CVE-2024-57529

Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code...

CVE-2025-40579

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition...

USN-7431-2: HAProxy vulnerability

USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32867

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'CreateBackup' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-21221

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network...

CVE-2025-26668

CVE-2025-26668 is a heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) that allows a network-authenticated attacker to execute code remotely. Affected component is RRAS (Windows Routing and Remote Access Service); root cause is a heap-based overflow that can lead to ar...

CVE-2025-29062

An issue in BL-AC2100 =V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the setLimitClientcfg of the goahead webservice...

Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the use of pickle.loads without proper input validation, allowing an attacker to execute arbitrary code remotely via a malicious serialized object...

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the legalsettings parameter, which allows a remote attacker to execute arbitrary code...

USN-7174-1: GStreamer vulnerability

Antonio Morales discovered that GStreamer incorrectly handled allocating memory for certain buffers. An attacker could use this issue to cause GStreamer to crash, resulting in a denial of service, or possibly execute arbitrary code...

NETGEAR R7000P genie_pptp.cgi component buffer overflow vulnerability

The NETGEAR R7000P is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R7000P v1.3.3.154, which originates from the pptpusernetmask parameter in the geniepptp.cgi component that fails to correctly validate the length of the input data, and can be exploited by ...

PT-2024-32871 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue allows an attacker to lead a user to a malicious page that submits a form POST containing embedded JavaScript code. This code would then be included in the response, along with an...

CVE-2024-3808

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘portoportfolios’ shortcode ‘portfoliolayout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-22098

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free...

Linux Kernel nft_exthdr_sctp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

The vulnerability of the USB 3.0 HUB driver in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the USB 3.0 HUB driver for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2023-28869 · Lenovo · Lenovo Desktop

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the Update WMI module that may allow a local attacker with elevated privileges to execute arbitrary code. Recommendations: At the moment,...

Design/Logic Flaw

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's...