19 matches found
Ruby Dragonfly <1.4.0 - Remote Code Execution
Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...
EUVD-2018-15674
Malware in sbrugna...
EUVD-2020-6172
Malware in sbrugna...
EUVD-2019-8117
Malware in sbrugna...
EUVD-2021-13821
Malware in sbrugna...
EUVD-2024-28272
Malicious code in bioql PyPI...
EUVD-2022-33549
Malicious code in bioql PyPI...
EUVD-2023-25524
Malicious code in bioql PyPI...
Autel MaxiCharger AC Wallbox Commercial Buffer Overflow Vulnerability (CNVD-2025-14946)
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from the DLBSlaveRegister message failing to properly validate the length size of the input data, which ca...
CVE-2025-30289 ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage...
CVE-2024-47151
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...
CVE-2015-20111
miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in...
CVE-2024-49525 Substance3D - Painter | Heap-based Buffer Overflow (CWE-122)
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2024-39388 ZDI-CAN-24055: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Siemens Simcenter Nastran Stack Buffer Overflow Vulnerability
Simcenter Nastran is a finite element method solver. A stack buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process when an affected application parses a specific string as a parameter to an...
CVE-2024-26064
Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containin...
CVE-2023-44353 ColdFusion WDDX Deserialization Gadgets
Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction...
SIEMENS DIGSI 4 Privilege License and Access Control Issues Vulnerability
SIEMENS DIGSI 4 is a driver from SIEMENS USA. Provides device driver functionality. A privilege license and access control issue vulnerability exists in SIEMENS DIGSI 4. The vulnerability stems from the fact that several folders in \%PATH\% can be written to by a normal user, and can be exploited...
Command Execution Vulnerability in Chase T Series Ledger System
Ltd. is a member company of UFIDA. Changjitong is committed to providing social, personalized, service-oriented and small business management support for small and medium-sized enterprises. A command execution vulnerability exists in the Changjitong T-Series Ledger System. An attacker can exploit...