CVE-2022-3742

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation...

CVE-2020-21268

Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter...

CVE-2020-20413

SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle function in admin/content.php...

CVE-2019-17556

Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case...

CVE-2024-57529

Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code...

CVE-2025-40579

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition...

USN-7431-2: HAProxy vulnerability

USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32867

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-21221

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network...

CVE-2025-26668

CVE-2025-26668 is a heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) that allows a network-authenticated attacker to execute code remotely. Affected component is RRAS (Windows Routing and Remote Access Service); root cause is a heap-based overflow that can lead to ar...

CVE-2025-29062

An issue in BL-AC2100 =V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the setLimitClientcfg of the goahead webservice...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the use of pickle.loads without proper input validation, allowing an attacker to execute arbitrary code remotely via a malicious serialized object...

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the legalsettings parameter, which allows a remote attacker to execute arbitrary code...

USN-7174-1: GStreamer vulnerability

Antonio Morales discovered that GStreamer incorrectly handled allocating memory for certain buffers. An attacker could use this issue to cause GStreamer to crash, resulting in a denial of service, or possibly execute arbitrary code...

NETGEAR R7000P genie_pptp.cgi component buffer overflow vulnerability

The NETGEAR R7000P is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R7000P v1.3.3.154, which originates from the pptpusernetmask parameter in the geniepptp.cgi component that fails to correctly validate the length of the input data, and can be exploited by ...

PT-2024-32871 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue allows an attacker to lead a user to a malicious page that submits a form POST containing embedded JavaScript code. This code would then be included in the response, along with an...

CVE-2024-3808

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘portoportfolios’ shortcode ‘portfoliolayout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-22098

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free...