arbitrary code with elevated system privileges. An attacker can exploit the unquoted binary path in the CodeMeter Runtime...

CVE-2026-24856

CVE-2026-24856 affects iccDEV up to version 2.3.1.2. The issue is an undefined behavior when converting floating-point NaN values to unsigned short integers during ICC profile XML parsing, which can corrupt memory structures and enable arbitrary code execution. The fix is in version 2.3.1.2. IBM/...

CVE-2026-24856

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile X...

CVE-2025-61731

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

CVE-2025-61731

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Go Vulnerability Report: Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g...

CVE-2020-36971

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

CVE-2025-61140

A flaw was found in jsonpath. The value function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of...

CVE-2020-36971

CVE-2020-36971 affects Nidesoft 3GP Video Converter 2.6.18. The vulnerability is a local stack buffer overflow in the license registration parameter; an attacker can craft a malicious payload in the License Code field to execute arbitrary code on the host. Provided sources consistently describe t...

EUVD-2020-30878

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on the system...

CVE-2020-36965 docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

CVE-2020-36989

ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute...

CVE-2020-36991

ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path configuration by placing malicious executables in specific system directories to gain...