Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

GLSA-202601-03 : GIMP: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-03 GIMP: Arbitrary Code Execution A vulnerability has been discovered in GIMP. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo...

GLSA-202601-05 : Commons-BeanUtils: Arbitary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-05 Commons-BeanUtils: Arbitary Code Execution Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...

Hiawatha security vulnerabilities

Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by a double release in the XSLT...

Micron Crucial Storage Executive code-related vulnerabilities

Micron Crucial Storage Executive is a solid-state drive management tool developed by the American company Micron. Versions of Micron Crucial Storage Executive prior to 11.08.082025.00 contained a code vulnerability. This vulnerability stemmed from a DLL preloading vulnerability in the installer,...

Dassault Systèmes SOLIDWORKS eDrawings security vulnerabilities

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool provided by Dassault Systèmes, a French company, for viewing, sharing, and annotating 2D/3D design files. Dassault Systèmes SOLIDWORKS eDrawings has a security vulnerability that stems from out-of-bounds writing during the reading of...

RHEL 9 : gnupg2 (RHSA-2026:1229)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1229 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

CVE-2020-36937

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

CVE-2020-36937

The CVE-2020-36937 entry concerns Microvirt MEMU Play 3.7.0, where the MEmusvc Windows service has an unquoted service path. This allows a local attacker to potentially execute arbitrary code by injecting a malicious executable placed in the unquoted path, with elevated LocalSystem privileges. Do...

CVE-2020-36937 MEMU PLAY 3.7.0 - 'MEmusvc' Unquoted Service Path

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

EUVD-2026-4636

Microvirt MEMU Play 3.7.0 contains an unquoted service path vulnerability in the MEmusvc Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with elevated LocalSystem...

KMSpico code-related vulnerabilities

KMSpico is a Windows operating system and Office software cracking tool developed by KMSpico Corporation. Version KMSpico 17.1.0.0 has a code vulnerability that stems from the lack of quotation marks around service paths, which may allow for the execution of arbitrary code...

HTC IPTInstaller code-related vulnerabilities

HTC IPTInstaller is a Windows platform tool plugin developed by HTC Corporation in the United States. Version 4.0.9 of HTC IPTInstaller contains a code vulnerability; this vulnerability stems from the service path not being enclosed in quotes, which may allow for the execution of arbitrary code...

CVE-2026-0781

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-24403 iccDEV Undefined Behavior in CIccProfile::CheckHeader() Leads to Integer Overflow

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

iccDEV input validation error vulnerability

iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from integer overflow in the CIccProfile::CheckHeader function,...

CVE-2021-47896

PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will b...

CVE-2021-47889 Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path

Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files x86\Softros Systems\Softros Messenger\Spell Checker' to...

CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

Arbitrary Code Execution

binary-parser is vulnerable to Arbitrary Code Execution. The vulnerability is due to unsanitized interpolation of untrusted values into dynamically generated code, where attacker-controlled parser field names or encoding parameters are embedded directly into generated JavaScript, allowing arbitra...