206161 matches found
CVE-2025-66939
Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file...
CVE-2025-29329
Buffer Overflow in the ippprint Internet Printing Protocol service in Sagemcom F@st 3686 MAGYAR4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request...
CVE-2025-66939
CVE-2025-66939 is a Cross Site Scripting vulnerability in AltumCode’s 66biolinks, version 61.0.1, where specially crafted favicon files can cause an attacker to execute arbitrary code. The root cause is described as improper handling of favicon files that triggers XSS. The affected software is 66...
(0Day) npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The...
CVE-2026-0821
A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the jstypedarrayconstructor function of the quickjs.c file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or...
UTT 520W 安全漏洞
The UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter timestart in the file /goform/formConfigNoticeConfig, which could lead to...
UTT 520W 安全漏洞
The UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter wepkey1 in the file /goform/APSecurity, which could lead to the execution ...
UTT 520W 安全漏洞
UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from a buffer overflow in the operation of the function strcpy on the parameter GroupName in the file /goform/formFireWall, which could lead to the execution ...
CVE-2025-66715
A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file...
[SECURITY] [DSA 6097-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6097-1 [email protected] https://www.debian.org/security/ Andres Salomon January 09, 2026 https://www.debian.org/security/faq -...
CVE-2026-22609
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...
QuickJS 安全漏洞
QuickJS is QuickJS open source a small and embeddable Javascript engine . A security vulnerability exists in QuickJS 0.11.0 and earlier versions, which is caused by a heap buffer overflow in the function jstypedarrayconstructor in the file quickjs.c, which could lead to the execution of arbitrary...
Arbitrary Code Injection
Overview uni2ts is an Unified Training of Universal Time Series Forecasting Transformers Affected versions of this package are vulnerable to Arbitrary Code Injection via the decodedistroutput function. An attacker can execute arbitrary code by supplying crafted input that is improperly handled...
Deserialization of Untrusted Data
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the analysis of pickle files, where import nodes for certain modules such as builtins are not emitted in the abstract syntax...
CVE-2025-66715
A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file...
CVE-2025-70161
EDIMAX BR-6208AC V21.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing...
CVE-2005-1632
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...
CVE-2005-1434
Multiple unknown vulnerabilities in OpenView Network Node Manager OV NNM 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code...
CVE-2005-1580
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code...
CVE-2005-1881
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...