205638 matches found
CVE-2022-4987 Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...
CVE-2022-4987
CVE-2022-4987 affects Hirschmann Industrial HiVision; versions 08.1.03 prior to 08.1.04 and 08.2.00 are vulnerable due to insufficient sanitization in executing user-configured external applications. An attacker who can place a malicious binary in the external application’s execution path can cau...
CVE-2022-4987 Hirschmann Industrial HiVision External Application Path Hijacking Leading to Arbitrary Code Execution
Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...
CVE-2026-35558 Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...
JLSEC-2026-40
schemaelement defeats protective searchpath changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code...
JLSEC-2026-55
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
JLSEC-2026-44
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...
CVE-2026-33641
A flaw was found in Glances, an open-source system monitoring tool. An attacker who can modify or influence Glances' configuration files can inject malicious system commands. These commands are automatically executed with the privileges of the Glances process during startup or configuration reloa...
EUVD-2025-209201
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...
CVE-2025-7024
CVE-2025-7024 affects AIRBUS PSS TETRA Connectivity Server on Windows Server. The issue is an Incorrect Default Permissions vulnerability in the TETRA Connectivity Server, enabling a local attacker to place a crafted file in a vulnerable directory to execute arbitrary code with SYSTEM privileges ...
CVE-2026-32928
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::convAnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...
CVE-2026-32925
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the node.event process. An attacker can gain unauthorized access to gateway-side tools and execute arbitrary code by dispatching unrestricted agent requests fro...
[SECURITY] [DSA 6192-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6192-1 [email protected] https://www.debian.org/security/ Andres Salomon April 02, 2026 https://www.debian.org/security/faq -...
RHEL 9 : vim (RHSA-2026:6540)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6540 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...
Amazon Athena ODBC driver 安全漏洞
The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.0.5.1 contained security vulnerabilities. These vulnerabilities stemmed from the browser-based authentication component’s ability to execute...
PT-2026-30282
Summary The Dockerfile generation function generate containerfile in src/bentoml/ internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile template files. When a victim imports a malicious bento archive and runs...
Amazon Athena ODBC driver 安全漏洞
The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of special elements in the authentication...
RHEL 9 : vim (RHSA-2026:6539)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6539 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...
PT-2026-33153
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 147.0.7727.101 Description A use after free issue in Permissions allows a remote attacker to execute arbitrary code via a crafted HTML page if a user is convinced to perform specific UI gestures. Use...