Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

Apache HTTP Server - Remote Code Execution

Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...

CVE-2026-49382

CVE-2026-49382 affects JetBrains IntelliJ IDEA prior to 2026.1. The issue allows code execution via template injection in the Copyright plugin. This is the concrete vulnerability described across trusted sources; no exploit details are provided in the connected documents. The core root cause is t...

WordPress GWD Conex plugin <= 2.9 - Unauthenticated Limited Code Execution vulnerability

Unauthenticated Limited Code Execution vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin GWD Conex versions = 2.9...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017334 advisory. PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be...

emlog 代码问题漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had code vulnerabilities, which stemmed from an insecure plugin upload feature. This vulnerability could allow attackers to upload and execute arbitrary PHP code...

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19428)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19430)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-19429)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel 资源管理错误漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

baserCMS 安全漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from the application’s restoration function, which allowed users to upload zip files and have them...

RHEL 8 : freerdp (RHSA-2026:6005)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6005 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

MCP Code Executor 命令注入漏洞

MCP Code Executor is a code execution server developed by bazinga012. Versions of MCP Code Executor prior to 0.3.0 have a command injection vulnerability, which stems from incorrect operations on the function installDependencies in the file src/index.ts, potentially leading to command injection...

Google Chrome Code Execution Vulnerability (CNVD-2026-18791)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-17151)

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A code execution vulnerability exists in Microsoft Hyper-V, which can be exploited by an attacker to execute arbitrary code on a system...

Mozilla多款产品 资源管理错误漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products, which...

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices. apple tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. A code execution vulnerability exists in several Apple products, which can be exploited by an attacker to execute arbitrary code...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system...

Acer Global Registration Service Code Vulnerability

Acer Global Registration Service is an official registration and warranty activation software for products of Acer, a company based in Taiwan, China. Version 1.0.0.3 of Acer Global Registration Service contains a code vulnerability; this vulnerability stems from a service path that lacks quotes,...