CVE-2025-40746

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...

CVE-2020-10138

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can...

CVE-2020-10139

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system...

EUVD-2025-36711

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

EUVD-2021-13122

Malware in sbrugna...

EUVD-2020-7271

Malware in sbrugna...

EUVD-2024-3009

Malicious code in bioql PyPI...

EUVD-2021-29512

Malicious code in bioql PyPI...

CVE-2025-27714

An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise...

CVE-2025-57699

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege...

CVE-2013-10043

A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the...

PT-2025-31540 · Undefined · Undefined

A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

CVE-2025-47422

Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13272)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

CVE-2025-29828

CVE-2025-29828 (Windows Schannel Remote Code Execution) affects Windows Cryptographic Services. Description confirms missing release of memory after effective lifetime, enabling a remote attacker to execute code over a network. CVSS 3.1/3.1.0 base 8.1 (High) with network vector, no user interacti...

CVE-2023-38485

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

CVE-2020-25238

A vulnerability has been identified in PCS neo Administration Console All versions V3.1, TIA Portal V15, V15.1 and V16. Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker...